STM32 SFI is a solution for secure manufacturing in production environments that guarantees the authenticity, integrity, and confidentiality of the firmware. It is available on STM32L4, STM32H7, STM32L5, STM32U5, and STM32WL STM32H7 microcontrollers.
Instructions
...
Preparation of files and Hardware Secure Module (HSM) using the source code and the toolkit provided by STMicroelectronics. Two elements are necessary to perform an SFI sequence using Elprotronic GangflasherElprotronic’s GangFlasher-ST:
Encrypted firmware binary in a SFI file (*.sfi)
Programming of the flash memory and option bytes using Elprotronic Gangflasher Elprotronic’s GangFlasher and the files prepared in the first step.
...
Preparation of the keys (AES128Key.bin and Nonce.bin)
Preparation of Option Bytes Config file (OptionBytesSetting.csv)
Preparation of firmware files (firmware.bin)
Preparation of a an encrypted firmware binary i file (*.sfi) using STM32TrustedPackageCreator (SFI tab) or STM32TrustedPackageCreator_CLI (-sfi option), keys, option bytes confiog config file and input firmware are necessary in this step.
Programming HSM modules with a limited number of licenses using STM32TrustedPackageCreator (HSM tab) or STM32TrustedPackageCreator_CLI (-hsm option), keys (AES128Key.bin and Nonce.bin) are necessery necessary in this step and they must be the same as for firmware encryption.
2. Programming flash memory and option bytes using
...
Elprotronic’s GangFlasher-ST on Windows
Open GangflasherGangFlasher-ST
Check connection with the board or scan “Setup->USB Location“
Check connection with HSM “View->HSM“
Load SFI file(*.sfi) in main window.
Check “SFI Enable” box in SSP/SFI area and add optional log file to save used license from HSM module.
Click “Autoprogram or write“ Button in main window.
View report for target in Reports area.
...