Difference between revisions of "STM32-SFI Flasher Commander"
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | STM32-SFI Flasher Commander (SFI_FC_x64.exe) is a free, command line based utility that can be used for programming targets using ST's |
+ | STM32-SFI Flasher Commander (SFI_FC_x64.exe) is a free, command line based utility that can be used for programming targets using ST's Secure Firmware Install (SFI) feature. |
+ | The SFI Commander supports only the SEGGER production tools Flasher PRO (XL) and Flasher Compact. |
||
<div class="toclimit-2"> |
<div class="toclimit-2"> |
||
__TOC__ |
__TOC__ |
||
</div> |
</div> |
||
+ | |||
+ | == Secure Firmware Install (SFI) Process == |
||
+ | The following hardware items are required in order to program: |
||
+ | * Smart card reader: Connected via USB to the host PC |
||
+ | * STM32HSM Smart card [https://www.st.com/en/development-tools/stm32hsm-v2.html STM32HSM-V2] |
||
+ | * [https://www.segger.com/products/production/flasher/models/flasher-pro/ Flasher PRO] (alternative: [https://www.segger.com/products/production/flasher/models/flasher-compact Flasher Compact]) |
||
+ | |||
+ | The following software items are required to setup a project: |
||
+ | * [https://www.st.com/en/development-tools/stm32cubeprog.html STM32CubeProgrammer] |
||
+ | |||
+ | Please refer to the documentation of the STM32CubeProgrammer on how to create an SFI file and how to provision the STM32HSM card. |
||
== Command line options == |
== Command line options == |
||
Line 14: | Line 26: | ||
! Command line option !! Explanation |
! Command line option !! Explanation |
||
|- |
|- |
||
− | !colspan="2"| |
+ | !colspan="2"| Mandatory |
|- |
|- |
||
| [[#RSSe | RSSe <Filename>]] || RSSe library binary |
| [[#RSSe | RSSe <Filename>]] || RSSe library binary |
||
Line 21: | Line 33: | ||
|- |
|- |
||
!colspan="2"| Optional |
!colspan="2"| Optional |
||
+ | |- |
||
+ | | ? || Show link to this article |
||
|- |
|- |
||
| [[#License | License <Filename>]] || Use a manually generated license file |
| [[#License | License <Filename>]] || Use a manually generated license file |
||
Line 26: | Line 40: | ||
| [[#SerialNo | SerialNo <Serial number>]] || Use the Flasher with the given serial number |
| [[#SerialNo | SerialNo <Serial number>]] || Use the Flasher with the given serial number |
||
|- |
|- |
||
− | | [[#SingleRun| SingleRun]] || Single run mode: Application starts programming automatically and then terminates |
+ | | [[#SingleRun | SingleRun]] || Single run mode: Application starts programming automatically and then terminates |
|} |
|} |
||
Example: |
Example: |
||
SFI_FC_x64.exe SFI="out.sfi" RSSe="RSSe\U5\enc_signed_RSSe_sfi_U5_2M.bin" |
SFI_FC_x64.exe SFI="out.sfi" RSSe="RSSe\U5\enc_signed_RSSe_sfi_U5_2M.bin" |
||
− | |||
− | === License === |
||
− | Use a license file instead of a license created by the hardware security module (HSM). |
||
==== RSSe ==== |
==== RSSe ==== |
||
− | Specify the RSSe library binary matching your target MCU. |
+ | Specify the RSSe (Root Secure Services extension) library binary matching your target MCU. |
− | |||
− | ==== SerialNo ==== |
||
− | Specify the serial number of the Flasher to be used. Used in case multiple Flashers are connected to the same PC via USB. |
||
==== SFI ==== |
==== SFI ==== |
||
Specify the SFI data file. |
Specify the SFI data file. |
||
+ | |||
+ | ==== License ==== |
||
+ | Use a license file instead of a license created by the hardware security module (HSM). |
||
+ | |||
+ | ==== SerialNo ==== |
||
+ | Specify the serial number of the Flasher to be used. Used in case multiple Flashers are connected to the same PC via USB. |
||
==== SingleRun==== |
==== SingleRun==== |
||
Normally the applications runs in an interactive mode which is useful for manual production. The single run mode is useful for automated production, where the utility is called by an overlying application. |
Normally the applications runs in an interactive mode which is useful for manual production. The single run mode is useful for automated production, where the utility is called by an overlying application. |
||
+ | |||
+ | == Explanation of the programming process == |
||
+ | |||
+ | [[File:Sample.png]] |
||
+ | |||
+ | '''SFI loaded (Secure Firmware Image, provided by developer):''' |
||
+ | |||
+ | 16572 bytes of SFI data loaded. |
||
+ | |||
+ | '''RSSe loaded (Root secret service, part of ROM bootloader, RSSe is extension):''' |
||
+ | |||
+ | 38800 bytes of RSSe data loaded. |
||
+ | |||
+ | '''HSM lib initialisation report:''' |
||
+ | |||
+ | ldm_LoadModule(): loading module "stlibp11_SAM.dll" ... |
||
+ | |||
+ | ldm_LoadModule(WIN32): OK loading library "stlibp11_SAM.dll": 0xAAAAAAAA... |
||
+ | |||
+ | C_GetFunctionList() returned 0x00000000, g_pFunctionList=0xAAAAAAAA |
||
+ | |||
+ | '''HSM initialisation (which firmware is this for):''' |
||
+ | |||
+ | Firmware identifier: Test. |
||
+ | |||
+ | '''SFI File validation:''' |
||
+ | |||
+ | SFI file valid! |
||
+ | |||
+ | Found area type F, 16384 bytes |
||
+ | |||
+ | Found area type C, 68 bytes |
||
+ | |||
+ | '''HSM status (how many program cycles are left):''' |
||
+ | |||
+ | HSM status: 290 devices left. |
||
+ | |||
+ | Make sure device is connected to the Flasher, press <Space> to start or <q> to quit: |
||
+ | |||
+ | '''Next step:''' |
||
+ | |||
+ | Press Space to program the device (the device may need to be prepared by forcing it into the boot loader.) |
||
+ | |||
+ | '''=> Programming started!''' |
||
+ | |||
+ | ---- |
||
+ | |||
+ | ''Programming process:'' |
||
+ | |||
+ | '''Set RDP level 1 (if necessary):''' |
||
+ | |||
+ | Setting RDP level 1 |
||
+ | |||
+ | '''Set RDP level 0 and enable trust zone (if necessary):''' |
||
+ | |||
+ | Setting RDP level 0 + TZEN |
||
+ | |||
+ | '''Set RDP level 0.5 and SRAM2_RST:''' |
||
+ | |||
+ | Setting RDP level 0.5 + SRAM2_RST |
||
+ | |||
+ | '''Download RSSe, check RSSe version:''' |
||
+ | |||
+ | Found RSSe version: 4.0.0 |
||
+ | |||
+ | '''Check license cache (see [[#License_cache_feature | License cache feature]]):''' |
||
+ | |||
+ | Using cached license. |
||
+ | |||
+ | '''Flash SFI areas. After the configuration area, the application should start but the status cannot be checked:''' |
||
+ | |||
+ | Configuration area processed, unable to check status. |
||
+ | |||
+ | '''HSM status (how many program cycles are left):''' |
||
+ | |||
+ | HSM status: 290 devices left. |
||
+ | |||
+ | == License cache feature == |
||
+ | |||
+ | The file "LC.DAT" will be generated by the SFI-Commander. |
||
+ | |||
+ | In case a programming has to be re-done, the SFI-Commander accesses the cached SFI license without running |
||
+ | |||
+ | the HSM again, which would mean wasting one authorized programming cycle. |
||
+ | |||
+ | == Download == |
||
+ | |||
+ | The tool is available for download at [https://www.segger.com/downloads/flasher/#FlasherSoftwareAndDocumentationPack SEGGER Flasher downloads]. |
Latest revision as of 18:04, 13 November 2023
STM32-SFI Flasher Commander (SFI_FC_x64.exe) is a free, command line based utility that can be used for programming targets using ST's Secure Firmware Install (SFI) feature.
The SFI Commander supports only the SEGGER production tools Flasher PRO (XL) and Flasher Compact.
Secure Firmware Install (SFI) Process
The following hardware items are required in order to program:
- Smart card reader: Connected via USB to the host PC
- STM32HSM Smart card STM32HSM-V2
- Flasher PRO (alternative: Flasher Compact)
The following software items are required to setup a project:
Please refer to the documentation of the STM32CubeProgrammer on how to create an SFI file and how to provision the STM32HSM card.
Command line options
The table below lists the available command line options of STM32-SFI Flasher Commander. Detailed descriptions of the command line options can be found in the sections below.
This list is only valid for the latest version of the STM32-SFI Flasher Commander.
Command line option | Explanation |
---|---|
Mandatory | |
RSSe <Filename> | RSSe library binary |
SFI <Filename> | SFI data file |
Optional | |
? | Show link to this article |
License <Filename> | Use a manually generated license file |
SerialNo <Serial number> | Use the Flasher with the given serial number |
SingleRun | Single run mode: Application starts programming automatically and then terminates |
Example: SFI_FC_x64.exe SFI="out.sfi" RSSe="RSSe\U5\enc_signed_RSSe_sfi_U5_2M.bin"
RSSe
Specify the RSSe (Root Secure Services extension) library binary matching your target MCU.
SFI
Specify the SFI data file.
License
Use a license file instead of a license created by the hardware security module (HSM).
SerialNo
Specify the serial number of the Flasher to be used. Used in case multiple Flashers are connected to the same PC via USB.
SingleRun
Normally the applications runs in an interactive mode which is useful for manual production. The single run mode is useful for automated production, where the utility is called by an overlying application.
Explanation of the programming process
SFI loaded (Secure Firmware Image, provided by developer):
16572 bytes of SFI data loaded.
RSSe loaded (Root secret service, part of ROM bootloader, RSSe is extension):
38800 bytes of RSSe data loaded.
HSM lib initialisation report:
ldm_LoadModule(): loading module "stlibp11_SAM.dll" ...
ldm_LoadModule(WIN32): OK loading library "stlibp11_SAM.dll": 0xAAAAAAAA...
C_GetFunctionList() returned 0x00000000, g_pFunctionList=0xAAAAAAAA
HSM initialisation (which firmware is this for):
Firmware identifier: Test.
SFI File validation:
SFI file valid!
Found area type F, 16384 bytes
Found area type C, 68 bytes
HSM status (how many program cycles are left):
HSM status: 290 devices left.
Make sure device is connected to the Flasher, press <Space> to start or <q> to quit:
Next step:
Press Space to program the device (the device may need to be prepared by forcing it into the boot loader.)
=> Programming started!
Programming process:
Set RDP level 1 (if necessary):
Setting RDP level 1
Set RDP level 0 and enable trust zone (if necessary):
Setting RDP level 0 + TZEN
Set RDP level 0.5 and SRAM2_RST:
Setting RDP level 0.5 + SRAM2_RST
Download RSSe, check RSSe version:
Found RSSe version: 4.0.0
Check license cache (see License cache feature):
Using cached license.
Flash SFI areas. After the configuration area, the application should start but the status cannot be checked:
Configuration area processed, unable to check status.
HSM status (how many program cycles are left):
HSM status: 290 devices left.
License cache feature
The file "LC.DAT" will be generated by the SFI-Commander.
In case a programming has to be re-done, the SFI-Commander accesses the cached SFI license without running
the HSM again, which would mean wasting one authorized programming cycle.
Download
The tool is available for download at SEGGER Flasher downloads.