Sign In
Upload
Manuals
Brands
ST Manuals
Computer Hardware
X-CUBE-SBSFU
ST X-CUBE-SBSFU Manuals
Manuals and User Guides for ST X-CUBE-SBSFU. We have
1
ST X-CUBE-SBSFU manual available for free PDF download: User Manual
ST X-CUBE-SBSFU User Manual (94 pages)
Getting started with the STM32Cube Expansion Package
Brand:
ST
| Category:
Computer Hardware
| Size: 5 MB
Table of Contents
Table of Contents
2
General Information
9
Terms and Definitions
9
Table 1. List of Acronyms
9
Table 2. List of Terms
10
References
11
Stm32Cube Overview
12
Secure Boot and Secure Firmware Update (SBSFU)
14
Product Security Introduction
14
Secure Boot
14
Secure Firmware Update
15
Figure 1. Secure Boot Root of Trust
15
Figure 2. Typical In-Field Device Update Scenario
15
Cryptography Operations
16
Table 3. Cryptographic Scheme Comparison
17
Key Management Services
18
Figure 3. KMS Functions Overview
19
Protection Measures and Security Strategy
20
Figure 4. SBSFU Security Ips Vs. STM32 Series (1 of 2)
20
STM32L4 Series and STM32L0 Series
21
Figure 5. SBSFU Security Ips Vs. STM32 Series (2 of 2)
21
Figure 6. STM32L4 and STM32L0 Protection Overview During SBSFU Execution
22
STM32F4 Series, STM32F7 Series and STM32L1 Series
24
Figure 7. STM32F4, STM32F7 and STM32L1 Protection Overview During SBSFU Execution
24
STM32G0 Series, STM32G4 Series and STM32H7 Series
26
Table 4. MPU Regions in the STM32F4 Series, STM32F7 Series and STM32L1 Series
26
Figure 8. STM32G0, STM32G4 and STM32H7 Protection Overview During SBSFU Execution
26
Table 5. MPU Regions in the STM32G0 Series, STM32G4 Series and STM32H7 Series
28
Figure 9. STM32G0, STM32G4, and STM32H7 Protection Overview During User Application Execution
29
STM32WB Series
30
Figure 10. STM32WB Protection Overview During SBSFU Execution
30
STM32L4 Series Combined with STSAFE-A100
32
Figure 11. STM32L4 / STSAFE-A100 Protection Overview During SBSFU Execution
32
Package Description
35
General Description
35
Architecture
36
Figure 12. Software Architecture Overview
36
Board Support Package (BSP)
37
Cryptographic Library
37
Key Management Services (KMS) Middleware
37
Secure Engine (SE) Middleware
37
Stm32Cubehal
37
STSAFE-A Middleware
38
Secure Boot and Secure Firmware Upgrade (SBSFU) Application
39
User Application
40
Folder Structure
41
Figure 13. Project Folder Structure (1 of 2)
41
Apis
42
Application Compilation Process with IAR™ Toolchain
42
Figure 14. Project Folder Structure (2 of 2)
42
Figure 15. Application Compilation Steps
43
Hardware and Software Environment Setup
44
Hardware Setup
44
Software Setup
44
Development Toolchains and Compilers
44
Software Tools for Programming STM32 Microcontrollers
44
Terminal Emulator
45
X-CUBE-SBSFU Firmware Image Preparation Tool
45
Figure 16. Firmware Image Preparation Tool IDE Integration
45
Figure 17. Step-By-Step Execution
46
Step-By-Step Execution
46
Figure 18. STM32 Board Preparation
47
STM32 Board Preparation
47
Figure 19. Stm32Cubeprogrammer Connection Menu
48
Application Compilation
49
Figure 20. Stm32Cubeprogrammer Option Bytes Screen
49
Figure 21. Stm32Cubeprogrammer Erasing
49
Tera Term Connection
50
ST-LINK Disable
50
Tera Term Launch
50
Figure 22. Tera Term Connection Screen
50
Tera Term Configuration
51
Figure 23. Tera Term Setup Screen
51
Welcome Screen Display
52
SBSFU Application Execution
52
Download Request
52
Send Firmware
52
Figure 24. SBSFU Welcome Screen Display
52
Figure 25. SBSFU Encrypted Firmware Transfer Start
53
Figure 26. SBSFU Encrypted Firmware Transfer in Progress
53
File Transfer Completion
54
Figure 27. SBSFU Reboot after Encrypted Firmware Transfer
54
System Restart
55
User Application Execution
55
Download a New Firmware Image
55
Figure 28. User Application Execution
55
Figure 29. Encrypted Firmware Download Via User Application
56
Test Protections
57
Test Secure Engine User Code
57
Figure 30. User Application Test Protection Menu
57
Table 6. Error Messages at Boot-Up
58
Understanding the Last Execution Status Message at Boot-Up
58
Appendix A Secure Engine Protected Environment
60
Firewall-Based Secure Engine Isolation
61
SE Core Call Gate Mechanism
61
Figure 31. Firewall Call Gate Mechanism
61
SE Interface
62
Figure 32. Secure Engine Call-Gate Mechanism
62
MPU-Based Secure Engine Isolation
63
Principle
63
Figure 33. Secure Engine Interface
63
Table 7. MPU Regions for Secure Engine Isolation
64
Figure 34. SBSFU Running in Unprivileged Level of Software Execution for Standard Operations
64
Figure 35. SBSFU Requesting a Secure Engine Service
65
Constraints
66
Figure 36. Exiting a Secure Engine Service
66
Appendix B Dual-Image Handling
67
Elements and Roles
67
Figure 37. Internal User Flash Mapping (Example of the NUCLEO-L476RG with 512-Byte Headers)
68
Mapping Definition
69
Figure 38. User Application Vector Table (Example of the STM32L4 Series)
69
Appendix C Single-Image Handling
70
Elements and Roles
70
Mapping Definition
70
Appendix D Cryptographic Schemes Handling
71
Cryptographic Schemes Contained in this Package
71
Table 8. Cryptographic Scheme List
71
Asymmetric Verification and Symmetric Encryption Schemes
72
Figure 39. Asymmetric Verification and Symmetric Encryption
72
Symmetric Verification and Encryption Scheme
73
Figure 40. Symmetric Verification and Encryption
73
X509 Certificate-Based Asymmetric Scheme Without Firmware Encryption
74
Figure 41. X509 Asymmetric Verification
74
Figure 42. Certificate Chain
75
Secure Boot and Secure Firmware Update Flow
76
Figure 43. SBSFU Dual-Image Boot Flows
76
Figure 44. SBSFU Single-Image Boot Flows
77
Appendix E Firmware Image Preparation Tool
78
Tool Location
78
Inputs
78
Outputs
79
IDE Integration
79
Partial Image
80
Appendix F KMS
81
Key Update Process Description
81
Figure 45. Encrypted Object Creation
81
SBSFU Static Keys Generation
82
Figure 46. Secure Update Procedure
82
Userapp Menu
83
Figure 47. KMS Key Storage
83
Figure 48. KMS Menu
83
Kms
81
Appendix Gsbsfu with STM32 and STSAFE-A100
84
Introduction to STSAFE-A100
84
Figure 49. Certificate Chain Overview
84
Figure 50. Pairing Key and Certificate Provisioning Overview
85
Certificate Generation
86
STSAFE-A100 Provisioning
86
Figure 51. Batch Files Using Openssl
86
STM32 and Firmware Image Provisioning
87
STSAFE-A100 Ordering
87
Figure 52. Provisioning in STM32 and Firmware Image
87
Appendix H STM32WB Series Specificities
88
Compilation Process
88
Key Provisioning
88
Figure 53. Compile with Loader Integration
88
Appendix Istm32H7 Series Specificities
89
JTAG Connection for STM32H753 Devices
89
JTAG Connection for STM32H7B3 Devices
89
Figure 54. JTAG Connection Capability on STM32H753 Devices
89
External Flash on STM32H7B3 Devices
90
Figure 55. JTAG Connection Capability on STM32H7B3 Devices
90
Figure 56. STM32H7B3: MPU Isolation + Secure User Memory, with External Flash
90
Figure 57. Memory Mapping for STM32H7B3 Devices with External Flash
91
Revision History
92
Table 9. Document Revision History
92
Advertisement
Advertisement
Related Products
ST X-CUBE-CELLULAR
ST X-CUBE-IOD02
ST X-CUBE-OUT3
ST X-NUCLEO-NFC02A1
ST X-NUCLEO-BNRG2A1
ST X-NUCLEO-IHM01A1
ST X-NUCLEO-GFX01M2
ST X-NUCLEO-NFC01A1
ST X-NUCLEO-OUT04A1
ST X-NUCLEO-OUT06A1
ST Categories
Motherboard
Computer Hardware
Microcontrollers
Control Unit
Controller
More ST Manuals
Login
Sign In
OR
Sign in with Facebook
Sign in with Google
Upload manual
Upload from disk
Upload from URL