WolfSSL
/
wolfBoot
mirror of https://github.com/wolfSSL/wolfBoot.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Improve C0/G0 secure hide protection feature documentation.

pull/381/head
David Garske 2023-10-09 13:26:26 -07:00 committed by Daniele Lacamera
parent c4dfa3f986
commit a6fc952328
3 changed files with 28 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
arch.mk
View File

@ -92,11 +92,6 @@ ifeq ($(ARCH),ARM)
ifeq ($(TARGET),stm32g0) ifeq ($(TARGET),stm32g0)
CORTEX_M0=1 CORTEX_M0=1
ARCH_FLASH_OFFSET=0x08000000 ARCH_FLASH_OFFSET=0x08000000
# Enable this feature for secure memory support
# Makes the flash sectors for the bootloader unaccessible from the application
# Requires using the STM32CubeProgrammer to set FLASH_SECR -> SEC_SIZE pages
CFLAGS+=-DFLASH_SECURABLE_MEMORY_SUPPORT
endif endif
ifeq ($(TARGET),stm32f4) ifeq ($(TARGET),stm32f4)

6
config/examples/stm32g0.config
View File

@ -15,6 +15,12 @@ V?=0
SPMATH?=1 SPMATH?=1
RAM_CODE?=1 RAM_CODE?=1
DUALBANK_SWAP?=0 DUALBANK_SWAP?=0
# Enable this feature for secure memory support
# Makes the flash sectors for the bootloader unaccessible from the application
# Requires using the STM32CubeProgrammer to set FLASH_SECR -> SEC_SIZE pages
#CFLAGS_EXTRA+=-DFLASH_SECURABLE_MEMORY_SUPPORT
WOLFBOOT_PARTITION_SIZE?=0xB000 WOLFBOOT_PARTITION_SIZE?=0xB000
WOLFBOOT_SECTOR_SIZE?=0x800 WOLFBOOT_SECTOR_SIZE?=0x800
WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08008000 WOLFBOOT_PARTITION_BOOT_ADDRESS?=0x08008000

26
docs/Targets.md
View File

@ -382,15 +382,21 @@ The option `CORTEX_M0` is automatically selected for this target.
The option `NVM_FLASH_WRITEONCE=1` is mandatory on this target, since the IAP driver does not support The option `NVM_FLASH_WRITEONCE=1` is mandatory on this target, since the IAP driver does not support
multiple writes after each erase operation. multiple writes after each erase operation.
This target also supports secure memory protection on the bootloader region #### STM32G0 Secure Hide Protection Feature (Optional)
using the `FLASH_CR:SEC_PROT` and `FLASH_SECT:SEC_SIZE` registers. This is the
This part supports a "secure memory protection" feature makes the wolfBoot partition unaccessible after jump to application.
It uses the `FLASH_CR:SEC_PROT` and `FLASH_SECT:SEC_SIZE` registers. This is the
number of 2KB pages to block access to from the 0x8000000 base address. number of 2KB pages to block access to from the 0x8000000 base address.
Command example to enable this for 32KB bootloader:
``` ```
STM32_Programmer_CLI -c port=swd mode=hotplug -ob SEC_SIZE=0x10 STM32_Programmer_CLI -c port=swd mode=hotplug -ob SEC_SIZE=0x10
``` ```
For RAMFUNCTION support (required for SEC_PROT) make sure `RAM_CODE=1`. Enabled with `CFLAGS_EXTRA+=-DFLASH_SECURABLE_MEMORY_SUPPORT`.
Requires `RAM_CODE=1` to enable RAMFUNCTION support.
### STM32G0 Programming ### STM32G0 Programming
@ -460,10 +466,22 @@ The option `CORTEX_M0` is automatically selected for this target.
The option `NVM_FLASH_WRITEONCE=1` is mandatory on this target, since the IAP driver does not support The option `NVM_FLASH_WRITEONCE=1` is mandatory on this target, since the IAP driver does not support
multiple writes after each erase operation. multiple writes after each erase operation.
#### STM32C0 Secure Hide Protection Feature (Optional)
This part supports a "secure memory protection" feature makes the wolfBoot partition unaccessible after jump to application.
It uses the `FLASH_CR:SEC_PROT` and `FLASH_SECT:SEC_SIZE` registers. This is the
number of 2KB pages to block access to from the 0x8000000 base address.
Command example to enable this for 10KB bootloader:
``` ```
STM32_Programmer_CLI -c port=swd mode=hotplug -ob SEC_SIZE=0x10 STM32_Programmer_CLI -c port=swd mode=hotplug -ob SEC_SIZE=0x05
``` ```
Enabled with `CFLAGS_EXTRA+=-DFLASH_SECURABLE_MEMORY_SUPPORT`.
Requires `RAM_CODE=1` to enable RAMFUNCTION support.
### STM32C0 Programming ### STM32C0 Programming
Compile requirements: `make TARGET=stm32c0 NVM_FLASH_WRITEONCE=1` Compile requirements: `make TARGET=stm32c0 NVM_FLASH_WRITEONCE=1`