December 2021 AN5056 Rev 8 1/49

AN5056

Application note

Integration guide for the X-CUBE-SBSFU

STM32Cube Expansion Package

Introduction

The X-CUBE-SBSFU Secure Boot and Secure Firmware Update solution allows the update of the

STM32 microcontroller built-in program with new firmware versions, adding new features and

correcting potential issues. The update process is performed in a secure way to prevent unauthorized

updates and access to confidential on-device data.

The Secure Boot (Root of Trust services) is an immutable code, always

executed after a system reset.

It checks STM32 static protections, activates STM32 runtime protections, and then verifies the

authenticity and integrity of user application code before every execution to make sure that invalid or

malicious code cannot be run.

The Secure Firmware Update application receives the firmware image via a UART interface with the

odem protocol. It checks its authenticity, and the integrity of the code before installing it. The

firmware update is done on the complete firmware image, or only on a portion of the firmware image.

Examples can be configured to use asymmetric or symmetric cryptographic schemes with or without

firmware encryption. They are provided:

• for single-slot configuration to maximize firmware image size

• for dual-slot configuration to ensure safe image in

stallation and enable over-the-air firmware

update capability commonly used in IoT devices.

For a complex system with multiple firmware such as

protocol stack, middleware, and user application,

the firmware image configuration can be extended up to three firmware images.

The secure key management services provide cryptograp

hic services to the user application through

the PKCS #11 APIs (KEY ID-based APIs) that are executed inside a protected and isolated

environment. User application keys are stored in the protected and isolated environment for their

secured update: authenticity check, data decryption, and data integrity check.

STSAFE-A110 is a tamper-resistant secure elemen

t (Hardware Common Criteria EAL5+ certified)

used to host X509 certificates and keys and perform verifications used for firmware image

authentication during Secure Boot and Secure Firmware Update procedures.

The X-CUBE-SBSFU user manual

(UM2262) explains how to get started with

X-CUBE-SBSFU and details SBSFU functionalities. This a

pplication note describes how to adapt X-

CUBE-SBSFU and integrate it with the user’s application; It answers such questions as:

• How to port X-CUBE-SBSFU onto another board?

• How to tune the X-CUBE-SBSFU configuration to fit the user’s needs?

• How to generate a new firmware encryption key?

• How to debug X-CUBE-SBSFU?

• How to adapt to SBSFU?

• How to adapt the user’s application?

Note: Throughout this application note, the IAR Embedded Workbench

IDE is used as an example to

provide guidelines for project configuration. Secure Boot and Secure Firmware Update applications

are referred to as SBSFU.

Note: The single-slot configuration is d

emonstrated in examples named 1_Image.

The dual-slot configuration is demonstrated in examples named 2_Images.

www.st.com

Contents AN5056

2/49 AN5056 Rev 8

Contents

1 General information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 Related documents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

3 Porting X-CUBE-SBSFU onto another board . . . . . . . . . . . . . . . . . . . . . 9

3.1 Hardware adaptation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9

3.2 Memory mapping definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

3.2.1 SBSFU region definition parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

3.2.2 Firmware image slot definition parameters . . . . . . . . . . . . . . . . . . . . . . 14

3.2.3 Project-specific linker files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16

3.2.4 Multiple image configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

3.3 Dual-core adaptation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

4 SBSFU configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

4.1 Features to be configured . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

4.2 Cryptographic scheme selection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

4.3 Security configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22

4.4 Development or production mode configuration . . . . . . . . . . . . . . . . . . . . 25

5 Generating a cryptographic key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

5.1 Generating a new firmware AES encryption key . . . . . . . . . . . . . . . . . . . 27

5.2 Generating a new public/private ECDSA pair of keys

for firmware verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27

5.3 STM32WB Series specificities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28

5.4 KMS specificities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29

5.5 STSAFE-A110 specificities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30

6 Tips for debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

6.1 Compiler optimizations level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

6.2 Memory mapping adaptation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

6.3 Debugging SECoreBin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32

7 Adapting SBSFU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34