Anjay client with FOTA for Murata TypeSE1 module that can be found on B-L462E-CELL1 development kit.
This example is built upon Secure Boot and Secure Firmware Update Demo Application provided by STMicroelectronics
Copyright (c) 2017 STMicroelectronics.
Copyright (c) 2022 AVSystem.
All rights reserved.
This software is licensed under terms that can be found in the LICENSE file in
the root directory of this software component.
If no LICENSE file comes with this software, it is provided AS-IS.
The X-CUBE-SBSFU Secure Boot and Secure Firmware Update solution allows the update of the STM32 microcontroller built-in program with new firmware versions, adding new features and correcting potential issues. The update process is performed in a secure way to prevent unauthorized updates and access to confidential on-device data such as secret code and firmware encryption key.
The Secure Boot (Root of Trust services) is an immutable code, always executed after a system reset, that checks STM32 static protections, activates STM32 runtime protections and then verifies the authenticity and integrity of user application code before every execution in order to ensure that invalid or malicious code cannot be run.
This examples is provided with a dual firmware image configuration, with second image based on external flash in Type1SE module, in order to ensure safe image installation and enable over-the-air firmware update capability commonly used in IOT devices.
This example is based on a third party cryptographic middleware : MbedTLS. Cryptographic services are delivered as open source code. It can be configured to use asymmetric or symmetric cryptographic schemes with or without firmware encryption.
For more details, refer to UM2262 "Getting started with SBSFU - software expansion for STM32Cube" available from the STMicroelectronics microcontroller website www.st.com.
Project files are placed under Projects/B-L462E-CELL1/Applications/2_Images_ExtFlash
- 2_Images_SECoreBin
Generate secure engine binary including all the "trusted" code - 2_Images_SBSFU
Secure boot and secure firmware update application - AnjayType1SE
Anjay application with Firmware Update object - Linker_Common
Linker files definition shared between SECoreBin, SBSFU, AnjayType1SE
You need to follow a strict compilation order :
- Compile SECoreBin application
This step is needed to create the Secure Engine core binary including all the "trusted" code and keys mapped inside the protected environment. The binary is linked with the SBSFU code in step 2. - Compile SBSFU application
This step compiles the SBSFU source code implementing the state machine and configuring the protections. In addition, it links the code with the SECore binary generated at step 1 in order to generate a single SBSFU binary including the SE trusted code. - Compile UserApp application
Remember to change your application settings inProjects/B-L462E-CELL1/Applications/2_Images_ExtFlash/AnjayType1SE/Stack/App/anjay_client_config.hfile.
It generates:
- The user application binary file that is uploaded to the device using the Secure Firmware Update process
(Projects/B-L462E-CELL1/Applications/2_Images_ExtFlash/AnjayType1SE/Binary/AnjayType1SE.sfb). - A binary file concatenating the SBSFU binary, the user application binary in clear format, and the corresponding
FW header.
(Projects/B-L462E-CELL1/Applications/2_Images_ExtFlash/AnjayType1SE/Binary/SBSFU_AnjayType1SE.bin).
- The user application binary file that is uploaded to the device using the Secure Firmware Update process
- Flashing
Use STM32CubeProgrammer application withSBSFU_AnjayType1SE.binfile to program the board. You can open serial port to check if Anjay has successfully connected to the server using configuration provided in step 3.
After that, you can use Coiote DM to perform firmware update withAnjayType1SE.sfbfile.
To connect to Coiote IoT Device Management LwM2M Server, please register at https://eu.iot.avsystem.cloud/. There is a guide showing basic usage of Coiote DM available on IoT Developer Zone.