1. Environment setup
1.1. HW
1.1.1. Board setup
To set up the hardware environment, STM32H573_DK MB1677 board shall be connected to a personal computer via a USB cable. This connection with the PC allows the user:
- Programming the SFI image in the board.
- Interacting with the board via a UART console
- Debugging Integrator’s nonsecure application when Integrator’s configuration enables it.
The boot pin shall be forced to user Flash via the switch SW1.
1.2. SW
1.2.1. Install STM32CubeH5 SW Package
- Download[1] STM32Cube MCU Package for STM32H5 series
- Register on www.st.com web site if necessary
- Unzip the downloaded file
STM32CubeH5 SW Package is now installed on your computer.
This package provides scripts used to run Secure Manager installation using STM32CubeProgrammer.
1.2.2. Install X-CUBE-SEC-M-H5 SW package
- Download X-CUBE-SEC-M-H5[2] STM32Cube Expansion Package STM32TRUSTEE-SM for STM32H5 series
- Register on www.st.com web site if necessary
- Unzip the downloaded files and copy them within the installation directory of the STM32CubeH5 SW package.
X-CUBE-SEC-M-H5 SW package is now installed on your computer.
This package delivers the Secure Manager.
1.3. Tools
1.3.1. Install STM32CubeProgrammer and STM32TrustedPackageCreator
STM32CubeProgrammer (STM32CubeProg) is an all-in-one multi-OS software tool for programming STM32 products. STM32CubeProgrammer provides an easy-to-use and efficient environment for reading, writing, and verifying device memory through both the debug interface (JTAG and SWD) and the bootloader interface (UART, USB DFU, I2C, SPI, and CAN).
STM32TrustedPackageCreator is part of the STM32CubeProgrammer toolset and allows the generation of secure firmware and modules to be used for STM32 secure programming solutions.
- Download the latest version of STM32CubeProgrammer[3] Software programming tool for STM32
- Unzip the downloaded file and launch the SetupSTM32CubeProgrammer-xxx.exe corresponding to your OS, and follow the instructions.
Make sure to select STM32TrustedPackageCreator add-on during the installation of STM32CubeProgrammer
STM32CubeProgrammer and STM32TrustedPackageCreator are now installed on your computer.
1.3.2. Terminal emulator
A terminal emulator software is needed to run the non-secure application. It allows to display some information to understand operations done by the embedded applications and it allows to interact with the non-secure application in order to trig some operations. The example in this document is based on Tera Term, an open source free software terminal emulator that can be downloaded from the https://osdn.net/projects/ttssh2/ webpage. Any other similar tool can be used instead (Ymodem protocol support is required).
2. Development @ OEM: Firmware creation
The purpose of this SFI service is to securely install the OEM Firmware developed with Secure Manager.
So, in order to use this SFI service, the OEM must develop its nonsecure application with the SMAK development phase.
3. Secure Room @ OEM: SFI package generation and HSM provisioning
3.1. SFI package generation
Once the OEM completes its nonsecure application development, the OEM must prepare the final encrypted image (SFI image) used for OEM secure manufacturing with the SMAK production preparation phase.
3.1.1. Generation step by step
Please follow the Secure Manager STM32H5 How to Intro & How to start with Secure Manager (customized configuration) on STM32H5 with the following changes after § Package contents and before § Step-by-step installation:
- copy the OEM nonsecure application firmware file (let's call it oem_appl.bin) in ?
cp oem_appl.bin ?
- modify provisionning.bat with
application.bin = oem_appl.bin
- in case of no module
- modify provisionning.bat with
remove -mcsv
- in case of module
- modify /path/.mcsv with
module.bin, @, license
3.1.2. SMAK production preparation phase outputs
- generated SFI image
- generated Global License
- in case of module: keep .mcsv file used for SFI image generation (it is needed for the secure firmware installation)
3.2. HSM programming
inputs for HSM programming:
- OEM key (encryption AES key + nonce)
To program the HSM, you can follow the steps described in HSM programming using the STM32H573_DK MB1677 board.
After programming the HSM, it is now ready to be shipped to the CM together with the SFI package created before.
4. Manufacturing @ CM: Secure Firmware Installation
6min
In this step, the CM receives from the OEM:
- the HSM card provisioned with the OEM key and initialized with a max counter of licenses
- the .sfi file to be installed
- optionaly, the module info:
- the .mcsv file
- the module global license file or
- in case of module chip specific license, the HSM card provisioned with the module secret key and initialized with a max counter of licenses
The SFI process could be performed through a regular JTAG/SWD interface or the system bootloader interface (you can refer to AN2606 for details on the supported interface for each microcontroller).
The following section covers JTAG/SWD and system bootloader interface - each section includes the following sections:
- Hardware connection
- Target initial state
- Secure Firmware Install
4.1. Hardware connection
See board setup.
4.2. Target initial state
The target shall be in Open product state.
If it is not the case, a DA full regression shall be performed.
After this step, the device is ready for the SFI process.
4.3. Firmware install
This command starts the SFI process and proceeds with the installation:
STM32_Programmer_CLI.exe -log .\sfi.log -c port=SWD mode=HOTPLUG -sfi .\image.sfi hsm=1 slot=1 -rsse C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\RSSe\H5\enc_signed_RSSe_SFI_STM32H5_v2.0.0.0.bin -mcsv .\module.mcsv
You can check the log of the process saved in the file sfi.log:
-------------------------------------------------------------------
STM32CubeProgrammer v2.14.0
-------------------------------------------------------------------
ST-LINK SN : 003600374D46501220383832
ST-LINK FW : V3J10M3
Board : STM32H573I-DK
Voltage : 3.29V
SWD freq : 8000 KHz
Connect mode: Hot Plug
Reset mode : Software reset
Device ID : 0x484
Revision ID : --
Device name : STM32H5xx
Flash size : 2 MBytes
Device type : MCU
Device CPU : Cortex-M33
BL Version : 0xE4
SFSP Version: v2.4.0
Protocol Information : static
SFI File Information :
SFI file path : .\image.sfi
SFI license file path : .\HSM_License_V1.bin
SFI header information :
SFI protocol version : 2
SFI total number of areas : 11
SFI image version : 0
SFI Areas information :
Parsing Area 1/11 :
Area type : H
Area size : 16
Area destination address : 0x0
Parsing Area 2/11 :
Area type : O
Area size : 112
Area destination address : 0xFFD0100
Parsing Area 3/11 :
Area type : O
Area size : 272
Area destination address : 0xFFD0200
Parsing Area 4/11 :
Area type : O
Area size : 192
Area destination address : 0xFFD09D0
Parsing Area 5/11 :
Area type : O
Area size : 112
Area destination address : 0xFFD0A80
Parsing Area 6/11 :
Area type : S
Area size : 102952
Area destination address : 0x0
Parsing Area 7/11 :
Area type : S
Area size : 99350
Area destination address : 0x0
Parsing Area 8/11 :
Area type : F
Area size : 5744
Area destination address : 0x8100000
Parsing Area 9/11 :
Area type : K
Area size : 16
Area destination address : 0x0
Parsing Area 10/11 :
Area type : m
Area size : 131072
Area destination address : 0x8172000
Parsing Area 11/11 :
Area type : C
Area size : 48
Area destination address : 0x0
Warning: Option Byte: BOOT_UBE, value: 0xB4, was not modified.
Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.002
Reconnecting...
Reconnected !
Reconnecting...
Reconnected !
Time elapsed during option Bytes configuration: 00:00:02.442
ST-LINK SN : 003600374D46501220383832
ST-LINK FW : V3J10M3
Board : STM32H573I-DK
Voltage : 3.29V
SWD freq : 8000 KHz
Connect mode: Hot Plug
Reset mode : Software reset
Device ID : 0x484
Revision ID : --
Warning: Option Byte: SECBOOT_LOCK, value: 0xC3, was not modified.
Warning: Option Bytes are unchanged, Data won't be downloaded
Time elapsed during option Bytes configuration: 00:00:00.004
Warning: Option Byte: SECBOOTADD, value: 0xC0000, was not modified.
Warning: Option Byte: SECWM1_END, value: 0x7F, was not modified.
Warning: Option Byte: SECWM1_STRT, value: 0x0, was not modified.
Warning: Option Byte: SECWM2_END, value: 0x7F, was not modified.
Warning: Option Byte: SECWM2_STRT, value: 0x0, was not modified.
Warning: Option Byte: SRAM1_3_RST, value: 0x1, was not modified.
Reconnecting...
Reconnected !
Time elapsed during option Bytes configuration: 00:00:01.253
ST-LINK SN : 003600374D46501220383832
ST-LINK FW : V3J10M3
Board : STM32H573I-DK
Voltage : 3.29V
SWD freq : 8000 KHz
Connect mode: Hot Plug
Reset mode : Software reset
Device ID : 0x484
Revision ID : --
Reconnecting...
Reconnected !
Reconnecting...
Reconnected !
Time elapsed during option Bytes configuration: 00:00:02.884
ST-LINK SN : 003600374D46501220383832
ST-LINK FW : V3J10M3
Board : STM32H573I-DK
Voltage : 3.29V
SWD freq : 8000 KHz
Connect mode: Hot Plug
Reset mode : Software reset
Device ID : 0x484
Revision ID : --
Installing RSSe
Memory Programming ...
Opening and parsing file: enc_signed_RSSe_SFI_STM32H5_v2.0.0.0.bin
File : enc_signed_RSSe_SFI_STM32H5_v2.0.0.0.bin
Size : 53.81 KB
Address : 0x20054100
Erasing memory corresponding to segment 0:
Download in Progress:
File download complete
Time elapsed during download operation: 00:00:00.134
MCU Reset
ST-LINK SN : 003600374D46501220383832
ST-LINK FW : V3J10M3
Board : STM32H573I-DK
Voltage : 3.29V
SWD freq : 8000 KHz
Connect mode: Hot Plug
Reset mode : Software reset
Device ID : 0x484
Revision ID : --
Get RSSe status...
RSS version = 2.2.0
RSSe version = 2.0.0
Starting SFI
Processing license...
Get RSSe status...
Processing Image Header
Get RSSe status...
Processing Area 1...
Get RSSe status...
Area Address = 0x0
Area Type = H
Processing Area 2...
Get RSSe status...
Area Address = 0xFFD0100
Area Type = O
Processing Area 3...
Get RSSe status...
Area Address = 0xFFD0200
Area Type = O
Processing Area 4...
Get RSSe status...
Area Address = 0xFFD09D0
Area Type = O
Processing Area 5...
Get RSSe status...
Area Address = 0xFFD0A80
Area Type = O
Processing Area 6...
Get RSSe status...
Area Address = 0x0
Area Type = S
Processing Area 7...
Get RSSe status...
Area Address = 0x0
Area Type = S
Processing Area 8...
Get RSSe status...
Area Address = 0x8100000
Area Type = F
Processing Area 9...
Get RSSe status...
Area Address = 0x0
Area Type = K
MCSV file parsing...
Total modules number: 1
+ Module number : [0]
Name : .\module.smu
Type : Global license
Size : 128.00 KB
Address : 0x08172000
Prepare module payload with license data...
Processing Area 10...
Get RSSe status...
Area Address = 0x8172000
Area Type = m
Processing Area 11...
Can not verify last area
Area Address = 0x0
Area Type = C
SFI Process Finished!
SFI file .\image.sfi Install Operation Success
Time elapsed during SFI install operation: 00:00:18.984
At this step, the device is programmed with the Secure Manager and OEM non-secure application.
4.4. Troubleshooting
In case of failure, you can check sfi.log and run the \STM32Cube_FW_H5\Firmware\Projects\STM32H573I-DK\ROT_Provisioning\DA\regression.bat in order to come back in Open state and be able to launch a new SFI procedure.