STM32-SFI Flasher Commander: Difference between revisions
mNo edit summary |
|||
| (3 intermediate revisions by one other user not shown) | |||
| Line 10: | Line 10: | ||
* Smart card reader: Connected via USB to the host PC | * Smart card reader: Connected via USB to the host PC | ||
* STM32HSM Smart card [https://www.st.com/en/development-tools/stm32hsm-v2.html STM32HSM-V2] | * STM32HSM Smart card [https://www.st.com/en/development-tools/stm32hsm-v2.html STM32HSM-V2] | ||
* [https://www.segger.com/products/production/flasher/models/flasher-pro/ Flasher PRO] (alternative: [https://www.segger.com/products/production/flasher/models/flasher-compact Flasher Compact]) | * [https://www.segger.com/products/production/flasher/models/flasher-pro/?mtm_campaign=kb&mtm_kwd=stm32-SFI Flasher PRO] (alternative: [https://www.segger.com/products/production/flasher/models/flasher-compact?mtm_campaign=kb&mtm_kwd=stm32-SFI Flasher Compact]) | ||
The following software items are required to setup a project: | The following software items are required to setup a project: | ||
| Line 40: | Line 40: | ||
| [[#SerialNo | SerialNo <Serial number>]] || Use the Flasher with the given serial number | | [[#SerialNo | SerialNo <Serial number>]] || Use the Flasher with the given serial number | ||
|- | |- | ||
| [[#SingleRun| SingleRun]] | | [[#SingleRun | SingleRun]] || Single run mode: Application starts programming automatically and then terminates | ||
|- | |||
| [[#SWDSpeed | SWDSpeed]] || SWD interface speed | |||
|- | |||
| [[#ReaderSlot | ReaderSlot]] || HSM card reader slot number | |||
|} | |} | ||
| Line 58: | Line 62: | ||
Specify the serial number of the Flasher to be used. Used in case multiple Flashers are connected to the same PC via USB. | Specify the serial number of the Flasher to be used. Used in case multiple Flashers are connected to the same PC via USB. | ||
==== SingleRun==== | ==== SingleRun ==== | ||
Normally the applications runs in an interactive mode which is useful for manual production. The single run mode is useful for automated production, where the utility is called by an overlying application. | Normally the applications runs in an interactive mode which is useful for manual production. The single run mode is useful for automated production, where the utility is called by an overlying application. | ||
==== SWDSpeed ==== | |||
Sets the SWD interface speed in kHz. Defaults to 1MHz (1,000kHz). | |||
==== ReaderSlot ==== | |||
HSM card reader slot number. Will be 1 in most cases, but some readers support multiple slots. Defaults to 1. | |||
== Explanation of the programming process == | == Explanation of the programming process == | ||
| Line 107: | Line 117: | ||
---- | ---- | ||
''' | ''Programming process:'' | ||
'''Set RDP level 1 (if necessary):''' | |||
Setting RDP level 1 | Setting RDP level 1 | ||
'''Set RDP level 0 and enable trust zone (if necessary):''' | |||
Setting RDP level 0 + TZEN | Setting RDP level 0 + TZEN | ||
'''Set RDP level 0.5 and SRAM2_RST:''' | |||
Setting RDP level 0.5 + SRAM2_RST | Setting RDP level 0.5 + SRAM2_RST | ||
'''Download RSSe, check RSSe version:''' | |||
Found RSSe version: 4.0.0 | Found RSSe version: 4.0.0 | ||
'''Check license cache (see [[#License_cache_feature | License cache feature]]):''' | |||
Using cached license. | Using cached license. | ||
'''Flash SFI areas. After the configuration area, the application should start but the status cannot be checked:''' | |||
Configuration area processed, unable to check status. | Configuration area processed, unable to check status. | ||
'''HSM status (how many program cycles are left):''' | |||
HSM status: 290 devices left. | HSM status: 290 devices left. | ||
| Line 130: | Line 154: | ||
the HSM again, which would mean wasting one authorized programming cycle. | the HSM again, which would mean wasting one authorized programming cycle. | ||
== Download == | |||
The tool is available for download at [https://www.segger.com/downloads/flasher/?mtm_campaign=kb&mtm_kwd=stm32-SFI#FlasherSoftwareAndDocumentationPack SEGGER Flasher downloads]. | |||
Latest revision as of 14:52, 23 September 2024
STM32-SFI Flasher Commander (SFI_FC_x64.exe) is a free, command line based utility that can be used for programming targets using ST's Secure Firmware Install (SFI) feature.
The SFI Commander supports only the SEGGER production tools Flasher PRO (XL) and Flasher Compact.
Secure Firmware Install (SFI) Process
The following hardware items are required in order to program:
- Smart card reader: Connected via USB to the host PC
- STM32HSM Smart card STM32HSM-V2
- Flasher PRO (alternative: Flasher Compact)
The following software items are required to setup a project:
Please refer to the documentation of the STM32CubeProgrammer on how to create an SFI file and how to provision the STM32HSM card.
Command line options
The table below lists the available command line options of STM32-SFI Flasher Commander. Detailed descriptions of the command line options can be found in the sections below.
This list is only valid for the latest version of the STM32-SFI Flasher Commander.
| Command line option | Explanation |
|---|---|
| Mandatory | |
| RSSe <Filename> | RSSe library binary |
| SFI <Filename> | SFI data file |
| Optional | |
| ? | Show link to this article |
| License <Filename> | Use a manually generated license file |
| SerialNo <Serial number> | Use the Flasher with the given serial number |
| SingleRun | Single run mode: Application starts programming automatically and then terminates |
| SWDSpeed | SWD interface speed |
| ReaderSlot | HSM card reader slot number |
Example: SFI_FC_x64.exe SFI="out.sfi" RSSe="RSSe\U5\enc_signed_RSSe_sfi_U5_2M.bin"
RSSe
Specify the RSSe (Root Secure Services extension) library binary matching your target MCU.
SFI
Specify the SFI data file.
License
Use a license file instead of a license created by the hardware security module (HSM).
SerialNo
Specify the serial number of the Flasher to be used. Used in case multiple Flashers are connected to the same PC via USB.
SingleRun
Normally the applications runs in an interactive mode which is useful for manual production. The single run mode is useful for automated production, where the utility is called by an overlying application.
SWDSpeed
Sets the SWD interface speed in kHz. Defaults to 1MHz (1,000kHz).
ReaderSlot
HSM card reader slot number. Will be 1 in most cases, but some readers support multiple slots. Defaults to 1.
Explanation of the programming process
SFI loaded (Secure Firmware Image, provided by developer):
16572 bytes of SFI data loaded.
RSSe loaded (Root secret service, part of ROM bootloader, RSSe is extension):
38800 bytes of RSSe data loaded.
HSM lib initialisation report:
ldm_LoadModule(): loading module "stlibp11_SAM.dll" ...
ldm_LoadModule(WIN32): OK loading library "stlibp11_SAM.dll": 0xAAAAAAAA...
C_GetFunctionList() returned 0x00000000, g_pFunctionList=0xAAAAAAAA
HSM initialisation (which firmware is this for):
Firmware identifier: Test.
SFI File validation:
SFI file valid!
Found area type F, 16384 bytes
Found area type C, 68 bytes
HSM status (how many program cycles are left):
HSM status: 290 devices left.
Make sure device is connected to the Flasher, press <Space> to start or <q> to quit:
Next step:
Press Space to program the device (the device may need to be prepared by forcing it into the boot loader.)
=> Programming started!
Programming process:
Set RDP level 1 (if necessary):
Setting RDP level 1
Set RDP level 0 and enable trust zone (if necessary):
Setting RDP level 0 + TZEN
Set RDP level 0.5 and SRAM2_RST:
Setting RDP level 0.5 + SRAM2_RST
Download RSSe, check RSSe version:
Found RSSe version: 4.0.0
Check license cache (see License cache feature):
Using cached license.
Flash SFI areas. After the configuration area, the application should start but the status cannot be checked:
Configuration area processed, unable to check status.
HSM status (how many program cycles are left):
HSM status: 290 devices left.
License cache feature
The file "LC.DAT" will be generated by the SFI-Commander.
In case a programming has to be re-done, the SFI-Commander accesses the cached SFI license without running
the HSM again, which would mean wasting one authorized programming cycle.
Download
The tool is available for download at SEGGER Flasher downloads.