Cryptographic Scheme Selection; Figure 15. Sbsfu Configuration - ST X-CUBE-SBSFU STM32Cube Integration Manual

AN5056
The configuration possibilities go beyond these options through compilation switches:
•
Local loader can be removed to reduce the memory footprint (Dual slots only).
•
Verbose switch can be activated to make debugging easier.
•
Debug mode can be disabled (No more printf on the terminal during SBSFU execution)
to reduce the memory footprint.
•
Security IPs can be turned off to make debugging easier.
•
Installation process with firmware image validation. A rollback on the previous firmware
image is triggered at the next reset if the firmware image has not been validated by the
user application.
•
Multiple image configuration for a complex system with multiple firmware such as
protocol stack, middleware, and user application.
•
Interruption management inside the firewall isolated environment for applications
requiring low latency on interruption handling.
Figure 15
switches.
4.2

Cryptographic scheme selection

X-CUBE-SBSFU is delivered with three cryptographic schemes using both asymmetric and
symmetric cryptography:
•
ECDSA asymmetric cryptography for firmware verification and AES-CBC symmetric
cryptography for firmware decryption
•
ECDSA asymmetric cryptography for firmware verification without firmware encryption.
•
AES-GCM symmetric cryptography for both firmware verification and decryption
The selection among these schemes is done using the SECBOOT_CRYPTO_SCHEME
compilation switch as depicted in
presents the SBSFU configuration solutions with the related files and compilation

Figure 15. SBSFU configuration

Figure 16.
AN5056 Rev 8
SBSFU configuration
21/49
48