Figure 23. Non-Secure Image Secondary Slot Region Mapping - ST STM32CubeL5 User Manual

Errors:
Candidate image is not installed in the "Secure image primary" slot in case of following errors:
• Version dependency failure: version of secure image non consistent with version of the non-secure image.
Candidate image is not installed in the "Secure image primary" slot and is erased from "Secure image secondary"
slot in case of following errors:
• Image size not consistent
• Flash reading errors (double ECC errors).
• Version check failure: Image version < previous valid image installed
• Version dependency failure: version of secure image non consistent with version of the non-secure image.
• Image signature failure: image not authentic
Candidate image is not installed in the "Secure image primary" slot and TOE is blocked in an infinite loop:
• Flash writing or flash erasing error could be reported by the flash driver used by the application to write data
in the Secure image secondary" slot area.
Non-Secure image secondary slot interface
Non-Secure image secondary slot is used to implement the remote firmware update functionality of the non-
secure image by triggering the bootloader image upgrade process. It is simply a memory area where a new
candidate of the non-secure image is placed by writing into it (be it by means of the non-secure application either
via a physical interface or either via a wireless interface). After any product reset, the TOE attempts to interpret
the data as a candidate image and applies it to the Non-Secure image primary slot in case it is correctly verified. If
a candidate image has been analyzed as not valid (authenticity and integrity) then image data are deleted form
the Non-Secure image secondary slot.
Method of use
Non-Secure image secondary slot region is located at address FLASH_AREA_3_OFFSET as illustrated
hereafter:
Non secure area
Secure area
Reset
entry
point
UM2745 - Rev 1
Figure 23. Non-secure image secondary slot region mapping
Non-secure image secondary slot
Non secure area
Area 3
(72 KB)
Non-secure image secondary slot
Non secure area
Area 2
(144 KB)
Non-secure image secondary slot
Non secure
Area 1
application
(72 KB)
Non-secure image secondary slot
Area 0
application
(144 KB)
Secure area
SST area (8KB)
Secure area
ITS area (8KB)
Secure area
NV COUNTER (4 KB)
Secure area
SCRATCH area (8 KB)
Secure area
BL2 NVCNT (4 KB)
TFM_SBSFU
TFM_SBSFU
(46 KB)
Secure area
IntegratorPerso data Area (2KB)
FLASH_AREA_3_OFFSET: 0x0C06E000
FLASH_AREA_2_OFFSET: 0x0C04A000
FLASH_AREA_1_OFFSET: 0x0C038000
Secure
FLASH_AREA_0_OFFSET: 0x0C014000
FLASH_SST_AREA_OFFSET: 0x0C012000
FLASH_ITS_AREA_OFFSET: 0x0C010000
FLASH_NV_COUNTERS_AREA_OFFSET: 0x0C00F000
FLASH_SWAP_AREA_OFFSET: 0x0C00D000
FLASH_BL2_NVCNT_AREA_OFFSET: 0x0C00C000
FLASH_AREA_BL2_OFFSET: 0x0C000800
FLASH_AREA_PERSO_OFFSET: 0x0C000000
Operational guidance for the role integrator
UM2745
page 26/36