SFIx Step-by-step on STM32H735 Discovery Kit

SFIx Step-by-step on STM32H735G-DKClock.png75min

Target description

This tutorial shows how to use SFI for installing

  • a secure internal firmware
  • a secure external firmware.

In this page we provide an example to discovery kit STM32H735-DK. The internal firmware will be installed to the flash memory of the chip STM32H735, and the external firmware will be installed to the external memory embedded on the board : MX25LM51245G.

The process goes through three 'steps' at the Original Equipment Manufacturer (OEM) and the Contract Manufacturer (CM) sites.

  • Development @ OEM  : the application code that will run on STM32 is generated.
  • Secure Room @ OEM  : code prepared during the development is encrypted and packaged to be sent for manufacturing. The Secure Room is isolated and its resources are not visible outside of it.
  • Manufacturing @ CM : the encrypted code received by the OEM Secure Room is installed using SFI tools.



  • STM32H735-DK[1] Discovery kit with STM32H735IG MCU
  • STM32-HSM[2] SAM for Secure Firmware Installation
  • SmartCard Reader
    • Laptop Built-in
    • External
  • STLINK-V3[3] modular in-circuit debugger and programmer for STM32/STM8
  • USB cable Type-A to Micro-B
  • Jump wires


  • STM32CubeProgrammer[4] Software programming tool for STM32 (v2.10 min)
    • Including STM32TrustedPackageCreator
  • STM32CubeMX[5] STM32Cube initialization code generator
  • STM32CubeIDE[6] Integrated Development Environment for STM32
  • X-CUBE-SFI Expansion package[7] The STM32CubeExpansion_SFI Secure Firmware Install shows how to go through SFI installation process for STM32 devices to protect OEM firmware during the CM product manufacturing stage.


  • AN4992 STM32 MCUs secure firmware install (SFI) overview
  • UM2237 STM32CubeProgrammer software description
  • UM2238 STM32 Trusted Package Creator tool software description
  • AN5054 Secure programming using STM32CubeProgrammer
  • AN2606 STM32 microcontroller system memory boot mode
  • RM0468 STM32H723/733, STM32H725/735 and STM32H730 Value line advanced Arm®-based 32-bit MCUs
  • UM2679 STM32H735G-DK Discovery kit
  • UM2448 STLINK-V3SET debugger/programmer for STM8 and STM32

1. Environment setup

Before starting, the first step is to prepare the environment to go through the SFI process. Please refer to the Environment setup on the article: Step1 Tools installation

2. Development @ OEM : Firmware creation

The first step is to create an code containing datas to be installed in external memory. This code will be called "External firmware". The second step of the process is to create a demo application for STM32H735G-DK using OTFDEC to decrypt the code installed in external memory This code will be called "Internal firmware".

You can use the example project developped in xcube-sfi, or create a new project.

2.1. External firmware

The firmware to be installed in external memory with SFIx process will be encrypted by the RSS. RSS uses AES algorithm (Advanced Encryption Standard ) to encrypt the external firmware.

OTFD Key address, region number and region mode are given by user during SFIx process as input parameters.
OTFD region_number values :

  • 0 to 3: OTFD1
  • 4 to 7: OTFD2

OTFD region_mode (uint32_t) bit [1:0]:

  • 0: instruction only (AES-CTR)
  • 1: data only (AES-CTR)
  • 2: instruction + data (AES-CTR)
  • 3 : instruction only (Enhanced cipher)

OTFD key_address in internal Flash memory

Warning white.png Warning
OTFD Key address input is different from Encryption key file that we describe after. Encryption key file is used by HSM, not by OTFDEC for external firmware

For this example we use known datas as external firmware saved in a binary file. These datas will be encrypt by RSS during SFIx process.

xcube-sfi package gives an example of external firmware : Ext_Mem.bin placed in X-Cube-SFI_V1.0.0\Projects\STM32H735G-DK\Applications\SFIx\OEM_SecureRoom\Binary

You have the possibility to open this file with STM32CubeProgrammer :

2.2. Internal firmware

The functionality of internal firmware in our example is to decrypt via OTFDEC datas saved in external memory during SFIx operation. xcube-sfi already propose an application binary for STM32H735G-DK In the package xcube-sfi you can find the application in OEM_Dev : Path : X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFIx\OEM_Dev.

Choose the toolchain you want to use (EWARM, MDK-ARM or STM32CubeIDE) and compile the code. This page will explain how to compile the code with STM32CubeIDE toolchain:

Open folder "STM32CubeIDE", then double click on .cproject. Select a directory as wokspace and launch the IDE. Once the wokspace succesfully imported, select Project > Build Project. This will generate the binary file we will use in the next paragraphs.

In the file "main.c" of the project you can see the declaration of parameter uint32_t Plain[0x100]. This parameter contains exactly datas in clear that we want to flash in external flash. Internal firmware

  • configures OCTOSPI and OTFDEC interfaces
  • read in external memory the datas installed during SFIx process
  • Decrypt these datas via OTFDEC
  • Compare datas decrypted with datas in Plain.
  • If datas are the same, green led is ON, else if datas are differents red led is ON.

You can now close STM32CubeIDE toolchain. Open xcube-sfi package and in folder OEM_Dev\STM32CubeIDE, launch the TransferBinToSecureRoom.bat Script needed to

  • create the OEM_SecureRoom/Binary folder
  • copy the binary generated by the compilation in this folder.
Info white.png Information
In this paragraph we use STM32CubeIDE toolchain but the process is the same for EWARM and MDK-ARM toolchains

3. Secure Room @ OEM : SFIx package generation and HSM provisionning

In the Secure Room the following two steps are performed:

  • SFIx package generation: the code prepared during the development is encrypted and packaged to be sent for manufacturing.
  • HSM Provisioning: the HSM is provisioned with the keys used for encryption and with the max license counter.
Warning white.png Warning
The assumption is that the Secure Room is isolated and its resources are not accessible from the outside world.

3.1. SFIx package generation


In this step, the application binary file and the option byte configuration are encrypted in an SFIx package.

The following inputs are needed:

  • External firmware Binary file (created in the previous step) ,download address in external FLASH region number and mode (used by RSS)
  • Internal firmware Binary file (created in the previous step) and download address in FLASH.
  • Key binary file used by RSS to encrypt external firmware
  • AES Key
  • Nonce
  • Option bytes

3.1.1. Inputs preparation

For the two first input parameters above the process is described below. For other parameters please refer to the SFI package generation on the article: SFI package generation External Firmware binary files and Download address

For this example we will install external firmware in address 0x90000000. For external firmware it is necessary to give

  • region number
  • region mode
  • AES key address

these parameters are used by RSS to encrypt external firmware. In our case

  • region number = 0
  • region mode = 2
  • AES key address = 0x080C0000 Key binary file used by RSS to encrypt external firmware

RSS will use this Key to encrypt external firmware. This Key has to be install in a known adress of Flash memory. In this example we use 0x080C0000. xcube-sfi package shows a key example  : Fixed_Key.bin in X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFIx\OEM_SecureRoom\Binary

Note that in xcube-sfi package internal firmware we use the same key to decrypt external firmware via OTFDEC in order to recover clear datas.

3.1.2. SFI package generation using STM32 Trusted Package Creator CLI (Command Line Interface) Command launched from STM32CubeProgrammer\bin folder

You can use this command line to generate sfi package  :

Info white.png Information
Command line below must be launched from the path :C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin .

Files called in the command line must also be saved in this folder.

 STM32TrustedPackageCreator_CLI.exe -sfi -fir H735_LedBlink.bin 0x08000000 -fir Fixed_Key.bin 0x080C0000 -firx Ext_Mem.bin 0x90000000 0 2  0x080C0000 -k aeskey.bin -n nonce.bin -ob ob.csv -v 1 --ramsize 0x1E000 --token 0x080FF000 -hash 1 -o OEM_Dev.sfix Command launched from an other folder ( xcube-sfi example)

xcube-sfi package gives an example of script used to generate the output file from an other directory.
In Folder "Scripts" in X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFIx\OEM_SecureRoom\Scripts, you can open the script "GenerateSFIx_OEM_Dev.bat" with Notepad for example. Script description :

  • STM32TrustedPackageCreator executable Path is defined in "TOOLDIR" :
  • Files previously created are set as "KEY", "NONCE" and "OPTBYTE" parameters:
  • Internal Firmware binary file and address are defined as "BINARY", and "BINARY_BASE_ADD"
  • An additional firmware binary file containing OTFDEC Key used by RSS to encrypt external firmware in defined as "KEY_BINARY" at address "KEY_BINARY_BASE_ADD"
  • External binary and address are defined as "OTFDEC_BINARY", and "OTFDEC_BINARY_BASE_ADD"

For external firmware we also have to enter Region number "OTFDEC_REGION_NUMBER" and region mode "OTFDEC_REGION_MODE"

  • Image version is marked "1" ,Output sfix file will be created in "OUT_BIN" path as "OUT_FILE" (OEM_Dev.sfix) :
  • At least we can launch the command line calling all previous defined parameters :

Once launched you will have the succeed message :

Output file with sfix extension is now generated, and you can transfer this file in the binary folder that will be used in the last step launching "TransferSFIxToCM.bat" script placed in this directory : X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFIx\OEM_SecureRoom\Scripts.

Info white.png Information
xcube-sfi package uses command Line Interface to generate SFI package. If you want to use this CLI, you can manage a script with your own folders directories. If you prefet GUI (Graphical User Interface) please follow next paragraph

3.1.3. SFI package generation using STM32 Trusted Package Creator GUI (Graphical User Interface)

In the SFIx panel of STM32TrustedPackageCreator you have to enter the parameters described in Inputs preparation

GenerateSFIXwithGUI left.png

Once all parameters browsed you can click on "Generate SFIx" button.

The right panel will display the size of the package generated, and the address it will be installed in Flash memory.

3.2. HSM programming

Please refer to the HSM programming on the article: HSM programming

4. Manufacturing @ CM : Secure Firmware Installation

In this step, the CM receives from the OEM the HSM card provisioned with the secret key and initialized with a max counter of licenses, and the sfi package to be installed (including the firmware in encrypted form and the option bytes configuration).

The SFI process could be performed through a regular JTAG/SWD interface .

The following section will describe these sections for SWD interface:

  • Hardware connection
  • Option Bytes regression (optional)
  • Secure Firmware Install
Info white.png Information
The Option Bytes regression step configures the OB to their default state ( this operation may not be needed if the CM will run the SFI process on a virgin part).


4.1. Hardware connection

Plug a micro USB cable to CN15 and make sure that JP7 is in the CHGR or STLK position.

4.2. Option bytes regression

The following steps will configure the device to regress the option bytes configuration to a default state:

STM32_Programmer_CLI.exe -c port=SWD mode=HOTPLUG -ob RDP=0xAA nWRP0=1 nWRP1=1 nWRP2=1 nWRP3=1 nWRP4=1 nWRP5=1 nWRP6=1 nWRP7=1 BOOT_CM7_ADD0=0x0800 BOOT_CM7_ADD1=0x1FF0 SECURITY=0 -e all -rst -ob displ

External memory of the board must be erased before starting SFIx process. To erase external memory :

  • unplug CN15 connector
  • Switch SW1 to position 1 (SYS MEM) in order to enable the system bootloader
  • Plug a micro USB cable to CN15 and make sure that JP7 is in the CHGR position.
  • Launch STM32CubeProgrammer, select "Full chip erase" in "External Memory tab" and wait operation completed:
  • unplug CN15 connector
  • Switch SW1 to position 0

After this step the device is ready for the SFIx process.

4.3. Firmware install

This command will start the SFI process and proceed with the installation. Command line below must be launched from the path :C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin. OEM_Dev.sfix is the output sfix file previously generated, and MX25LM51245G_STM32H735G-DK.stldr file is the external loader needed to access external memory used in this board : MX25LM51245G . These two files must be saved in C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin path in order to launch the command.

You can find all external loder files in the folder ExternalLoader :path :C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\ExternalLoader

STM32_Programmer_CLI.exe -vb 1 -c port=SWD mode=HOTPLUG reset=crst -sfi protocol=static OEM_Dev.sfix hsm=1 slot=1 -el MX25LM51245G_STM32H735G-DK.stldr hsm=1 slot=1

Info white.png Information
You can also use the script placed in C:\X-Cube-SFI_V1.0.0-RC1\Projects\STM32H735G-DK\Applications\SFIx\CM\Scripts :
  • ReadHSMInfo.bat to read HSM informations
  • PrepareTarget_SWD.bat to prepare target to SFI process and erase external memory
  • FlashSFIx_SWD_OEM_Dev.bat to start the SFIx process and proceed with the installation
Info white.png Information
You can refer to AN5054 for details on hsm and slot parameters.

After this step the device is programmed with the OEM application code. Green led is ON : Datas installed in external memory have been decrypted via OTFDEC and compared to clear datas.

5. References