Difference between revisions of "STM32-SFI Flasher Commander"
| Line 1: | Line 1: | ||
| − | STM32-SFI Flasher Commander (SFI_FC_x64.exe) is a free, command line based utility that can be used for programming targets using ST's |
+ | STM32-SFI Flasher Commander (SFI_FC_x64.exe) is a free, command line based utility that can be used for programming targets using ST's Secure Firmware Install (SFI) feature. |
| + | The SFI Commander supports only the SEGGER production tools Flasher PRO and Flasher Compact. |
||
<div class="toclimit-2"> |
<div class="toclimit-2"> |
||
__TOC__ |
__TOC__ |
||
</div> |
</div> |
||
| + | |||
| + | == Secure Firmware Install (SFI) Process == |
||
| + | The following hardware items are required in order to program: |
||
| + | * Smart card reader: Connected via USB to the host PC |
||
| + | * STM32HSM Smart card [https://www.st.com/en/development-tools/stm32hsm-v2.html STM32HSM-V2] |
||
| + | * [https://www.segger.com/products/production/flasher/models/flasher-pro/ Flasher PRO] (alternative: [https://www.segger.com/products/production/flasher/models/flasher-compact Flasher Compact]) |
||
| + | |||
| + | The following software items are required to setup a project: |
||
| + | * [https://www.st.com/en/development-tools/stm32cubeprog.html STM32CubeProgrammer] |
||
| + | |||
| + | Please refer to the documentation of the STM32CubeProgrammer on how to create an SFI file and how to provision the STM32HSM card. |
||
== Command line options == |
== Command line options == |
||
| Line 14: | Line 26: | ||
! Command line option !! Explanation |
! Command line option !! Explanation |
||
|- |
|- |
||
| − | !colspan="2"| |
+ | !colspan="2"| Mandatory |
|- |
|- |
||
| [[#RSSe | RSSe <Filename>]] || RSSe library binary |
| [[#RSSe | RSSe <Filename>]] || RSSe library binary |
||
| Line 21: | Line 33: | ||
|- |
|- |
||
!colspan="2"| Optional |
!colspan="2"| Optional |
||
| + | |- |
||
| + | | ? || Show link to this article |
||
|- |
|- |
||
| [[#License | License <Filename>]] || Use a manually generated license file |
| [[#License | License <Filename>]] || Use a manually generated license file |
||
| Line 31: | Line 45: | ||
Example: |
Example: |
||
SFI_FC_x64.exe SFI="out.sfi" RSSe="RSSe\U5\enc_signed_RSSe_sfi_U5_2M.bin" |
SFI_FC_x64.exe SFI="out.sfi" RSSe="RSSe\U5\enc_signed_RSSe_sfi_U5_2M.bin" |
||
| − | |||
| − | === License === |
||
| − | Use a license file instead of a license created by the hardware security module (HSM). |
||
==== RSSe ==== |
==== RSSe ==== |
||
| − | Specify the RSSe library binary matching your target MCU. |
+ | Specify the RSSe (Root Secure Services extension) library binary matching your target MCU. |
| − | |||
| − | ==== SerialNo ==== |
||
| − | Specify the serial number of the Flasher to be used. Used in case multiple Flashers are connected to the same PC via USB. |
||
==== SFI ==== |
==== SFI ==== |
||
Specify the SFI data file. |
Specify the SFI data file. |
||
| + | |||
| + | ==== License ==== |
||
| + | Use a license file instead of a license created by the hardware security module (HSM). |
||
| + | |||
| + | ==== SerialNo ==== |
||
| + | Specify the serial number of the Flasher to be used. Used in case multiple Flashers are connected to the same PC via USB. |
||
==== SingleRun==== |
==== SingleRun==== |
||
Normally the applications runs in an interactive mode which is useful for manual production. The single run mode is useful for automated production, where the utility is called by an overlying application. |
Normally the applications runs in an interactive mode which is useful for manual production. The single run mode is useful for automated production, where the utility is called by an overlying application. |
||
| + | |||
| + | == Explanation of the programming process == |
||
| + | |||
| + | '''SFI loaded:''' |
||
| + | |||
| + | 16572 bytes of SFI data loaded. |
||
| + | |||
| + | '''RSSe loaded (Root secret service, part of ROM bootloader, RSSe is extension):''' |
||
| + | |||
| + | 38800 bytes of RSSe data loaded. |
||
| + | |||
| + | '''HSM lib initialisation report:''' |
||
| + | |||
| + | ldm_LoadModule(): loading module "stlibp11_SAM.dll" ... |
||
| + | |||
| + | ldm_LoadModule(WIN32): OK loading library "stlibp11_SAM.dll": 0x5C7B0000 ... |
||
| + | |||
| + | C_GetFunctionList() returned 0x00000000, g_pFunctionList=0x5C824400 |
||
| + | |||
| + | '''HSM initialisation (which firmware is this for):''' |
||
| + | |||
| + | Firmware identifier: Test. |
||
| + | |||
| + | '''SFI File validation:''' |
||
| + | |||
| + | SFI file valid! |
||
| + | |||
| + | Found area type F, 16384 bytes |
||
| + | |||
| + | Found area type C, 68 bytes |
||
| + | |||
| + | '''HSM status (how many program cycles are left):''' |
||
| + | |||
| + | HSM status: 290 devices left. |
||
| + | |||
| + | Make sure device is connected to J-Link, press <Space> to start or <q> to quit: |
||
| + | |||
| + | '''Next step:''' |
||
| + | |||
| + | Press Space to program the device (the device may need to be prepared by forcing it into the boot loader.) |
||
| + | |||
| + | '''=> Programming started!''' |
||
| + | |||
| + | ---- |
||
| + | |||
| + | '''Programming result:''' |
||
| + | |||
| + | == License cache feature == |
||
| + | |||
| + | The file "LC.DAT" will be generated by the SFI-Commander. |
||
| + | |||
| + | In case a programming has to be re-done, the SFI-Commander accesses the cached SFI license without running |
||
| + | |||
| + | the HSM again, which would mean wasting one authorized programming cycle. |
||
Revision as of 18:09, 31 August 2023
STM32-SFI Flasher Commander (SFI_FC_x64.exe) is a free, command line based utility that can be used for programming targets using ST's Secure Firmware Install (SFI) feature.
The SFI Commander supports only the SEGGER production tools Flasher PRO and Flasher Compact.
Secure Firmware Install (SFI) Process
The following hardware items are required in order to program:
- Smart card reader: Connected via USB to the host PC
- STM32HSM Smart card STM32HSM-V2
- Flasher PRO (alternative: Flasher Compact)
The following software items are required to setup a project:
Please refer to the documentation of the STM32CubeProgrammer on how to create an SFI file and how to provision the STM32HSM card.
Command line options
The table below lists the available command line options of STM32-SFI Flasher Commander. Detailed descriptions of the command line options can be found in the sections below.
This list is only valid for the latest version of the STM32-SFI Flasher Commander.
| Command line option | Explanation |
|---|---|
| Mandatory | |
| RSSe <Filename> | RSSe library binary |
| SFI <Filename> | SFI data file |
| Optional | |
| ? | Show link to this article |
| License <Filename> | Use a manually generated license file |
| SerialNo <Serial number> | Use the Flasher with the given serial number |
| SingleRun | Single run mode: Application starts programming automatically and then terminates |
Example: SFI_FC_x64.exe SFI="out.sfi" RSSe="RSSe\U5\enc_signed_RSSe_sfi_U5_2M.bin"
RSSe
Specify the RSSe (Root Secure Services extension) library binary matching your target MCU.
SFI
Specify the SFI data file.
License
Use a license file instead of a license created by the hardware security module (HSM).
SerialNo
Specify the serial number of the Flasher to be used. Used in case multiple Flashers are connected to the same PC via USB.
SingleRun
Normally the applications runs in an interactive mode which is useful for manual production. The single run mode is useful for automated production, where the utility is called by an overlying application.
Explanation of the programming process
SFI loaded:
16572 bytes of SFI data loaded.
RSSe loaded (Root secret service, part of ROM bootloader, RSSe is extension):
38800 bytes of RSSe data loaded.
HSM lib initialisation report:
ldm_LoadModule(): loading module "stlibp11_SAM.dll" ...
ldm_LoadModule(WIN32): OK loading library "stlibp11_SAM.dll": 0x5C7B0000 ...
C_GetFunctionList() returned 0x00000000, g_pFunctionList=0x5C824400
HSM initialisation (which firmware is this for):
Firmware identifier: Test.
SFI File validation:
SFI file valid!
Found area type F, 16384 bytes
Found area type C, 68 bytes
HSM status (how many program cycles are left):
HSM status: 290 devices left.
Make sure device is connected to J-Link, press <Space> to start or to quit:
Next step:
Press Space to program the device (the device may need to be prepared by forcing it into the boot loader.)
=> Programming started!
Programming result:
License cache feature
The file "LC.DAT" will be generated by the SFI-Commander.
In case a programming has to be re-done, the SFI-Commander accesses the cached SFI license without running
the HSM again, which would mean wasting one authorized programming cycle.
