Skip to content

Commit 325ccce

Browse files
firmwaregurufirmwareguru
committed
Release v1.1.0
1 parent 1693187 commit 325ccce

File tree

52 files changed

+372
-83
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

52 files changed

+372
-83
lines changed

Docs/README.md

Lines changed: 21 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -3,15 +3,15 @@
33
## Documentation Overview
44

55
* [Graphic](stm32-secure-patching-bootloader-MultiSegment_rev1_Dec2021.pdf) describing MultiSegment feature in more detail.
6-
* [Quick Start Guide](stm32-secure-patching-bootloader-QSG_rev1_Dec2021.pdf) in PDF form with screenshots.
6+
* [Quick Start Guide](stm32-secure-patching-bootloader-QSG_rev2_May2022.pdf) in PDF form with screenshots.
77

88
## Quick Start Guide
99

1010
Integrating the stm32-secure-patching-bootloader is a simple four step process: adding bootloader files to your project repository, configuring STM32CubeIDE, adjusting your project's linker script .ld file and adjusting your project's system_stm32xxxx.c file.
1111

1212
Please refer to [stm32-secure-patching-bootloader-demoapp](https://github.com/firmwaremodules/stm32-secure-patching-bootloader-demoapp) repository for working projects already implementing these steps.
1313

14-
Also refer to this [Quick Start Guide](stm32-secure-patching-bootloader-QSG_rev1_Dec2021.pdf) PDF document for more details including images and screenshots.
14+
Also refer to this [Quick Start Guide](stm32-secure-patching-bootloader-QSG_rev2_May2022.pdf) PDF document for more details including images and screenshots.
1515

1616
1. Adding bootloader files to your project repository
1717

@@ -27,33 +27,31 @@ We need to add the postbuild command line, update the include and linker paths,
2727
* Update Post-build steps C/C++ Build -> Settings -> Build Steps
2828

2929
```
30-
"../../../../../../../Bootloader/Scripts/STM32CubeIDE/postbuild.sh" "${BuildArtifactFileBaseName}" "../../Keys" "../../../../../Binary" "1.0.0" "1.0.0" "NUCLEO-L073RZ" "1.0.0" 512 0
31-
| | | | | | | | | |
32-
\- Name of postbuild script, relative to build dir | | | | | | | | |
33-
| | | | | | | | |
34-
\- Name of applcation build artifact (Build Artifact -> Artifact Name) | | | | |
35-
| | | | | | | |
36-
\- Directory where Keys are, relative to build dir, according to DemoApp reference design.
37-
| | | | | | |
30+
"../../../../../../../Bootloader/Scripts/STM32CubeIDE/postbuild.sh" "${BuildArtifactFileBaseName}" "../../Keys" "../../../../../Binary" "../../../../../../../Bootloader/Libs" "1.0.0" "1.0.0" "NUCLEO-L073RZ" "v1.1.0"
31+
| | | | | | | | |
32+
\- Name of postbuild script, relative to build dir | | | | | | | |
33+
| | | | | | | |
34+
\- Name of applcation build artifact (Build Artifact -> Artifact Name) | | | |
35+
| | | | | | |
36+
\- Directory where Keys are, relative to build dir, according to DemoApp reference design. | |
37+
| | | | | |
3838
\- Directory where Outputs are placed and patch reference binaries are found, relative to build dir, according to DemoApp reference design.
39-
| | | | | |
40-
\- 'To' version (version to build) | |
41-
| | | | |
42-
\- 'From' version (reference for patch generation)
43-
| | | |
44-
\- bootloader library to link with (in Libs dir)
45-
| | |
46-
\- Version of bootloader library to link with (in Libs dir)
47-
| |
48-
\- Board/target specific vector table offset size. 512 unless noted in board_config properties file.
49-
|
50-
\- MultiSegment start address. 0x90000000 typical or 0 if MultiSegment is not used.
39+
| | | | |
40+
\- Directory where bootloader libraries are, relative to build dir. |
41+
| | | |
42+
\- 'To' version (version to build)
43+
| | |
44+
\- 'From' version (reference for patch generation)
45+
| |
46+
\- bootloader library to link with (in Libs dir)
47+
|
48+
\- Version of bootloader library to link with (in Libs dir)
5149
5250
```
5351

5452
* Add path to bootloader include: C/C++ Build -> Settings -> MCU GCC Compiler -> Include paths : `../../../../../../../Bootloader/Include`
5553

56-
* Add paths and links to bootloader library files: C/C++ Build -> Settings -> MCU GCC Linker -> Libraries : (Libraries) `:stm32-secure-patching-bootloader-interface-gcc_NUCLEO-L073RZ_v1.0.0.o` (Library search paths) `../../../../../../../Bootloader/Libs/NUCLEO-L073RZ`
54+
* Add paths and links to bootloader library files: C/C++ Build -> Settings -> MCU GCC Linker -> Libraries : (Libraries) `:stm32-secure-patching-bootloader-interface-gcc_NUCLEO-L073RZ_v1.1.0.o` (Library search paths) `../../../../../../../Bootloader/Libs/NUCLEO-L073RZ`
5755

5856
* Add paths to bootloader linker files: C/C++ Build -> Settings -> MCU GCC Linker -> Miscellaneous : `-Xlinker -L ../../../../../../../Bootloader/Libs/NUCLEO-L073RZ -L ../../../../../../../Bootloader/Linker`
5957

Docs/stm32-secure-patching-bootloader-QSG_rev1_Dec2021.pdf renamed to Docs/stm32-secure-patching-bootloader-QSG_rev2_May2022.pdf

709 KB
Binary file not shown.

Include/stm32_secure_patching_bootloader_interface_v1.0.0.h renamed to Include/stm32_secure_patching_bootloader_interface_v1.1.0.h

Lines changed: 38 additions & 26 deletions
Original file line numberDiff line numberDiff line change
@@ -51,17 +51,34 @@ typedef enum
5151
} SE_StatusTypeDef;
5252

5353
/*!
54-
* Provides services for applications to call bootloader services including
55-
* updating firmware with the content of .sfb or .sfbp files.
54+
* Provides services for applications to update firmware in accordance with
55+
* the Firmware Modules' Application Management and Deployment Model.
5656
*
57-
* Patching Engine APIs will NOT update firmware to older versions. If an older version (i.e. a 'downgrade')
57+
* The application (APP) and manufacturing test application (MTA) sections in
58+
* the target non-volatile storage may be updated by presenting an update firmware
59+
* image that was generated with FM_Release. The Update module takes care of
60+
* choosing the correct APP section (APP1 or APP2) so as to support over-the-air
61+
* streaming firmware updating that is highly tolerant to link or device failure -
62+
* the target device's running application remains safe at all times during this
63+
* process.
64+
*
65+
* Update APIs will NOT update firmware to older versions. If an older version (i.e. a 'downgrade')
5866
* is required, the changes must be reverted/implemented then built with a new version number.
59-
* The bootloader uses only the version number to determine whether a firmwre update
60-
* is necessary based on the content in SLOTs 0 and 1.
67+
* The Update and AMDM system uses only the version number to determine which application
68+
* to boot and which application to overwrite when updating.
69+
*
70+
* The Update module does not maintain its own RAM buffer but rather utilizes
71+
* the buffers provided by existing packet transport infrastructure. The only
72+
* requirement on these buffers is that the *first* buffer provided must contain
73+
* at least {@link #getMinUpdateImageDataLen} bytes. This value is platform
74+
* dependent, therefore transport buffer sizing must take this value into account as well.
75+
* The first buffer must contain enough bytes to verify that a firmware image is
76+
* indeed being supplied to the update engine. The actual firmware image length is
77+
* extracted from the content of the first buffer supplied to {@link #data}.
6178
*
62-
* The Patching Engine applies data as it is provided with the Data() method.
63-
* The supplied file (.sfb or .sfbp) can only be verified after a minimum number
64-
* of bytes is received - equal to the header (128 bytes for .sfb, 256 for .sfbp).
79+
* @a(Security Policies)
80+
* It is strongly advised to use a secure transport for data (for both commands and firmware images)
81+
* provided over the air to the APIs in this module.
6582
*
6683
* @a(Thread Safety)
6784
* The APIs in this module are NOT thread-safe
@@ -129,9 +146,9 @@ typedef enum
129146

130147

131148
/*!
132-
* High-level Patching Engine image types.
149+
* High-level AMDM image types.
133150
*
134-
* These are the types of firmware images that may be presented to the Patching Engine.
151+
* These are the types of firmware images that may be presented to the Update module.
135152
*/
136153
typedef enum
137154
{
@@ -142,9 +159,8 @@ typedef enum
142159

143160

144161
/*! Set the delay type to COMMAND to specify rebooting upon command.
145-
* The application is responsible for marking the update as "ready to install"
146-
* by invoking SE_PATCH_InstallAtNextReset at some later time.
147-
*/
162+
* The application is responsible for marking the update as "ready to install".
163+
*/
148164
#define SE_PATCH_RebootDelay_COMMAND ((uint32_t)0xFFFF)
149165

150166
/*! Set the delay type to IMMEDIATE to specify rebooting and installing immediately.
@@ -157,17 +173,17 @@ typedef enum
157173
#define SE_PATCH_RebootDelay_NEXT ((uint32_t)1)
158174

159175
/*!
160-
* Patching Engine setup data structure.
176+
* Update start setup data structure.
161177
*
162178
* @field(type) Target update location of firmware image presented to Update module.
163179
* This field may be set if known, or may be omitted (set to NONE) to use the firmware update image's
164180
* embedded type determined on-the-fly.
165181
* @field(rebootDelay) Specify the reboot delay that is to occur after a completed firmware update.
166182
* @p(blist)
167183
* - RebootDelay_IMMEDIATE reboot immediately upon successful written image verification.
168-
* - 1 to 0xFFFE random delay, in seconds, selected from within this window before rebooting as if RebootDelay_IMMEDIATE was selected [currently unsupported].
184+
* - 1 to 0xFFFE random delay, in seconds, selected from within this window before rebooting as if RebootDelay_IMMEDIATE was selected.
169185
* - RebootDelay_COMMAND wait indefinately upon successful written image verification.
170-
* The user is responsible for rebooting the system, e.g. by calling NVIC_SystemReset().
186+
* The user is responsible for rebooting the system, e.g. by calling {@link fm.driver.System#reset}.
171187
* @p
172188
* @field(totalLength) Provide if the image length is known - only used to initially reject an update if it is too large
173189
* for the device before examining the actual header. Set to 0 to ignore this first check and use the
@@ -280,13 +296,11 @@ SE_ErrorStatus SE_PATCH_Init(SE_PATCH_Status* p_PatchStatus, const SE_PATCH_Star
280296
* No action is taken against the non-volatile storage unless the provided
281297
* data was verified to contain the start of a valid firmware image.
282298
*
283-
* There is a requirement for data ordering - all subsequent bytes of the
299+
* There is a requirement for data ordering - the first
300+
* {@link #getMinUpdateImageDataLen} bytes must be sent first and available as a unit
301+
* to the `data` function. These bytes contain enough information for the updater
302+
* to make a decision on whether to proceed. All subsequent bytes of the
284303
* firmware update image must also be delivered in order.
285-
*
286-
* There is no requirement on the number of bytes that must be delivered per invocation.
287-
* As little as 1 byte can be provided each time. Internal buffering is used to accumulate
288-
* enough bytes for header verification (128 for .sfb, 256 for .sfbp) before continuing
289-
* with the update or rejecting it.
290304
*
291305
* Additionally, the count of bytes is accumulated until the expected number
292306
* of bytes is received, at which time the written firmware image will be fully verified.
@@ -373,7 +387,7 @@ SE_ErrorStatus SE_PATCH_Poll(SE_PATCH_Status* status);
373387
/*!
374388
* Get a string discription of the specified status code.
375389
* Return string, or empty string if code has no string
376-
* or strings were not compiled in.
390+
* or strings no compiled in.
377391
*/
378392
const char* SE_PATCH_GetStatusCodeString(SE_PATCH_StatusCode code);
379393

@@ -394,9 +408,7 @@ typedef struct
394408
uint8_t ActiveFwTag[SE_TAG_LEN]; /*!< Firmware Tag*/
395409
} SE_APP_ActiveFwInfo;
396410

397-
/* The following supports the automatic git semantic versioning system available with stm32-secure-patching-bootloader.
398-
*
399-
* Extract version components "major", "minor" and "patch" from the 32-bit version field.
411+
/* Extract version components "major", "minor" and "patch" from the 32-bit version field.
400412
* The version field should contain a value formatted such that major is the high bytes; minor is the middle short and
401413
* patch is the low byte.
402414
* Without any explicit formatting of this field, the version numbers will simply ramp

Libs/B-L072Z-LRWAN1/stm32-secure-patching-bootloader-README_B-L072Z-LRWAN1_v1.1.0.txt

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
# Board configuration
2+
3+
Total flash: 192 KB
4+
------------------------------------------------------------------
5+
| SBSFU | SLOT0 | SLOT1 |
6+
------------------------------------------------------------------
7+
56 (14) 68 (17) 68 (17)
8+
9+
YMODEM loader: YES
10+
UART1 115200,8,N,1
11+
12+
13+

Libs/NUCLEO-L073RZ/stm32-secure-patching-bootloader-interface-gcc_NUCLEO-L073RZ_v1.0.0.o renamed to Libs/B-L072Z-LRWAN1/stm32-secure-patching-bootloader-interface-gcc_B-L072Z-LRWAN1_v1.1.0.o

27.9 KB
Binary file not shown.

Libs/NUCLEO-L073RZ/stm32-secure-patching-bootloader-linker-gcc_NUCLEO-L073RZ_v1.0.0.ld renamed to Libs/B-L072Z-LRWAN1/stm32-secure-patching-bootloader-linker-gcc_B-L072Z-LRWAN1_v1.1.0.ld

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,5 +33,5 @@ STM32_SECURE_PATCHING_BOOTLOADER_SLOT0_END = 0x0801EFFF;
3333

3434
STM32_SECURE_PATCHING_BOOTLOADER_RAM_START = 0x20001500;
3535

36-
SE_IF_REGION_ROM_START = 0x8006D00;
36+
SE_IF_REGION_ROM_START = 0x8006E00;
3737
SE_IF_REGION_ROM_LENGTH = 0xB00;

Libs/B-L072Z-LRWAN1/stm32-secure-patching-bootloader-postbuild_B-L072Z-LRWAN1_v1.1.0.sh

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
# Board-specific properties injected into the postbuild.sh script.
2+
3+
VectOffset=512
4+
5+
MultiSegAddr=0

Libs/B-L072Z-LRWAN1/stm32-secure-patching-bootloader_B-L072Z-LRWAN1_v1.1.0.bin

49.1 KB
Binary file not shown.

Libs/B-L072Z-LRWAN1/stm32-secure-patching-bootloader_B-L072Z-LRWAN1_v1.1.0.bin.asc

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
713774b8f79a1b240e8b4d1a40304c1af46f411b5782ffeeac32c7c06623a246 stm32-secure-patching-bootloader_B-L072Z-LRWAN1_v1.1.0.bin

Libs/DISCO-F769I/stm32-secure-patching-bootloader-README_DISCO-F769I_v1.1.0.txt

Lines changed: 37 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,37 @@
1+
# Board configuration
2+
3+
/* Configuration for 2 MB flash device.
4+
*
5+
* internal sector size: 256K
6+
* external sector size: 64K
7+
*
8+
* STM32F7 Internal flash MX25L512G External flash
9+
* ----------------------------------------------- -------------------------------------------------
10+
* | SBSFU | U | SLOT0 SEG0 7 sectors | | SLOT0 SEG1 X sectors | SLOT1 7 + X sectors | ...
11+
* ----------------------------------------------- -------------------------------------------------
12+
* 128 128 1792 256*X 1792 + 256*X
13+
*
14+
* Offsets given X = 16 (4 MB SEG1)
15+
*
16+
* 0x08000000
17+
* 0x08020000
18+
* 0x08040000
19+
*
20+
* 0x081FFFFF
21+
* 0x90000000
22+
* 0x90400000
23+
* 0x909BFFFF
24+
*
25+
*
26+
* X - number of 256K sectors to assign to storing application resources in QSPI area.
27+
* U - unused/available sector 128K.
28+
*
29+
*/
30+
31+
YMODEM loader: YES
32+
UART1 115200,8,N,1
33+
34+
USB flash loader: YES
35+
36+
37+

0 commit comments

Comments
 (0)