UM2262 Rev 6 67/94
UM2262 Dual-image handling
93
Appendix B Dual-image handling
Some SBSFU application examples handle two firmware images stored in internal Flash.
B.1 Elements and roles
• Slot #0:
– This slot contains the active firmware (firmware header + firmware). This is the
user application that is launched at boot time by SBSFU (after verifying its
validity).
• Slot #1:
– This slot is used to store the downloaded firmware (firmware header + encrypted
firmware) to be installed at next reboot.
– In case of partial image, the size of this slot can be lower than the size of Slot #0
(which contains full image). Slot #1 can be sized according to the maximum
possible partial image.
• Swap region:
– This is a Flash area used to swap the content of Slot #0 and Slot #1.
– Nevertheless, this area is not a buffer used for each and every swap of Flash
sector. It is used to move a first sector, hence creating a shift in Flash allowing
swapping the two slots sector by sector.
Figure 37 represents the mapping on NUCLEO-L476RG. The mapping order for slots and
swap elements depends on the STM32 Series:
• For The STM32 Series with secure user memory, the Slot #0 header must be mapped
just after SBSFU code in order to be protected by the secure user memory.
• For the STM32L4 Series, the firewall code and data (Slot #0 header) segments must
be located at the same offset from the base address in each bank (ensuring that
secrets are always protected even if the banks are swapped).
To Next Page
Loading...
