Versions Compared

Old Version 5

changes.mady.by.user Adam Czajkowski

Saved on

compared with

New Version Current

changes.mady.by.user Adam Czajkowski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

1. Preparing necessary files:

  1. Preparation of the keys Encryption key and Encryption nonce files (AES128Key.bin and Nonce.bin) - both files can be generated using STM32TrustedPackageCreator (SFI tab). To generate Encryption nonce file and Encryption key file, proceed as follows:

    • Open Trusted Package Creator and select SFI

    • Open SFI tab

    • Press “Generate” buttons(red arrows) and set destination place for generated files

...

  1. Preparation of Option Bytes Config file (OptionBytesSetting.csv) - file can be generated using STM32TrustedPackageCreator (SFI Option Bytes tab).
    To generate Option Bytes Config file file, proceed as follows:

    • Open Trusted Package Creator and select SFI

    • Open SFI Option Bytes tab

    • Select target microcontroller

    • In window set finall option bytes configuration after secure firmware install operation

    • Press “Open Option Bytes File” button and set destination place for generated file

...

  1. Preparation of firmware files (firmware.bin, .hex, .srec, etc.)

  2. Preparation of an encrypted firmware binary file (*.sfi) using STM32TrustedPackageCreator (SFI tab) or STM32TrustedPackageCreator_CLI (-sfi option), keys, option bytes config file and input firmware are necessary in this step.

  3. Programming HSM modules with a limited number of licenses using STM32TrustedPackageCreator (HSM tab) or STM32TrustedPackageCreator_CLI (-hsm option), keys (AES128Key.bin and Nonce.bin) are necessary in this step and they must be the same as for firmware encryption.

2. Programming flash memory and option bytes using FlashPro-ARM/GangPro-ARM on Windows

Configuration for FlashPro-ARM and GangPro-ARM is the same, but GangPro-ARM can program up to 6 device simultaneously.

  1. Open FlashPro-ARM/GangPro-ARM software

  2. Open Setup → SFI Setup Tabwindow

    1. Set HSM card index(by default 1)

    2. Check “Enable” box

    3. Use “Browse” button and pick *.sfi file, generated by STM32TrustedPackageCreator

    4. Check “Set log file path” box - only if want save in file you would like to save used licenses from HSM module (using saved licenses allows reprogramming of the same DUT without using HSM quota)

    5. Use “Browse” button and set place where save log file with licenses should be saved

    6. Press “Ok” button to save SFI setup

...

  1. Press “AUTO PROG.”(or “WRITE FLASH”) button to execute secure firmware install operation

  2. Check output logs after AutoProgram

    1. FlashPro-ARM

      image-20240529-092442.pngImage Modified
      Code Block
      Communication initialization.........	 OK
 OSC=48.15 MHz, Sys.CLK=48.15 MHz
Erasing memory ...............................	 done
Secure firmware install procedure start...	 OK
Communication initialization...................	 OK
Reading MCU decriptor.........................	 OK
Option bytes setup.................................	 OK
Certificate analyze.................................	 OK
Request HSM license............................	 OK
Firmware install......................................	 OK
RSS version = 1.4.0..............................	 OK
RSSe version = 2.3.0............................	 OK
Install license.........................................	 OK
Processing Image Header.....................	 OK
SFI programming....................................	 OK
Warning: Could not verify security state after last chunk programming
 -------- D O N E --- ( run time =  10.7 sec.)

    2. GangPro-ARM

...

Code Block
Secure firmware install procedure start...	 OK
RSS version = 3.1.0...	 OK
Reading the chip Certificate......	 OK
Request HSM license.........................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Option bytes setup..............................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Starting SFI part 1
Install license......................................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Processing Image Header..................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Programming memory..................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Starting SFI part 2
Install license......................................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Processing Image Header..................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Programming memory..................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Starting SFI part 3
Install license......................................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Processing Image Header..................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Programming memory..................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Starting SFI part 4
Install license......................................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Processing Image Header..................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Programming memory..................
 #1:  ..	 OK
 #2:  ..	 OK
 #6:  ..	 OK
Warning: Could not verify security state after last chunk programming
 -------- D O N E --- ( run time =  15.7 sec.)

STMicroelectronics application notes and user manuals:

...