UM2262 Rev 6 39/94
UM2262 Package description
93
6.2.7 Secure Boot and Secure Firmware Upgrade (SBSFU) application
Secure Boot (Root of Trust)
• Checks and applies the security mechanisms of STM32 platform to protect critical
operations and secrets from attacks
• Authenticates and verifies the user application before each execution
Local download via UART Virtual COM
• Detects firmware download requests
• Downloads in STM32 Flash memory the new encrypted firmware image (header +
encrypted firmware) via the UART Virtual COM using Ymodem protocol and the Tera
Term tool (see Note)
FW installation management
• Detects new FW version to install
– From local download service via the UART interface
– Downloaded via user application (dual-image variant only)
• Secures FW upgrade:
– Authentication and integrity check
– FW decryption
– FW installation
– Anti-rollback mechanisms to avoid re-installation of previous firmware version
• Supports single image for maximizing the user application size
• Supports dual image for safe image programming
– Resume firmware installation: in case of power off during the installation process,
installation is resumed at next power on.
– Multiple firmware images management: handles two firmware images (UserApp1
image and UserApp2 image) stored in internal STM32 Flash. A SWAP area is
used in order to limit memory overhead needed during firmware installation (refer
to Appendix B to get details about multiple images management).
– Partial update: flexibility to update the complete firmware image or a portion of it.
Note For the STM32WB Series, an example of standalone loader is provided. Refer to Appendix
H for details.