STM32-SFI Flasher Commander
The STM32-SFI Flasher Commander is a command line interface (CLI) tool for programming targets using ST's Secure Firmware Install (SFI) feature and SEGGER’s professional production programmers Flasher PRO, Flasher PRO XL, and Flasher Compact.
Overview
The STM32-SFI Flasher Commander is a command line interface (CLI) tool developed to support the Secure Firmware Installation (SFI) feature from STMicroelectronics. There is no additional license required to use it with Flasher Compact, Flasher PRO or Flasher PRO XL.
As part of the production process for SFI-enabled STM32 microcontrollers, the intellectual property (IP) owner sends encrypted firmware along with the corresponding decryption key to the facility responsible for programming the microcontrollers during production. The firmware decryption key is securely stored on a Hardware Security Module (HSM). Programming can take place at any production site, even external, such as a contract manufacturer or a distributor that offers mass programming of stocked devices for delivery.
At the programming facility, the STM32-SFI Flasher Commander interfaces with SEGGER's Flasher PRO, PRO XL, or Compact in-circuit programmers and transfers the encrypted firmware image and the matching firmware decryption key (also in encrypted form) to the target MCUs to be programmed.
Key features
- Supports Secure Firmware Installation (SFI) from STMicroelectronics
- Ensures secure transfer of firmware to the target
- Runs with Flasher PRO XL, PRO and Compact
Requirements
The following hardware items are required to program:
- Smart card reader connected via USB to the host PC
- STM32HSM Smart card STM32HSM-V2
- Flasher PRO, Flasher PRO XL, or Flasher Compact
The generation of the secure .sfi binary file is part of the OEM firmware development phase and is handled by the Trusted Package Creator tool from ST as a post-processing of the application code.
The volume production leveraging the STM32 SFI programming is fully handled by the SEGGER STM32-SFI Flasher Commander tool and the SEGGER Flasher programmer.
For more information about how to use the STM32-SFI Flasher Commander, please visit our wiki page.
Other SEGGER solutions for secure programming
If the target device does not support ST’s SFI, SEGGER has got you covered with the sophisticated production programming system Flasher Secure.
Combined with the SEGGER's Target Encrypted Link Package (TELP), it enables hardware without security features to be programmed securely. Using TELP, any microcontroller can be programmed with an encrypted firmware or bootloader image.