Skip to content

Fix STM32H5 update #617

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Oct 29, 2025
Merged

Fix STM32H5 update #617

merged 9 commits into from
Oct 29, 2025

Conversation

@mattia-moffa
Copy link
Contributor

@mattia-moffa mattia-moffa commented Oct 23, 2025
edited by dgarske
Loading

Fix for STM32H5 update. ZD 20037

@mattia-moffa mattia-moffa requested a review from dgarske October 23, 2025 20:03
dgarske
dgarske requested changes Oct 23, 2025
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice work!!

@mattia-moffa mattia-moffa requested a review from dgarske October 23, 2025 21:28
dgarske
dgarske requested changes Oct 23, 2025
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I cannot get the update to work with DUALBANK 0 or 1. Can you share your steps to reproduce? I tried with trustzone and update would not take even. Without trustzone I couldn't get it to boot.

I also have had trouble getting XMODEM to work with mincom or CoolTerm. It never seems to finish. Would be curious how you are testing.

I even added a command to call wolfBoot_update_trigger(); manually after flashing a new version to the update partition. But it won't install.

I also tried using the "fake" method with:

./tools/keytools/sign --ecc256 test-app/image.bin wolfboot_signing_private_key.der 2
echo -n "pBOOT" > trigger_magic.bin
./tools/bin-assemble/bin-assemble \
  update.bin \
    0x0     test-app/image_v2_signed.bin \
    0x9DFFB trigger_magic.bin
STM32_Programmer_CLI -c port=swd -d update.bin 0x08100000

@mattia-moffa
Copy link
Contributor Author

mattia-moffa commented Oct 23, 2025
edited
Loading

I'm using the default config/examples/stm32h5-tz.config.

I'm generating the images with:

make # or make DEBUG=1
IMAGE_HEADER_SIZE=1024 tools/keytools/sign --ecc256 --sha256 test-app/image.bin wolfboot_signing_private_key.der 2

(notice the IMAGE_HEADER_SIZE, that's important).

then flashing:

  • wolfboot.bin to 0x0C000000
  • test-app/image_v1_signed.bin to 0x08060000
  • test-app/image_v2_signed.bin to 0x08100000

then writing pBOOT to the end of the update partition. Since the partition size is 0xA0000, that would be at offset 0x9FFFB in the partition, i.e. address 0x0819FFFB. You're using 0x9DFFB which I don't think is the right address (?)

It also works if I update via XMODEM in the app, but that's a bit unreliable on minicom on my end for whatever reason, I have to use CoolTerm.

@mattia-moffa mattia-moffa requested a review from dgarske October 23, 2025 23:41
@dgarske
Copy link
Contributor

dgarske commented Oct 24, 2025

I'm using the default config/examples/stm32h5-tz.config.

I'm generating the images with:

make # or make DEBUG=1
IMAGE_HEADER_SIZE=1024 tools/keytools/sign --ecc256 --sha256 test-app/image.bin wolfboot_signing_private_key.der 2

(notice the IMAGE_HEADER_SIZE, that's important).

then flashing:

  • wolfboot.bin to 0x0C000000
  • test-app/image_v1_signed.bin to 0x08060000
  • test-app/image_v2_signed.bin to 0x08100000

then writing pBOOT to the end of the update partition. Since the partition size is 0xA0000, that would be at offset 0x9FFFB in the partition, i.e. address 0x0819FFFB. You're using 0x9DFFB which I don't think is the right address (?)

It also works if I update via XMODEM in the app, but that's a bit unreliable on minicom on my end for whatever reason, I have to use CoolTerm.

Please update the targets.md with these details.

@dgarske dgarske self-assigned this Oct 24, 2025
dgarske
dgarske requested changes Oct 24, 2025
View reviewed changes
dgarske
dgarske previously approved these changes Oct 24, 2025
View reviewed changes
@dgarske dgarske requested review from JacobBarthelmeh and danielinux and removed request for JacobBarthelmeh October 24, 2025 16:35
@dgarske
Copy link
Contributor

dgarske commented Oct 24, 2025

@mattia-moffa please look into why the "update" -> XMODEM isn't working. Also please try using the new NSC functions for setting trigger_update and success. Thank you

@mattia-moffa
Update H5 app to use new NSC API
177358e 
- Make the update and swap partitions secure and inaccessible from the
  app except via NSC API
- Add a couple of necessary new NSC functions
- Update the app to only use NSC API
- Fix hal_flash_erase to account for secure addresses
- Fix some bugs in xmodem implementation
@dgarske dgarske self-assigned this Oct 29, 2025
@dgarske dgarske self-requested a review October 29, 2025 13:36
dgarske
dgarske approved these changes Oct 29, 2025
View reviewed changes
Copy link
Contributor

@dgarske dgarske left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving and merging as is. This PR actually makes the update partition marked secure flash and uses the NCS callable interface to program the update partition, which is very nice. There is a known issue with Dual bank Mattia is working on and will followup with a new PR.

@dgarske dgarske merged commit b795cce into wolfSSL:master Oct 29, 2025
218 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dgarske dgarske dgarske approved these changes

@danielinux danielinux Awaiting requested review from danielinux

Assignees

@dgarske dgarske

@mattia-moffa mattia-moffa

@wolfSSL-Bot wolfSSL-Bot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@mattia-moffa @dgarske @wolfSSL-Bot