SFI Step-by-step on STM32H735 Discovery Kit

SFI Step-by-step on STM32H735G-DKClock.png75min

Target description

This tutorial shows how to use SFI for installing a simple LED Blink example to STM32H735G-DK.

The process goes through three steps at the original equipment manufacturer (OEM) and the Contract Manufacturer (CM) sites.

  • Development @ OEM: the application code that runs on STM32 is generated.
  • Secure Room @ OEM: code prepared during the development is encrypted and packaged to be sent for manufacturing. The Secure Room is isolated, and its resources are not visible outside of it.
  • Manufacturing @ CM: the encrypted code received by the OEM Secure Room is installed using SFI tools.


Prerequisites

Hardware

  • STM32H735-DK[1] Discovery kit with STM32H735IG MCU with Bootloader version 9.3 min
  • STM32-HSM[2] SAM for Secure Firmware Installation
  • Smartcard reader
    • Laptop built-in
    • External


  • STLINK-V3[3] modular in-circuit debugger and programmer for STM32/STM8
  • USB cable Type-A to Micro-B
  • Jump wires

Software

  • STM32CubeProgrammer[4] Software programming tool for STM32 (v2.10 min)
    • Including STM32TrustedPackageCreator
  • STM32CubeMX[5] STM32Cube initialization code generator
  • STM32CubeIDE[6] Integrated Development Environment for STM32
  • X-CUBE-SFI Expansion package[7] The STM32CubeExpansion_SFI Secure Firmware Install shows how to go through SFI installation process for STM32 devices to protect OEM firmware during the CM product manufacturing stage.


Literature

  • AN4992 STM32 MCUs secure firmware install (SFI) overview
  • UM2237 STM32CubeProgrammer software description
  • UM2238 STM32 Trusted Package Creator tool software description
  • AN5054 Secure programming using STM32CubeProgrammer
  • AN2606 STM32 microcontroller system memory boot mode
  • RM0468 STM32H723/733, STM32H725/735 and STM32H730 Value line advanced Arm®-based 32-bit MCUs
  • UM2679 STM32H735G-DK Discovery kit
  • UM2448 STLINK-V3SET debugger/programmer for STM8 and STM32
  • STM32HSM-V2 Data brief HSM v2


1. Environment setup

Before starting, the first step is to prepare the environment to be able to go through the SFI process.

You can refer to this article.

2. Development @ OEM: Firmware creation

The first step of the process is to create a demo LED Blink application for STM32H735G-DK.
You can use the example project developed in xcube-sfi, or create a new project.
These two options are described in this section of the following article: OEM_Dev_Firmware_Creation.

3. Secure Room @ OEM: SFI package generation and HSM provisioning

In the Secure Room, the following two steps are performed:

  • SFI package generation: the code prepared during the development is encrypted and packaged to be sent for manufacturing.
  • HSM provisioning: the HSM is provisioned with the keys used for encryption and with the max license counter.
Warning white.png Warning
The assumption is that the Secure Room is isolated and its resources are not accessible from the outside world.


3.1. SFI package generation

Clock.png10min


Info white.png Information
For SFI package creation you can use STM32 Trusted Package Creator CLI (command line interface) or GUI (graphical user interface). These two options are described below

In this step, the application binary file and the option byte configuration are encrypted in an SFI package.

The following inputs are needed:

  • Application binary file (OEM_Dev.bin created in the previous step) and download address in FLASH.
  • AES Key
  • Nonce
  • Option bytes

3.1.1. Inputs preparation

To prepare all the needed inputs, you can refer to the description in this article: Inputs preparation.

3.1.1.1. Option bytes file

Together with installing the application binary, the SFI process can be used to specify the OB values to be configured at the end of the installation process. In the path C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\SFI_OB_CSV_FILES you can find file examples for each series of MCUs.

To create your OB file, you can use STM32 Trusted Package Creator:

  • Open STM32 Trusted Package Creator
  • In the SFI OB tab, select the MCU used. In this example select STM32H2x/H3x.
  • The right panel displays the OB values as saved in the file you generate. Select a path to save the OB file that is generated in the "Generate OB .csv file".
tpc obRightViewv2.png
  • The microcontroller panel is useful to choose the OB values you want to use. Once you select the "Generate OB" button, OB values are displayed in the "Option bytes generated values" panel, and a file is created/updated with the values chosen.
tpc obglobalViewv2.png

In this example we have generated these values:

FLASH_OPTSR_PRG,0x103EBBD0
FLASH_PRAR_PRG,0x0000000F
FLASH_SCAR_PRG,0x0000000F
FLASH_WPSN_PRG,0x000000FF
FLASH_BOOT_PRG,0x1FF00800

The following is a description of the values.

  • FLASH_OPTSR_PRG,0x103EAAD0 (paragraph "4.9.9 FLASH option status register" in RM0468 )
    • IO_HSLV: 0x0 (Product working in the full voltage range, I/O speed optimization at low voltage disabled)
    • SECURITY: 0x1 (Security feature enabled)
    • ST_RAM_SIZE: 0x3 (16 Kbytes)
    • FZ_IWDG SDBY: 0x1 (Independent watchdog is running in STANDBY mode)
    • FZ_IWDG STOP: 0x1 (Independent watchdog is running in STOP mode)
    • RDP: 0xBB (Level 1)
Info white.png Information
RDP level must be set to 1 or higher to protect the firmware installed in user Flash. You can refer to "Table 3: Minimum RDP requirements" in AN4992
    • NRST_STBY: 0x1 (STANDBY mode on Domain 1 is entering without reset)
    • NRST_STOP: 0x1 (STOP mode on Domain 1 is entering without reset)
    • IWDG1_SW: 0x1 (Independent watchdog is controlled by software)
    • BOR_LEV: 0x0 (BOR OFF)
  • FLASH_PRAR_PRG,0x0000000F(paragraph "4.9.12 FLASH protection address" in RM0468)
    • DMEP: 0x0 (PCROP protected erase enable option configuration bit)
    • PROT_AREA_END: 0x000 (If this address is lower than PROT_AREA_START, no protection is set)
    • PROT_AREA_START: 0x00F.
  • FLASH_SCAR_PRG,0x0000000F (paragraph "4.9.14 FLASH secure address" in RM0468 )
    • DMES: 0x0 (Secure access protected erase enable option configuration bit. If DMES is set to 1, the secure access-only area is erased when a protection level regression (change from level 1 to 0) or a bank erase with protection removal occurs.)
    • SEC_AREA_END: 0x000 (If this address is lower than SEC_AREA_START, no protection is set)
    • SEC_AREA_START: 0x000F.
  • FLASH_WPSN_PRG,0x000000FF (paragraph "4.9.16 FLASH write sector protection" in RM0468)
    • nWRP0: 0x1 (Write protection not active on this sector)
    • nWRP1: 0x1 (Write protection not active on this sector)
    • nWRP2: 0x1 (Write protection not active on this sector)
    • nWRP3: 0x1 (Write protection not active on this sector)
    • nWRP4: 0x1 (Write protection not active on this sector)
    • nWRP5: 0x1 (Write protection not active on this sector)
    • nWRP6: 0x1 (Write protection not active on this sector)
    • nWRP7: 0x1 (Write protection not active on this sector)
  • FLASH_BOOT_PRG,0x1FF00800 (paragraph "4.9.18 FLASH register boot address for Arm® Cortex®-M7 core" in RM0468)
    • BOOT_CM7_ADD1: 0x1FF0 (0x1FF00000) These bits allow configuring the MSB of the Arm® Cortex®-M7 boot address when the BOOT

pin is high.

    • BOOT_CM7_ADD0: 0x0800 (0x08000000) These bits allow configuring the MSB of the Arm® Cortex®-M7 boot address when the BOOT pin is low


Info white.png Information
You can refer to RM0468 for details on OB register values.
Warning white.png Warning
You can also use the ob.csv file in the xcube-sfi package, folder "OptionBytes": X-Cube-SFI_V1.0.0\Projects\STM32H735G-DK\Applications\SFI\OEM_SecureRoom\OptionBytes

3.1.2. SFI package generation using STM32 Trusted Package Creator CLI (command line interface)

This section describes how to generate the SFI package using the command lines of the STM32TrustedPackage tool. All the details are described in SFI_Packcage_Generation_with_CLI.

3.1.3. SFI package generation using STM32 Trusted Package Creator GUI (graphical user interface)

This section describes how to generate the SFI package using the graphical user interface of the STM32TrustedPackage tool. All the details are described in SFI_Packcage_Generation_with_GUI.

3.2. HSM programming

Clock.png10min

To be able to program the HSM card, you can follow the following steps: SFI_Step-by-step_on_STM32_boards#HSM_programming HSM_programming

4. Manufacturing @ CM: Secure Firmware Installation

Clock.png6min

In this step, the CM receives from the OEM the HSM card provisioned with the secret key and initialized with a max counter of licenses, and the .sfi package to be installed (including the firmware and option bytes configuration in encrypted format).

The SFI process could be performed through a regular JTAG/SWD interface or the system bootloader interface (you can refer to AN2606 for details on the supported interface for each microcontroller).

The following sections cover SWD and USB interfaces.

Info white.png Information
The Option Bytes regression step configures the OB to their default state (this operation may not be needed if the CM runs the SFI process on a virgin part).


Info white.png Information
All Command lines below must be launched from the path: C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin.


4.1. SWD interface

4.1.1. Hardware connection

Plug a micro-USB cable into the ST-LINK connector (CN15) and make sure that JP7 is in the STLK position.

4.1.2. Option bytes regression

The following steps configure the device to regress the option bytes configuration to a default state:

STM32_Programmer_CLI.exe -c port=SWD mode=HOTPLUG -ob RDP=0xAA nWRP0=1 nWRP1=1 nWRP2=1 nWRP3=1 nWRP4=1 nWRP5=1 nWRP6=1 nWRP7=1 BOOT_CM7_ADD0=0x0800 BOOT_CM7_ADD1=0x1FF0 SECURITY=0 -e all -ob displ

After this step, the device is ready for the SFI process.


4.1.3. Firmware install

To Install the SFI firmware using the graphical user interface, you can refer to this article: SFI_Installation_With_GUI.
To Install the SFI firmware using the command lines, you can proceed as follows:

This command starts the SFI process and proceeds with the installation.

Warning white.png Warning
The HSM has to be plugged into the smart card reader during this operation
STM32_Programmer_CLI.exe -vb 1 -c port=SWD mode=HOTPLUG -sfi OEM_Dev.sfi hsm=1 slot=1


Info white.png Information
You can also use the script placed in C:\X-Cube-SFI_V1.0.0\Projects\STM32H735G-DK\Applications\SFI\CM\Scripts:
  • EraseTarget_SWD.bat to erase the target
  • PrepareTarget_SWD.bat to prepare the target for the SFI process
  • FlashSFI_SWD_OEM_Dev.bat to start the SFI process and proceed with the installation
Info white.png Information
You can refer to AN5054 for details on HSM and slot parameters.
log sfi.png


After this step, the device is programmed with the OEM application code.

4.2. USB interface

4.2.1. Hardware connection

  • Plug a micro-USB cable into the ST-LINK connector (CN15) and make sure that JP7 is in the STLK position.
  • Connect a micro-USB to the CN14 connector.
  • Switch SW1 to position 1 (SYS MEM) to enable the system bootloader at boot.
  • Reset the board.


4.2.2. Option bytes regression

The following steps configure the device to regress the option bytes configuration to a default state:

STM32_Programmer_CLI.exe -c port=USB1 -ob RDP=0xAA nWRP0=1 nWRP1=1 nWRP2=1 nWRP3=1 nWRP4=1 nWRP5=1 nWRP6=1 nWRP7=1 BOOT_CM7_ADD0=0x0800 BOOT_CM7_ADD1=0x1FF0 SECURITY=0 -e all -ob displ

After this step, the device is ready for the SFI process.


4.2.3. Firmware install

This command starts the SFI process and proceeds with the installation.

Warning white.png Warning
The HSM has to be plugged into the smart card reader during this operation
STM32_Programmer_CLI.exe -vb 1 -c port=USB1 -sfi OEM_Dev.sfi hsm=1 slot=1


Info white.png Information
You can also use the script placed in C:\X-Cube-SFI_V1.0.0\Projects\STM32H735G-DK\Applications\SFI\CM\Scripts:
  • EraseTarget_USB.bat to erase target
  • PrepareTarget_USB.bat to prepare the target for the SFI process
  • FlashSFI_USB_OEM_Dev.bat to start the SFI process and proceed with the installation
Info white.png Information
You can refer to AN5054 for details on HSM and slot parameters.

After this step, the device is programmed with the OEM application code.

To check that the SFI is successfully installed: switch SW1 to position 0 (FLASH) then reset the Board.

5. Performance tests

Performance tests have been performed with the different interfaces described previously using a binary file with a size of 256 KBytes.

The following table contains the download time in FLASH with/without SFI and the difference between them using the same profile.

STM32 Bin Size (KBytes) Interface Speed tFLASH noSFI (s) tFLASH with SFI (s) tSFI_overhead (s)
H735I 256 SWD 24000 KHz 5,011 10,1 5,089
H735I 256 UART 115200 33,351 42,242 8,891
H735I 256 USB NA 7,022 11,171 4,149
H735I 256 SPI 6000 KHz 27,524 30,794 3,27


Note:

  • tFLASH no SFI: include the time for programming the FLASH without SFI
  • tFLASH with SFI: include the time for programming the FLASH with SFI
  • tSFI_overhead: is the difference with the same profile with/without SFI (without SFI is taken as reference)

6. References