

## How to secure LoRaWAN<sup>®</sup> and Sigfox<sup>™</sup> with STM32CubeWL

## Introduction

This application note describes how to secure LoRaWAN<sup>®</sup> or Sigfox<sup>™</sup> applications embedded in the STM32CubeWL MCU Package for STM32WL Series MCUs (microcontrollers), by combining the project with the SBSFU (Secure Boot and Firmware Update) environment.

In several situations, the information shared between communicating parties needs to remain private, uncompromisable, and secure. In these sensitive conditions, maintaining a secure radio network is crucial.

In the first sections, this document gives an overview of the directory structure that combines the SBSFU to the RF dual-core projects, and guides trough the steps in order to compile, download, execute, and debug the projects.

This application note describes the main code changes compared to the non-secure version, especially on privileged/ unprivileged mode. This document describes also how the RF application binaries use the SKMS in the SBSFU binary.

The last sections focus on memory mapping, memory footprint, explain how to customize the memory repartition between cores, and how to reduce the SBSFU memory footprint in order to gain flash memory space for the application.

In order to learn about LoRaWAN, Sigfox and SBSFU projects, it is recommended to read the documents [1], [3], and [4].





## 1 General information

The STM32CubeWL runs on STM32WL Series microcontrollers based on the Arm® Cortex®-M processor.

Note: Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

arm

Table 1. Terms and acronyms

| Acronym         | Definition                                                                                                             |
|-----------------|------------------------------------------------------------------------------------------------------------------------|
| ABP             | Activation by personalization                                                                                          |
| APDU            | Application protocol data unit                                                                                         |
| DAP             | Debug access port                                                                                                      |
| End device      | Device used as sensor or actuator in a networked system                                                                |
| EE              | EEPROM emulator                                                                                                        |
| Firmware image  | Binary image (executable) run by the end device as user application                                                    |
| Firmware header | Meta-data describing the firmware image to be installed                                                                |
| FUOTA           | Firmware update over the air                                                                                           |
| GTZC            | Global security controller                                                                                             |
| HAL             | Hardware abstract layer                                                                                                |
| IDWG            | Independent watchdog                                                                                                   |
| HDP             | Hide protection                                                                                                        |
| KMS             | Key management services                                                                                                |
| LoRa            | Long-range radio technology                                                                                            |
| LoRaWAN         | LoRa wide area network                                                                                                 |
| Mbed-Crypto     | Mbed cryptography library implementation of the cryptography interface of the Arm PSA (platform security architecture) |
| MBMUX           | Mailbox multiplexer                                                                                                    |
| MPU             | Memory protection unit                                                                                                 |
| MSC             | Message sequence chart                                                                                                 |
| RDP             | Readout protection                                                                                                     |
| RSA             | Rivest Shamir Adleman                                                                                                  |
| SBSFU           | Secure Boot and Secure Firmware Update                                                                                 |
| .sfb file       | Binary file packing the firmware header and the firmware image                                                         |
| SFU             | Secure Firmware Update                                                                                                 |
| SKMS            | Secure key management services                                                                                         |
| SVC             | Supervisor call                                                                                                        |
| WRP             | Write protection                                                                                                       |

AN5682 - Rev 2 page 2/59



#### **Reference documents**

- [1] Application note Integration guide of SBSFU on STM32CubeWL (including KMS) (AN5544)
- [2] User manual Getting started with the SBSFU of STM32CubeWL (UM2767)
- [3] Application note How to build a LoRa application with STM32CubeWL (AN5406)
- [4] Application note How to build a Sigfox® application with STM32CubeWL (AN5480)
- [5] Application note LoRaWAN firmware update over the air with STM32CubeWL (AN5554)
- [6] Application note Introduction to STM32 microcontrollers security (AN5156)
- [7] STM32WL online training STM32WL MBMUX mailbox multiplexer

AN5682 - Rev 2 page 3/59



## 2 Secure project overview

The STM32WL55xx and STM32WL5MOCHxx MCUs embed two cores:

- Cortex-M0+, with high level of security features, used to store secrets (such as keys), and to run critical
  operations (such as cryptographic algorithms)
- Cortex-M4 for the user application

These MCUs must be called STM32WL5x in this document.

Note:

With the GTZC on STM32WL5x devices, some registers and memories can be accessed only by the Cortex-M0+ and not by the Cortex-M4.

Between several possibilities on how to secure RF applications, it has been chosen to combine them with the SBSFU environment. The SBSFU brings a high-security level.

The STM32CubeWL provides examples of secure RF applications, by combining them with the SBSFU environment. The user can anyway decide to secure the RF application by handling directly the secure peripherals that are provided by STM32WL5x MCUs.

The SBSFU acronym suggests this module provides mainly Secure Boot and Secure Firmware Update, but the SBSFU provides more than that, as detailed below:

- The SBSFU provides a protected enclave managing all critical data and operations such as secure key storage, or cryptographic operations (SKMS).
- The SBSFU handles access to memories and peripherals via WRP, HDP, GTZC and MPU.
- The SBSFU provides protection from external attacks via RDP, anti-tamper and JTAG disconnection.
- The SBSFU can be used to control other protection feature (such as IWDG).

The STM32CubeWL provides two operation modes:

- dual-slot configuration (SBSFU\_2\_Slots): one active slot by core and one download slot, safe image
  programming enabled, with resume capability in the case of an installation procedure interruption
- single-slot configuration (SBSFU 1 Slot): one active slot by core, maximized user-application size

SBSFU\_2\_Slots is necessary for example to download a newer revision via the FUOTA method: the application itself must be running in order to download and assemble a new version of the firmware. But reserving 60-Kbyte memory just for firmware download reduces strongly the available memory for the application. When the application does not need to run during the download, SBSFU\_1\_Slot is recommended.

This document details how to secure LoRaWAN and Sigfox projects by combining them with a single-slot SBSFU (the firmware update via Y-MODEM does not need a running application).

STM32WL secure projects use both cores (Cortex-M4 and Cortex-M0+) to exploit the Cortex-M0+ security features. In the STM32CubeWL, specific examples are provided about the SBSFU (independently from RF applications). These examples combine the SBSFU with a small "SBSFU-test application" that does not have memory constraint.

Figure 1. SBSFU\_1\_Slot\_DualCore structure



Some adaptations are required when replacing the 'SBSFU UserApp' project with RF stack applications, such as LoRaWAN or Sigfox. A special attention must be given to the flash memory use.

Note:

In this application note, the IAR Embedded Workbench® and Keil® MDK-ARM IDEs are used as example to provide guidelines for project configuration.

AN5682 - Rev 2 page 4/59



## 2.1 Directory structure

This application note presents a <Secure\_RF\_App> project description for the STM32WL5x devices, that can be either LoRaWAN\_SBSFU\_1\_Slot\_DualCore or Sigfox\_SBSFU\_1\_Slot\_DualCore.

<Secure\_RF\_App> is extended to LoRaWAN\_FUOTA\_DualCore project only for the information in Section  $\,2\,$  and Section  $\,3\,$ .

<Secure\_RF\_App> is split into the following subprojects:

- 2\_Images\_SECoreBin
- 2\_Images\_SBSFU (CM4 and CM0PLUS)
- <RF\_App>
  - CM4: LoRaWAN or Sigfox application
  - CM0PLUS: LoRaWAN stack or Sigfox stack + wrapper
- 2\_Images\_KMS\_Blob, integrated but not used by LoRaWAN\_SBSFU\_1\_Slot\_DualCore and Sigfox\_SBSFU\_1\_Slot\_DualCore

<RF\_App> stands either for LoRaWAN\_End\_Node\_DualCore or Sigfox\_PushButton\_DualCore.

The middleware is provided in source-code format and is compliant with the STM32WLxx\_HAL\_Driver .



Figure 2. Project file structure

## 2.2 SBSFU features and switches

#### 2.2.1 Secure Boot (root-of-trust services)

The Secure Boot software permanently resides in the MCU read-only memory, and checks the integrity/ authenticity of the installed user application. The Secure Boot executes every time a reset occurs, and checks if there is a new firmware update process to complete.

Main features of the Secure Boot are listed below:

- Checks and activates the STM32 security mechanisms to protect critical operations and secret data from an attack.
- Checks the integrity/authenticity of the user application code before every execution, to ensure that an
  invalid or malicious code cannot be run.

AN5682 - Rev 2 page 5/59



SBSFU instantiates the security item selected through <code>SECBOOT\_DISABLE\_SECURITY\_IPS</code>. When this symbol is defined, security protections for all peripherals are disabled (such as WRP, RDP, IWDG, or DAP). See the document [6].

#### 2.2.2 SFU (Secure Firmware Update)

The SFU provides a secure implementation of infield firmware updates, enabling secure download of a new firmware image.

Two firmware update scenarios are possible:

- no new firmware to install
   There is no firmware update process to complete, and the Secure Boot does signature verifications and branches to the current active firmware.
- a new firmware to install

  The Secure Boot transfers control to the SFU that performs the firmware update and transfers control to
  the Secure Boot. The Secure Boot checks if there is a firmware update to complete, and branches to the
  new firmware.

Figure 3. Boot flow with SBSFU



There is a potential risk when one of the devices becomes compromised (as an attacker can initiate a multicast session with rogue firmware). To counter this, the SBSFU can add a layer of security by using an asymmetric cryptography scheme. When a firmware update is generated, the update is signed (TAG) with a private key by means of the 'Prepare Image' SBSFU tool (see document [2]). When the end device receives the firmware update, the end device verifies the signatures against the file received and the public key held in the 'secure core' part of the end device.

The main features of the SFU are listed below:

- Detects the requests to download and installs a new firmware (encrypted) version (using Y-MODEM application for firmware download).
- Manages the firmware version by checking for unauthorized update/installation.
- Decrypts the firmware (if encryption activated).
- Checks the firmware authentication and integrity.
- Installs the firmware.
- Executes the installed firmware (once authenticated and integrity checked).

AN5682 - Rev 2 page 6/59



Next tables list the compilation switches used for the SBSFU configuration.

## Table 2. Security common switches

Location: <Secure RF App>\2 Images SBSFU\Common\app sfu common.h

| Symbols                        | Description                                                     | Default state |
|--------------------------------|-----------------------------------------------------------------|---------------|
| SECBOOT_DISABLE_SECURITY_IPS   | Disables simultaneously all security peripherals when activated | Disabled      |
| SFU_WRP_PROTECT_ENABLE         | Write access protection to protect trusted code                 | Enabled       |
| SFU_DAP_PROTECT_ENABLE         | Debug access port protection                                    | Enabled       |
| SFU_DMA_PROTECT_ENABLE         | DMA access protection                                           | Enabled       |
| SFU_IWDG_PROTECT_ENABLE        | IDWG protection                                                 | Disabled      |
| SFU_C2_DDS_PROTECT_ENABLE      | Static Cortex-M0+ debug protection                              | Enabled       |
| SFU_SECURE_USER_PROTECT_ENABLE | Secure user-memory protection                                   | Enabled       |
| SFU_FINAL_SECURE_LOCK_ENABLE   | Secure production protection                                    | Disabled      |
| SFU_HIDE_PROTECTION_CFG        | HDP area configuration                                          | Enabled       |
| OB_SECURE_SYSTEM_AND_FLASH     | Flash memory and system secure area protection                  | Enabled       |
| OB_SECURE_SRAM1                | SRAM1 area protection                                           | Disabled      |
| OB_SECURE_SRAM2                | SRAM2 area protection                                           | Enabled       |

## Table 3. Security Cortex-M0+ switches

Location: <Secure\_RF\_App>\2\_Images\_SBSFU\CMOPLUS\SBSFU\App\app\_sfu.h

| Symbols                    | Description                                         | Default state |
|----------------------------|-----------------------------------------------------|---------------|
| SFU_RDP_PROTECT_ENABLE     | Readout protection                                  | Enabled       |
| SFU_TAMPER_PROTECT_ENABLE  | Tamper protection (hardware pin)                    | Disabled      |
| SFU_MPU_PROTECT_ENABLE     | MPU protection on Cortex-M0+ regions                | Enabled       |
| SFU_MPU_USERAPP_ACTIVATION | User-application memory protection during execution | Enabled       |
| SFU_GTZC_PROTECT_ENABLE    | GTZC protection                                     | Enabled       |
| SFU_C2SWDBG_PROTECT_ENABLE | Dynamic Cortex-M0+ debug protection                 | Enabled       |

## Table 4. Security Cortex-M4 switches

Location: <Secure RF App>\2 Images SBSFU\CM4\Inc\app sfu.h

| Symbols                    | Description                                         | Default state |
|----------------------------|-----------------------------------------------------|---------------|
| SFU_MPU_PROTECT_ENABLE     | MPU protection on Cortex-M4 regions                 | Enabled       |
| SFU_MPU_USERAPP_ACTIVATION | User-application memory protection during execution | Enabled       |

AN5682 - Rev 2 page 7/59



## 2.2.3 SKMS (secure key management services)

In the dual-core configuration, KMS within SBSFU framework is executed inside a protected/isolated environment to ensure that any key value cannot be accessed by an unauthorized code running outside this protected/isolated environment (referred as Secure KMS).

In the single-core configuration, the same services are offered but they are not executed inside a protected/ isolated environment.

The main SKMS features are listed below:

- Provides cryptographic services to the user application through the PCKS #11 APIs, that are executed inside a protected/isolated environment. For more details, refer to the document [1].
  - Encryption services
  - Decryption services
  - Digest services
  - Signature services
  - Verification services
  - Key derivation services
  - Key search services
  - Attributes manipulation services
  - Object manipulation services
  - Blob import feature
  - Blobs encryption feature in KMS data storage
  - KMS secure counters feature
- Provides cryptographic services to the SFU to authenticate the user application with some protected keys. The enabled algorithms are listed in the table below.

Table 5. SKMS features default configuration

| Features                    | Configuration                                 |  |
|-----------------------------|-----------------------------------------------|--|
| AES CBC algorithm support   | Encryption/decryption                         |  |
| AES CCM algorithm support   | No                                            |  |
| AES ECB algorithm support   | Encryption/decryption and key derivation      |  |
| AES CGM algorithm support   | Encryption/decryption                         |  |
| AES CMAC algorithm support  | Signature and verification                    |  |
| RSA algorithm support       | No                                            |  |
| RSA algorithm               | Not activated                                 |  |
| RSA 1024-bit modulus length | No                                            |  |
| RSA 2048-bit modulus length | No                                            |  |
| ECDSA algorithm support     | Verification                                  |  |
| ECDSA algorithm             | Activated and associated to an elliptic curve |  |
| Elliptic curve SECP-192     | No                                            |  |
| Elliptic curve SECP-256     | Yes                                           |  |
| Elliptic curve SECP-384     | No No                                         |  |
| SHA1 digest algorithm       |                                               |  |
| SHA256 digest algorithm     | Digest                                        |  |

AN5682 - Rev 2 page 8/59



## 2.2.4 SBSFU cryptographic middleware

The SBSFU for STM32CubeWL supports the mbed-crypto (open-source code) cryptographic services for SHA256.

Figure 4. Cryptographic library structure



## 2.2.5 SBSFU cryptographic schemes

The SBSFU for STM32CubeWL is delivered with the following cryptographic schemes that use symmetric and asymmetric cryptographic operations:

- ECDSA asymmetric cryptography for firmware verification without firmware encryption
- ECDSA asymmetric cryptography for firmware verification and AES-CBC symmetric cryptography for firmware decryption
- AES-GCM symmetric cryptography for both firmware verification and decryption

 Symbols
 Description

 SECBOOT\_ECCDSA\_WITHOUT\_ENCRYPT\_SHA256
 No firmware encryption. Only authentication and integrity are ensured with asymmetric cryptography.

 SECBOOT\_ECCDSA\_WITH\_AES128\_CBC\_SHA256
 Authentication, integrity, and confidentiality are ensured with asymmetric cryptography.

 SECBOOT\_AES128\_GCM\_AES128\_GCM\_AES128\_GCM
 Authentication, integrity, and confidentiality are ensured with symmetric cryptography.

Table 6. Cryptographic switches

## 2.3 SBSFU configuration in RF applications

All secure peripherals are enabled by default except:

- IWDG as the user application does not contain the functionality required for its refresh
- TAMP (see Section 7.3.2 )

AN5682 - Rev 2 page 9/59



## 2.3.1 Common SFU configuration

Figure 5. File structure of common security configuration



Common definitions apply to both cores. When <code>SECBOOT\_DISABLE\_SECURITY\_IPS</code> is defined, most of security peripherals (such as WRP, DAP, IWDG, MPU) become disabled.

It can be useful to define <code>SECBOOT\_DISABLE\_SECURITY\_IPS</code> during debug, and to comment it as follows to use security.

```
/*!< Disable all security IPs at once when activated */
/*#define SECBOOT_DISABLE_SECURITY_IPS*/</pre>
```

Each peripheral protection can be enabled separately by defining the corresponding definition.

By default (in Release mode), all security peripheral protections are enabled except for IWDG and TAMPER. In production, it is recommended to enable all peripheral protections (additional application code is needed if the IWDG protection is enabled).

AN5682 - Rev 2 page 10/59



## 2.3.2 Cortex-M4 SFU configuration

Figure 6. File structure of Cortex-M4 security configuration



#### The following definitions apply only to Cortex-M4:

```
#if !defined(SECBOOT_DISABLE_SECURITY_IPS)
#define SFU_MPU_PROTECT_ENABLE
#define SFU_MPU_USERAPP_ACTIVATION
#endif /* !SECBOOT_DISABLE_SECURITY_IPS */
```

## 2.3.3 Cortex-M0+ SFU configuration

Figure 7. File structure of Cortex-M0+ security configuration



## The following definitions apply only to Cortex-M0+:

```
#if !defined(SECBOOT_DISABLE_SECURITY_IPS)
#define SFU_RDP_PROTECT_ENABLE
/*#define SFU_TAMPER_PROTECT_ENABLE*/
#define SFU_MPU_PROTECT_ENABLE
#define SFU_MPU_USERAPP_ACTIVATION

#if defined(SFU_SECURE_USER_PROTECT_ENABLE)
#define SFU_GTZC_PROTECT_ENABLE
#define SFU_C2SWDBG_PROTECT_ENABLE
#define SFU_C2SWDBG_PROTECT_ENABLE
#endif /* SFU_SECURE_USER_PROTECT_ENABLE */
#endif /* !SECBOOT_DISABLE_SECURITY_IPS */
```

AN5682 - Rev 2 page 11/59



## 2.3.4 SKMS and cryptographic configuration

Figure 8. File structure of KMS and cryptographic definition



#### KMS definitions:

```
/* ===== KMS_Storage_Config Storage ===== */
/* Non Volatile Memory storage for creation through specific KMS services */
#define KMS_NVM_ENABLED

/* Non Volatile Memory storage for runtime objects creation through specific KMS services */
#define KMS_NVM_DYNAMIC_ENABLED

/* No Volatile Memory storage for runtime objects creation through specific KMS services */
// #define KMS_VM_DYNAMIC_ENABLED
```

```
/* ===== KMS PKCS Config PKCS#11 services ===== */
/* Encryption services */
#define KMS ENCRYPT
/* Decryption services */
#define KMS_DECRYPT
/* Digest services */
#define KMS DIGEST
/* Signature services */
#define KMS SIGN
/* Verification services */
#define KMS_VERIFY
/* Key derivation services */
#define KMS DERIVE KEY
/* Key search services */
#define KMS SEARCH
/* Attributes manipulation services */
#define KMS ATTRIBUTES
/* Objects manipulation services */
#define KMS OBJECTS
/* Blob import feature */
#define KMS IMPORT BLOB
/* support KMS secure counters */
#define KMS SECURE COUNTERS
```

AN5682 - Rev 2 page 12/59



```
/* ===== KMS Features Config Features ===== */
/* Support AES CBC algorithm for encrypt/decrypt */
#define KMS_AES_CBC (KMS_FCT_ENCRYPT | KMS_FCT_DECRYPT)
/* No support AES CCM algorithm */
// #define KMS AES CCM ()
/* Support AES ECB algorithm for encrypt/decrypt/derive */
#define KMS AES ECB (KMS FCT ENCRYPT | KMS FCT DECRYPT | KMS FCT DERIVE KEY)
/* Support AES GCM algorithm for encrypt/decrypt */
#define KMS AES GCM (KMS FCT ENCRYPT | KMS FCT DECRYPT)
/* Support AES CMAC algorithm for signature/verification */
#define KMS_AES_CMAC (KMS_FCT_SIGN | KMS_FCT_VERIFY)
/* No support RSA algorithm */
// #define KMS RSA ()
/* No support RSA 1024 */
// #define KMS_RSA_1024
/* No support RSA 2048 */
// #define KMS_RSA_2048
/* Support ECDSA algorithm for verification */
#define KMS ECDSA (KMS FCT VERIFY)
/* No support Elliptic curve SECP-192 */
// #define KMS EC SECP192
/* Support Elliptic curve SECP-256 */
#define KMS_EC_SECP256
/* No support Elliptic curve SECP-384 */
// #define KMS EC SECP384
/* No support SHA1 digest algorithm */
// #define KMS_SHA1 ()
/* Support SHA256 digest algorithm for digesting */
#define KMS SHA256 (KMS FCT DIGEST)
```

AN5682 - Rev 2 page 13/59



By default, the <Secure\_RF\_App> project is configured with asymmetric cryptography. The firmware authentication, integrity, and confidentiality (encryption) are ensured.

Figure 9. File structure of cryptographic scheme



## Cryptographic scheme definitions:

```
#define SECBOOT_CRYPTO_SCHEME SECBOOT_ECCDSA_WITH_AES128_CBC_SHA256

#define SECBOOT_ECCDSA_WITHOUT_ENCRYPT_SHA256 (1U)

#define SECBOOT_ECCDSA_WITH_AES128_CBC_SHA256 (2U)

#define SECBOOT_AES128_GCM_AES128_GCM_AES128_GCM (3U)
```

AN5682 - Rev 2 page 14/59



## 3 Firmware programming guide

This section describes how to generate a <Secure\_RF\_App> application to the available projects in the STM32CubeWL MCU Package:

- Projects\NUCLEO-WL55JC\Applications\LoRaWAN\_SBSFU\_1Slot\_DualCore
- Projects\NUCLEO-WL55JC\Applications\LoRaWAN FUOTA DualCore
- Projects\NUCLEO-WL55JC1\Applications\Sigfox\_SBSFU\_1Slot\_DualCore
- Projects\B-WL5M-SUBG1\Applications\LoRaWAN\_FUOTA\_DualCore\_ExtFlash

See Section 3.1 for more details.

The developer must follow step-by-step this flow. A top-level view of the file structure is shown in the figure below.



Figure 10. Project order structure

Steps (detailed in next sections):

- a: 2\_Images\_SECoreBin
- b: 2\_Images\_SBSFU\_CM0PLUS
- c: 2\_Images\_SBSFU\_CM4
- d: <RF\_APP>\_DualCore\_CM0PLUS e: <RF\_APP>\_DualCore\_CM4

Additional information on how configure <RF App> are provided in the documents [3] and [4].

AN5682 - Rev 2 page 15/59



## 3.1 How to generate a <Secure\_RF\_App>

The steps details in the figure below must be followed to generate a RF\_SBSFU\_1\_Slot\_DualCore application. For each step, open the associated subproject in the dedicated IDE folder, and regenerate (make) the respective binary files.



Figure 11. Application generation steps

The following output binaries are generated in these steps (all of them in clear format, not encrypted):

- SE\_Core.bin (2\_Images\_SECoreBin)
- CMOPLUS/Project.bin (2\_Images\_SBSFU and includes SE\_Core.bin)
- CM4/Project.bin (2 Images SBSFU)

In addition, the following output files are generated through the postbuild process:

- <RF\_App>\_CM0PLUS.sfb (<RF\_App>\_CM0PLUS.bin encrypted + header)
- <RF App> CM4.sfb (<RF App> CM4.bin encrypted + header)
- SBSFU\_<RF\_App>\_CM4.bin (five first binary files merged with the memory placement to produce the final memory image)

Note: The document [2] explains how to configure a complete SBSFU for STM32WL project.

AN5682 - Rev 2 page 16/59



The various steps to follow are detailed below:

#### Step 1: 2\_Images\_SECoreBin

This step is needed to create the SECoreBin binary including all the required "trusted" code and keys. The binary is linked to the SBSFU\_M0+ code in step 2. Static embedded keys of the SBSFU and RF application are stored in the SECoreBin.

The RF static embedded keys are stored through the configuration file below: Projects \<target>\Applications \<application name>\2 Images SECoreBin\Inc\kms platf objects config.h.pattern

The stored keys are dependent of the middleware chosen. All root keys must be applies in the kms\_platf\_objects config.h.pattern with the kms obj keyhead xx t structure format:

```
typedef struct
{
    uint32_t version;
    uint32_t configuration;
    uint32_t blobs_size;
    uint32_t blobs_count;
    uint32_t object_id;
    uint32_t blobs[BLOB_NB];
} kms_obj_keyhead_xx_t;
```

where blobs contain all attributes and the key value.

- For LoRaWAN Middleware, the keys and identifiers required to be stored as embedded are:
  - ZERO KEY /\* used in ClassB \*/
  - APP KEY /\* Root application key for OTAA and Multicast derivation \*/
  - NWK KEY /\* Root network key for OTAA and Network transactions \*/
  - NWK S KEY /\* Session application key for ABP \*/
  - APP S KEY /\* Session network key for ABP \*/
  - DEVEUI\_JOINEUI\_DEVADDR /\* Concatenation of the Device Unique Identifier, J oin EUI for OTAA, and Device Address for ABP \*/

These informations are available in Projects\<target>\Applications\<application\_name>\LoRaWAN \_End\_Node\_DualCore\CMOPLUS\LoRaWAN\App\se-identity.h

- For Sigfox Middleware, the keys and identifiers required to be stored as embedded are:
  - SIGFOX\_ID /\* 32-bit Device ID \*/
    SIGFOX\_PAC /\* 8-bit Device PAC \*/
    SIGFOX\_DATA\_KEY /\* For Encryption data \*/

These informations are available in: Projects\<target>\Applications\<application\_name>\Sigfox\_PushButton DualCore\CMOPLUS\Sigfox\App\sigfox data.h

Each key must be associated to a unique <code><object\_id></code> as defined in the <code>kms\_obj\_keyhead\_xx\_t</code> structure. These handles are declared in <code>Projects\<target>\Applications\<application\_name>\2\_Images\_SE CoreBin\Inc\kms\_platf\_objects\_interface.h</code>

Figure 12. File structure of KMS user key configuration



Dynamic keys are detailed in Section 7.3. For more details about the KMS configuration, see specific sections in the documents [3] and [4].

AN5682 - Rev 2 page 17/59



The generated SE Core.bin output file is located in the IDE folder.

Figure 13. File structure of SECoreBin output



## Step 2: 2\_Images\_SBSFU\_CM0PLUS

This step compiles the SBSFU Cortex-M0+ source code that implements the state machine and Cortex-M0+ protection configurations. This step links the code with the secure-engine bin, including the "trusted" code. The generated Project.bin output file is located to the IDE folder.

Figure 14. File structure of SBSFU Cortex-M0+ output (EWARM example)



This step also generates a file that includes symbols used by the user application to call the secure-engine interface public functions.

Figure 15. File structure of SE interface (EWARM example)



The CMOPLUS Project.bin contains se interface appli.o and SE Core.bin files.

AN5682 - Rev 2 page 18/59



## Step 3: 2\_Images\_SBSFU\_CM4

This step compiles the SBSFU Cortex-M4 source code that implements the startup sequence to release Cortex-M0+ and Cortex-M4 protection configurations.

The generated Project.bin output file is located in the IDE folder.

Figure 16. File structure of SBSFU Cortex-M4 output (EWARM example)



## Step 4: <RF\_App>\_DualCore\_CM0PLUS

This step compiles the <RF\_App> Dual Core CM0PLUS source code including the correspondent middleware part. See documents [3] and [4] to know how to configure <RF\_App>.

The generated <RF\_App>\_CM0PLUS.bin output file is located to the IDE folder.



This step also generates the  $\RF_App>_CMOPLUS$ .sfb, UserApp CMOPLUS binary in encrypted format, including the SFU header.

Figure 18. File structure of <RF\_App> Cortex-M0+ encrypted output



AN5682 - Rev 2 page 19/59



Note:

## Step 5: <RF\_App>\_DualCore\_CM4

This step compiles the <RF\_App> Dual Core CM4 source code implementing the user application and sequence configuration. See documents [3] and [4] to know how to configure <RF\_App>.

The generated <RF\_App>\_CM4.bin output file is located to the IDE folder.

Figure 19. File structure of <RF\_App> Cortex-M4 output



This step also generates the following files in the Binary/ directory:

- <RF App> CM4.sfb: UserApp Cortex-M4 binary in encrypted format, including the SFU header
- SBSFU\_<RF\_App>\_CM4.bin: final big binary that concatenates the SBSFU binaries and user-application binaries in clear format

<Secure\_RF\_App> Name 2\_Images\_KMS\_Blob SBSFU\_<RF\_App>\_CM4.bir 2\_Images\_SBSFU SBSFU\_UserApp\_M4.bin.l 2\_Images\_SECoreBin <RF\_App>\_CM4.sfb Linker\_Common SBSFU\_UsdApp\_M0PLUS SBSFU\_Use App\_M0PLUS <RF\_App>\_DualCore <RF\_App>\_N OPLUS.sfb EWARM or <user\_IDE> <RF\_App> Cortex-M4 Big binary file (in encrypted format) (in clear format)

Figure 20. File structure of <RF\_App> Cortex-M4 encrypted + big binary

The  ${\tt SBSFU\_<RF\_App>\_CM4.bin}$  must be used to program the STM32WL5x flash memory on first use. To generate a new firmware update, use  ${\tt RF\_App>\_CM0PLUS.sfb}$  or  ${\tt RF\_App>\_CM4.sfb}$  depending on the change location.

The SBSFU provides an internal firmware version in the firmware header. To update this value, refer to the document [1].

AN5682 - Rev 2 page 20/59



## 3.2 How to download and execute the firmware

During the development, when a device is not fully protected, the firmware can be downloaded in two ways:

- entirely (SBSFU + UserApp) see Section 3.2.1 the final big binary SBSFU\_<RF\_App>\_CM4.bin is downloaded using on the following method:
  - through the STM32CubeProgrammer tool
  - using a provided script that automates the generation and download processes

**Warning:** This action requires to erase the full flash memory of the device, and to remove all security option bytes. This can be done only if security option bytes allow it, which is typically not the case when option bytes are configured for production (such as RDP Level 2).

• partially using SFU (only UserApp) - see Section 3.2.2 SBSFU is not downloaded but only used to handle the separate download of the <RF\_App>\_CM4.s fb or <RF\_App>\_CM0PLUS.sfb files. This is achieved through the Y-MODEM (part of the SBSFU) that handles the UART. This is the only way to update the LoRaWAN\_SBSFU\_1\_Slot\_DualCore and Sigfox SBSFU 1 Slot DualCore firmware when option bytes are configured for production.

## 3.2.1 Generate and download the big binary file

Specific documents describe how to use the STM32CubeProgrammer tool. This section focuses on scripts available in the project directory to facilitate the compilation and download.

Three scripts are available to automate the compilation of all SBSFU projects and the programming of the concatenate binary on the STM32WL5x flash memory.



Figure 21. File structure of automated process scripts

Table 7. Automated process scripts

| Script                       | Description                                                                                                                                                                                                                                         |
|------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Scripts\EWARM\build.bat      | Compiles all project files with IAR Embedded Workbench (including prebuild.bat and postbuild.bat scripts) with the mandatory project order. The -app parameter is used to compile only the user application if the SBSFU projects are not modified. |
| Scripts\EWARM\program.bat    | Runs the disable_security.bat script to remove the write access protection.  Programs the SBSFU_UserApp_M4.bin to the STM32WL5x device, with  STM32CubeProgrammer.                                                                                  |
| Scripts\disable_security.bat | Resets all option bytes to be compliant with a non-secure firmware (including a full erase memory).                                                                                                                                                 |

AN5682 - Rev 2 page 21/59



Note:

The path of the tools must be updated according to the versions and location of the user installations, by modifying Scripts\setenv.bat content.

Once the code is downloaded, unplug/plug the USB cable depending on the scenario. In order to see the SBSFU trace, the user can connect a terminal and configure the UART to 115200 bit/s.



Figure 22. Terminal configuration

When the SBSFU finished to validate the application integrity/authenticity, the SFBU directly starts the user application. The user application can use a different trace configuration. If the <RF\_App> project has a different baudrate compared to the SBSFU baudrate, the terminal baudrate can be changed accordingly. Terminal settings can be changed dynamically but some traces may be lost during the switching. See Section 3.3 to solve this issue during debugging. Below the baudrate values used by most relevant RF projects:

0

msec/line

 The Sigfox\_PushButton\_DualCore application uses UART with baudrate 9600 bit/s (the embedded firmware uses LPUART).

Transmit delay

msec/char

0

- LoRaWAN\_AT\_Slave\_DualCore and Sigfox\_AT\_Slave\_DualCore are not provided in secure version by the STM32CubeWL. The LPUART is used as well (to wake up the MCU from low-power when characters are sent). If the user wants to combine these projects with the SBSFU, after SBSFU execution, the user must switch the terminal baudrate to 9600 bit/s to use LoRaWAN\_AT\_Slave applications.
- LoRaWAN\_End\_Node\_DualCore has the same baudrate as the SBSFU. So trace can be seen sequentially keeping baudrate 115200 bit/s.

# 3.2.2 How to update/download only <RF\_App>\_DualCore\_CM0PLUS or <RF\_App>\_DualCore\_CM4 via Y-MODEM

Section 3.1 details how to recompile only the application codes. The <RF\_App> download is done by the SBSFU that keeps residing and running on the board. This is the typical way to update LoRaWAN\_SBSFU\_1\_Slot\_DualCore and Sigfox\_SBSFU\_1\_Slot\_DualCore in production.

Concerning LoRaWAN\_FUOTA\_DualCore and LoRaWAN\_FUOTA\_DualCore\_ExtFlash, see the document [5]. In order to request to update the <RF\_App> firmware, the user must follow these steps:

- 1. Press the push button 1 (PB1) on the board.
- 2. Hold PB1 down and press the reset button of the board.
- 3. Release PB1.

In this case, the SBSFU logs show that the Y-MODEM application waits for code to be downloaded.

Figure 23. Y-MODEM logs

AN5682 - Rev 2 page 22/59



Updated <RF App> is downloaded via UART, using the terminal interface.

COM9:115200baud - Tera Term VT File Edit Setup Control Window R FIRMWARE Alt+N New connection... Duplicate session Alt+D Cygwin connection Alt+G Log... Comment to Log., View Log Show Log dialog.. Send file... XMODEM SSH SCP... Look in: Binary V 🕝 🥟 📂 🖽 🕶 YMODEM Change directory. Receive. Date modified **7MODEM** Replay Log. LoRaWAN End Node DualCore CM0PLUS.sfb 5/26/2021 3:21 F B-Plus TTV Record LoRaWAN End Node DualCore CM4.sfb 5/26/2021 3:22 F Quick-VAN TTV Replay Update SBSFU\_LoRaWAN\_End\_Node\_DualCore\_CM0PLUS... 5/26/2021 3:21 F SBSFU\_LoRaWAN\_End\_Node\_DualCore\_CM0PLUS... 5/26/2021 3:21 F Print... Alt+P SBSFU\_LoRaWAN\_End\_Node\_DualCore\_CM4.bin 5/26/2021 3:22 F ALIZATION SUCCESSFUL ON RESET Disconnect Alt+I en triggered by a Hardware reset! MMARE TO DOWNLOAD Exit File name: LoRaWAN\_End\_Node\_DualCore\_CM4.sfb Exit All

Figure 24. How to use Y-MODEM from terminal

The user can access the  $\mbox{RF\_App}$  generated in previous step by selecting  $\mbox{RF\_App} \mbox{\_CM4.sfb}$  or  $\mbox{RF\_App} \mbox{\_CM9PLUS.sfb}$ . The two cores cannot be downloaded simultaneously.

Once the file is transferred, the SBSFU validates the <RF\_App> application integrity/authenticity, and directly starts the user application.

The user application can use a different trace configuration (such as UART baudrate) as described in Section 3.2.1 .

In summary, when using the board for the 1<sup>st</sup> time, the entire firmware (big binary) has to be downloaded via script or STM32CubeProgrammer. The power (USB cable) must be unplugged and plugged again. Then each time the board is reset, the SBSFU code runs first, and <RF\_App> starts automatically once SBFU validated the integrity/authenticity of the firmware. To update the <RF\_App>, the Y-MODEM routine can be started by holding PB1 pressed, while pressing the reset button.

Note:

- Cortex-M4 and Cortex-M0+ <RF\_App> must be compatible (same project, same version).
- The <RF\_App> firmware can have different UART baudrate with respect to SBSFU baudrate.

## 3.3 How to debug <RF App>

The complete system consists of a Secure Boot and an <RF\_App> application. When the target resets, the Cortex-M4 Secure Boot starts first. After a low-level initialization, the Cortex-M0+ SBSFU starts and checks all required security steps. If the SBSFU does not detect any system error, the two Secure Boot codes (Cortex-M4 and Cortex-M0+) jump to the entry point of Cortex-M4 and Cortex-M0+ applications.

Since the  $\mbox{RF\_App}$  application is linked to the Secure Boot, the  $\mbox{RF\_App} \ge \mbox{CM} < \mbox{x} > .bin$  binaries cannot be downloaded directly with the debugger. The code start running directly: the debugger does not stop at the beginning of the  $\mbox{main}()$  function.

To allow debug, SBSFU compilation flags must be compiled in addition to the <RF\_App> compilation flags.

AN5682 - Rev 2 page 23/59



## 3.3.1 Configure SBSFU firmware to allow debug

The following steps are needed:

• In \2 Images SBSFU\CMOPLUS\app sfu.h (see Figure 7), change or undefine the following code:

```
/*#define SFU_RDP_PROTECT_ENABLE*/
/*#define SFU_C2SWDBG_PROTECT_ENABLE*/
```

• In \2\_Images\_SBSFU\Common\app\_sfu\_common.h (see Figure 5), change or undefine the following code:

```
/*#define SFU_DAP_PROTECT_ENABLE*/
/*#define SFU_C2_DDS_PROTECT_ENABLE*/
#define SFU_HIDE_PROTECTION_CFG OB_SECURE_HIDE_PROTECTION_DISABLE
```

The user can also change the SBSFU baudrate to align it to the <RF\_App> one, with the code

```
set UartHandle.Init.BaudRate = <myBaydrate>;
```

in \2\_Images\_SBSFU\CM0PLUS\SBSFU\Target\sfu\_low\_level.c.

Figure 25. UART baudrate configuration



For the example of a Sigfox\_PushButton\_DualCore application, the user can set <myBaudrate> = 9600 to avoid switching the hyper-terminal value. The drawback is that it slows the download operation.

See the document [1] for more details on how to debug an application running on SBSFU.

AN5682 - Rev 2 page 24/59



## 3.3.2 Configure <RF\_App> firmware to allow debug

Set the debugger and low power defines on Cortex-M0+ and/or Cortex-M4 in  $\ensuremath{\mbox{NF\_App}>\_DualCore\ensuremath{\mbox{CM}<x>\ensuremath{\mbox{CM}<x>\ensuremath{\mbox{NF}_App}>\_DualCore\ensuremath{\mbox{CM}<x>\ensuremath{\mbox{NF}_App}>\_DualCore\ensuremath{\mbox{CM}<x>\ensuremath{\mbox{NF}_App}>\_DualCore\ensuremath{\mbox{CM}<x>\ensuremath{\mbox{NF}_App}>\_DualCore\ensuremath{\mbox{CM}<x>\ensuremath{\mbox{NF}_App}>\_DualCore\ensuremath{\mbox{CM}<x>\ensuremath{\mbox{NF}_App}>\_DualCore\ensuremath{\mbox{CM}<x>\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{CM}<x>\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{CM}<x>\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{CM}<x>\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbox{NP}_App}>\_DualCore\ensuremath{\mbo$ 

Figure 26. File structure of End Node dual-core debug configuration



The DEBUGGER\_ENABLED flag allows the debugger to attach via the serial wires. This flag can be enabled only on one core or on both, depending on the core to be debugged.

LOW\_POWER must be disabled at least on one of the two cores, otherwise when the device is in Stop mode, the debugger does not wake up anymore. It is usually simpler to disable LOW\_POWER on the core that needs to be debugged, unless debugging a low-power issue.

The compiler option can be changed to an inferior optimization level if the memory space allows it (memory space available for that core). The memory space depends on <RF\_App> and on the IDE used to compile.

<Secure\_RF\_App> is such that the maximum space is reserved for <RF\_App>\_CM4, which allow the Cortex-M4 application to be recompiled with lower optimization level.

Figure 27. Compile optimization level (example for IAR Embedded Workbench)



AN5682 - Rev 2 page 25/59



To do the same with  $\mbox{RF\_App>\_CM0PLUS}$ , the memory mapping must be reworked (mapping provided in examples does not allocate enough flash memory to Cortex-M0+, see Section 7.2 ) .

Refer to the document [1] for details about SBSFU debugging.

## 3.3.3 Compile the big binary file and download

Follow the steps described at the beginning of this Section 3.1 to compile and download the code.

## 3.3.4 Attach the debugger

When <RF\_App> is compiled with DEBUGGER\_ENABLED set to 1 at the beginning of the code, a while (1) loop is added that waits the PB1 to be pressed. This avoids the code going too far in the execution after SBSFU started the <RF\_App> execution. Before pressing PB1, the user can perform the following actions:

- Attach the debugger.
- Set the wished breakpoints.
- Adapt the terminal baudrate if it differs from the <RF\_App> one.

The PB1 can be pressed to reach the first breakpoint, and the user can play with the debugger as usual (for example stepping).

AN5682 - Rev 2 page 26/59



## Privileged/unprivileged coding

The following major difference between firmware provided for non-secure <RF App> projects versus secure ones, improves the Cortex-M0+ security:

- The firmware for the non-secure <RF App> projects (like classical \LoRaWAN\LoRaWAN End Node) always runs in privileged mode.
- The firmware for the <Secure\_RF\_App> projects runs as much as possible in unprivileged mode, and switches in privileged mode only when necessary (only true for Cortex-M0+ code).

The unprivileged mode is more resistant to hacker attacks. Hackers use many ways to break a non-secure firmware, sometime even just playing with data input (such as giving as parameter a function that reads a buffer a size bigger than the buffer size itself).

SBSFU ensures that only "trusted" applications are installed on the device. No malicious code can be downloaded to read internal data. But, if the application code is not written carefully (for example without checking that the size parameter is minor or equal than the buffer size), hackers can succeed to extract information despite the SBSFU protection. If pointer ranges are not checked, a write function can be used to change a register value.

Thanks to the GTZC (configured by the SBSFU), sensitive data and registers on STM32WL devices are only accessible by the Cortex-M0+. Writing not carefully Cortex-M4 code is not such an issue. But to ensure that all the Cortex-M0+ code (around 50 Kbytes) is written carefully requires specific expertise and is costly in term of development time and code size. The Cortex-M0+ code is mainly <RF> protocol stack written by third parties that are not necessarily concerned by security.

GTZC can be configured to provide an additional restriction: access to sensitive data and registers allowed only by the Cortex-M0+ code when running in privileged mode. For example, MPU registers can only be accessed in privileged mode. By running most of the code in unprivileged mode, the remaining privileged code that hackers can use is strongly reduced. In addition, this small portion of privileged code can be written carefully.

Note: The unprivileged code has its own memory stack separated by the main stack used in privileged mode. Refer to

the Arm documentation for details about Thumb states (Handler versus Thread mode). MSP (main stack pointer) vs PSP (process stack pointer). Exceptions and interrupt service routines always run in privileged mode and use the MSP. This section explains how the Cortex-M0+ code has been adapted to run most of the time in unprivileged mode.

The main concern is that parts of the code need to run in privileged mode. The firmware must be able to switch between the modes when requested. Once in unprivileged mode, switch back in privileged mode is possible via a SVC call. This is required for certain instruction and registers access such as:

- NVIC inline functions handling
- critical sections and low-power
- cryptographic functions

Cryptographic functions need a specific attention because they are encapsulated in the SKMS (part of the SBSFU binary) that needs to be called from the <RF\_App> binary.

Secure projects contain five additional files that provide services to abstract the privileged/unprivileged switch.

Figure 28. sys privileged services.c/h and sys privileged wrap.c/h



Note:

AN5682 - Rev 2



Some other Cortex-M0+ files have been modified for the scope, such as:

- <RF\_App>\_DualCore\CMOPLUS\Core\Inc\stm32wlxx\_hal\_conf.h, stm32wlxx\_it.c/h and mai
  n.c to define the GTZC HAL and TZIC\_IRQHandler().
- <RF\_App>\_DualCore\CM0PLUS\Core\Inc\utilities\_def.h and CM0PLUS\LoRaWAN\Target\ra
   dio\_conf.h to add the following processes to ensure the code does not run anymore in ISR (interrupt
   service routine, privileged) but on sequencer task (unprivileged):
  - CFG SEQ Task RadioIrq Process
  - CFG SEQ Task RadioRxTimeout Process
  - CFG SEQ Task RadioTxTimeout Process
  - CFG\_SEQ\_Task\_UtilTimer\_Process
- <RF\_App>\_DualCore\CMOPLUS\Core\Inc\utilities\_conf.h to redefine
   UTIL xxx CRITICAL SECTION() macros.
- <RF\_App>\_DualCore\CM0PLUS\Core\Src\sys\_app.c to switch to unprivileged mode and to resynchronize the two cores at initialization.
  In non-secure mode, the Cortex-M0+ is started by the Cortex-M4. When SBSFU is used, it starts both <RF\_App> cores simultaneously and the Cortex-M0+ can start before Cortex-M4. A resynchronization is required to initialize MBMUX in the correct order.
- <RF\_App>\_DualCore\CMOPLUS\MbMux\mbmux.c to double check the addresses of the Cortex-MO+ buffers before using them. This double check avoids basic fault injection by hardware (such as power glitched) that can lead to jump the single check inside the MBMUX SEC VerifySramBuffer function.
- <RF\_App>\_DualCore\CM4\LoRaWAN\App\lora\_app.c and CM4\Core\Src\sys\_app.c to implement a push button at start to facilitate the debug (see Section 3.3 ), and to resynchronize the two cores at initialization (complement of Cortex-M0+ side).

In order to change from privileged to unprivileged, the Cortex CONTROL register must be set with the set CONTROL instruction in CMOPLUS\Core\Src\sys app.c with the code below.

```
ThumbState_RemapMspAndSwitchToPspStack();
ThumbState_EnterUnprivilegedMode();
```

Once in unprivileged mode, several registers (including the CONTROL one) cannot be changed. An interrupt (specifically the SVC call) can be used to return in privileged mode. The SVC call causes an interrupt handled by \_\_SVC\_Handler() that calls SVC\_APP\_Handler() (see svc\_handler.s).

SVC\_APP\_Handler() is defined in sys\_privileged\_services.c as follow:

```
void SVC_APP_Handler(uint32_t *args)
{
  uint8_t svc_index = ((char *)args[6])[-2];

switch (svc_index)
{
   case 0x0: /* SE SVC CALL : called by SECoreBin*/
        SE_APP_SVC_Handler(args);
        break;
   case 0x1:
        APP_CRITICALSECTION_SVC_Handler(args);
        break;
   case 0x2:
        APP_NVIC_SVC_Handler(args);
        break;
   default:
        break;
}
```

The three subcases are detailed in Section 4.1 and Section 4.2 starting from the last (the easier) to the first.

#### 4.1 NVIC

Access to NVIC registers requires privileged mode. Each time the existing code calls NVIC, the function must be deviated (redefined) to go through SVC first.

AN5682 - Rev 2 page 28/59



The CMSIS inline function can be remapped thanks to <code>cmsis\_nvic\_virtual.h</code> (see <code>core\_cm0plus.h</code> when CMSIS NVIC VIRTUAL is defined). <code>cmsis\_nvic\_virtual.h</code> remaps the NVIC inline function as follow:

```
#define NVIC EnableIRQ
                                      SYS PRIVIL NVIC EnableIRQ
                                      SYS_PRIVIL NVIC GetEnableIRQ
#define NVIC GetEnableIRQ
#define NVIC DisableIRQ
                                      SYS PRIVIL NVIC DisableIRQ
#define NVIC_GetPendingIRQ
#define NVIC_SetPendingIRQ
                                      SYS_PRIVIL_NVIC_GetPendingIRQ
                                      SYS PRIVIL NVIC SetPendingIRQ
#define NVIC ClearPendingIRQ
                                      SYS PRIVIL NVIC ClearPendingIRQ
#define NVIC_SetPriority
                                      SYS_PRIVIL_NVIC_SetPriority
#define NVIC GetPriority
                                      SYS PRIVIL NVIC GetPriority
#define NVIC SystemReset
                                      SYS PRIVIL NVIC SystemReset
```

#### where:

- SYS\_PRIVIL\_NVIC\_xxx(...) are defined in sys\_privileged\_wrap.c/h.
- SYS PRIVIL NVIC xxx (...) call the SVC that causes the SVC interrupt (switching in privileged mode).
- The SVC interrupt calls SVC\_APP\_Handler (...) with svc\_index=0x2.
- SVC\_APP\_Handler(...) calls APP\_NVIC\_SVC\_Handler(...); that is defined with a parameter identifying the NVIC function to be called.
- The classical NVIC inline function is finally called in privileged mode.

When the SVC interrupt call ends, the system automatically goes back to unprivileged mode.

## 4.2 Critical sections

In the non secure <RF\_App>, UTIL XXX CRITICAL SECTION() macros are defined as follows:

This code does not work if called on SVC interrupt (as seen in Section 4.1 for NVIC). After calling <code>ENTER\_CRITICAL\_SECTION()</code>, the execution goes to unprivileged after <code>\_\_disable\_irq()</code>. All interrupts are disabled including the SVC one that cannot be used to switch back to privileged mode (such as <code>EXIT\_CRITICAL\_SECTION</code>). When the code between entering and exiting critical sections need to be executed in unprivileged mode, <code>\_\_disable\_irq()</code> cannot be used.

The UTIL\_xxx\_CRITICAL\_SECTION() macros must be redefined in CMOPLUS\Core\Inc\utilities\_conf .h as follows:

```
#define UTILS_ENTER_CRITICAL_SECTION() nvic_iser_state= SYS_PRIV_EnterCriticalSection()
#define UTILS_EXIT_CRITICAL_SECTION() SYS_PRIV_ExitCriticalSection(nvic_iser_state)
```

AN5682 - Rev 2 page 29/59



#### where

```
uint32_t SYS_PRIVIL_EnterCriticalSection( void )
{
  uint32_t nvic_iser_state;

if (ThumbState_IsUnprivileged() != 0)
  {
    /* disable NVIC irqs, then back to PSP and Unpriv */
    SYS_CRITICALSECTION_SvcCall(&nvic_iser_state, SVC_DISABLE_ALL_NVIC_IRQS);
  }
  else
  {
    nvic_iser_state = NVIC->ISER[0];
    NVIC->ICER[0] = nvic_iser_state;
  }
  return nvic_iser_state;
}
```

#### and

```
void SYS_PRIVIL_ExitCriticalSection( uint32_t nvic_iser_state)
{
   if (ThumbState_IsUnprivileged() != 0)
   {
      uint32_t dummy_ret = 0;
      SYS_CRITICALSECTION_SvcCall(&dummy_ret, SVC_RESTORE_NVIC_IRQS, nvic_iser_state);
   }
   else
   {
      NVIC->ISER[0] = nvic_iser_state | NVIC->ISER[0];
   }
}
```

SYS\_CRITICALSECTION\_SvcCall() calls  $_{\rm svc}$  ( $_{\rm total}$ ) (SVC\_APP\_Handler(0x1)), that calls APP CRITICALSECTION SVC Handler(...).

To avoid calling SVC when not necessary (for example when the caller runs already in privileged mode), the following check can be done:

```
if (ThumbState IsUnprivileged() != 0)
```

When SECURE\_UNPRIVILEGE\_ENABLE == 1, this check results always true, and the SVC call is used.

APP\_CRITICALSECTION\_SVC\_Handler (...) does not disable all interrupts but only the NVIC ones. The SVC interrupt (switching from unprivileged to privileged) can still be used.

```
void APP_CRITICALSECTION_SVC_Handler(uint32_t *args)
{
  uint32_t nvic_iser_state;

  switch (args[1])
  {
    case SVC_DISABLE_ALL_NVIC_IRQS:
    {
      nvic_iser_state = NVIC->ISER[0];
      NVIC->ICER[0] = nvic_iser_state;
      break;
    }
  case SVC_RESTORE_NVIC_IRQS:
    {
      NVIC->ISER[0] = args[2] | NVIC->ISER[0];
      break;
    }
}
```

## Critical section and low power mode

An additional constraint must be managed if entering in a critical section when going in low-power mode (STM32CubeWL examples work in Stop mode). In order to wake up from a low-power mode, \_wfl is expected. Typically \_wfl is triggered by NVIC interrupts.

AN5682 - Rev 2 page 30/59



The sequencer code main loop is implemented as follows:

```
UTIL_SEQ_ENTER_CRITICAL_SECTION_IDLE();
if (!(((TaskSet & TaskMask & SuperMask) != 0U) || ((EvtSet & EvtWaited)!= 0U)))
{
   UTIL_PowerDriver.EnterSleepMode();
   UTIL_PowerDriver.ExitSleepMode();
}
UTIL_SEQ_EXIT_CRITICAL_SECTION_IDLE();
```

If  $xxx\_CRITICAL\_SECTION\_IDLE()$  are implemented by clearing all NVIC interrupts with the code:

```
nvic_iser_state = NVIC->ISER[0];
NVIC->ICER[0] = nvic_iser_state;
```

this prevents  $\_{\tt WFI}$  to wake up the MCU from Stop mode.  $\_{\tt disable\_irq}()$  must be used as it does not prevent  ${\tt WFI}$ , but this disables all interrupts, including the SVC one.

The ENTER\_CRITICAL\_SECTION\_IDLE() macro must be written to remain in privileged mode at the end of the SVC interrupt service routine. If the execution mode goes to unprivileged, it is not anymore possible to exit the critical section.

In CMOPLUS\Core\Inc\utilities\_conf.h, the  $xxx_{CRITICAL\_SECTION\_IDLE()}$  macros are redefined as follows:

```
#define UTIL_SEQ_ENTER_CRITICAL_SECT_IDLE() SYS_PRIVIL_DisableIrqsAndRemainPriv()
#define UTIL_SEQ_EXIT_CRITICAL_SECTION_IDLE() SYS_PRIVIL_EnableIrqsAndGoUnpriv()
```

In sys\_privileged\_wrap.c, SYS\_PRIVIL\_DisableIrqsAndRemainPriv() calls the SVC. The SVC handler, after disabling the IRQs, sets the MCU control to remain in privileged mode.

The code executed between entering and exiting critical section is small (not a big problem if executed in privileged mode).

sys\_privileged\_wrap.c as follows:

```
void SYS_PRIVIL_EnableIrqsAndGoUnpriv(void)
{
    __enable_irq();
    ThumbState_EnterUnprivilegedMode(); /* Goes always Unpriv */
}
```

AN5682 - Rev 2 page 31/59



Note:

- The primask value is not saved in UTIL\_SEQ\_ENTER\_CRITICAL\_SECTION\_IDLE() (like in the original CRITICAL\_SECTION macro). As these two functions are only called in the main sequencer loop (part of UTIL\_SEQ\_Run() function), they can never be encapsulated under another critical section.

  UTIL\_SEQ\_ENTER\_\_CRITICAL\_SECTION\_IDLE() can only be executed when primask = 0. For the same reason, when calling UTIL\_SEQ\_EXIT\_CRITICAL\_SECTION\_IDLE(), \_\_enable\_irq() can be used instead of set PRIMASK(primask bit).
- As functions UTIL\_SEQ\_ENTER\_\_CRITICAL\_SECTION\_IDLE() and

  UTIL\_SEQ\_EXIT\_CRITICAL\_SECTION\_IDLE() are called in the context of UTIL\_SEQ\_Run(),

  when the compilation flag SECURE\_UNPRIVILEGE\_ENABLE == 1, the function

  SYS\_PRIVIL\_DisableIrqsAndRemainPriv() is always supposed to be executed in unprivileged

  mode. If SYS\_PRIVIL\_DisableIrqsAndRemainPriv() is called in privileged mode, the SVC is

  skipped thanks to ThumbState\_IsUnprivileged().

  Whatever the entering execution mode, SYS\_PRIVIL\_EnableIrqsAndGoUnpriv() switches the mode

  to unprivileged at exit. This is an additional security.

AN5682 - Rev 2 page 32/59



## 4.3 Cryptographic functions

Start UserApp()

As mentioned in Section 3.1 , four binaries are downloaded on the STM32CubeWL: two binaries on the Cortex-M4 and two binaries on the Cortex-M0+.

The cryptographic functions encapsulated in the SKMS are part of the SBSFU binary running on the Cortex-M0+. The <RF\_App> application binary uses these functions. The link between the two binaries is handled by se\_interface\_appli.o generated via script (see se\_interface\_appli.txt and SBSFU documentation [1] and [2]). The SBSFU runs in both privileged and unprivileged mode.

When cryptographic functions are called in the SBSFU binary, a wrapper moves to privileged via SVC before calling the cryptographic functions (same as <RF\_App> binaries in Section 4.2 ). This SBSFU mechanism is named SecureEngineWrapper in this application note (simplification to keep consistency with the previous section).

When the SBSFU is combined with a user application (such as <RF\_App>), the SBSFU code configures the security features (like TZ, MPU, IWDG, or DAP), checks the integrity/authenticity of the <RF\_App> application binary, and, if requested, downloads a new version. For these checks, the SBSFU uses SKMS functions called by the SBSFU binary.

After all these actions, the SBSFU 'jumps' to the application binary (just downloaded or already present), and remaps the interrupt vector table on one of the new binary. The <RF\_App> application binary has its own main, its own interrupt vector table, and its own SVC handler.



Figure 29. SBSFU binary calling SKMS for integrity and authenticity checks

The <RF\_App> starts its execution and needs SKMS at a time to encrypt/decrypt RF transmission keys (such as LoRaWAN or Sigfox ones).

Change context, vector\_table, stack

► main()

AN5682 - Rev 2 page 33/59



The non-secure  $\mbox{RF\_App>}$  uses non-secure KMS as part of the  $\mbox{RF\_App>}$  binary. The following non-secure KMS files are part of  $\mbox{RF\_App>\_DualCore}\mbox{CMOPLUS}\mbox{Core}$  and the associated binary:

- ca\_low\_level.c/h
- kms\_low\_level.c/h
- kms\_platf\_objects\_config.h
- kms\_platf\_objects\_interface.h

The secure  ${\sf RF\_App}$  uses the SKMS from the SBSFU binary. The above files are removed from the secure  ${\sf RF\_App}$  project.

AN5682 - Rev 2 page 34/59



Thanks to se\_interface\_appli.o, <RF\_App> calls <code>Crypto\_high\_level()</code> on the SBSFU binary to encrypt/decrypt the transmission keys. The SBSFU SecureEngineWrapper calls the SVC but the interrupt vector table is now the one associated to the <RF\_App> application, and the program counter goes to the SVC handler of the <RF\_App> application.

Cortex-M0+ <RF\_App> binary Cortex-M0+ SBSFU binary <RF\_App> <RF App> privileged unprivileged maih() se\_interface\_appli.o Encrypt\_msg() Crypto\_high\_level() <RF\_App> vector table SecureEngineWrapper() SVC Handler(0x0) Handler() Old vector table SVC Handler() SVC\_APP\_Handler(0x0) SE APP SVC Handler() se\_interface\_appli.o SE SVC | Handler() SKMS Engine() Send Encrypted msg() UTIL\_SEQ\_Run() UTIL SEQ Preidle() ENTER\_CRITICAL SECTION\_IDLE() SYS PRIVIL\_DisableIrqs() > SVC Handler(0x1) SVC\_APP\_Handler(0x1) APP CRITICALSECTION SVC Handler() disable irq & set CONTROL UTIL\_SEQ\_Idle()

Figure 30. <RF\_App> binary calling SKMS (part of SBSFU binary)

AN5682 - Rev 2 page 35/59



The \_\_svc\_Handler() of the user application calls the SVC\_APP\_Handler (instead of the MPU\_SVC\_Handler, see svc\_handler.s). The SVC\_APP\_Handler must then be compatible to decode the SVC indexes of the SBSFU cryptographic function, by using the same indexes coded on the SBSFU code.

From sfu mpu isolation.c, the SBSFU code (MPU\_SVC\_Handler) SVC Handler() uses these indexes:

The cryptographic functions used by the application are in the switch case 0x0, using the SE\_SVC\_Handler for the secure engine. <RF\_App> must then reserve the switch case 0x0 for the same purpose: 0x0 is the value called by the SBSFU cryptographic high-level code (part of the SBSFU binary).

```
void SVC_APP_Handler(uint32_t *args)
{
  uint8_t svc_index = ((char *)args[6])[-2];
  uint32_t nvic_iser_state;

switch (svc_index)
{
    case 0x0: /* SE SVC CALL : called by SECoreBin*/
        SE_APP_SVC_Handler(args);
        break;
    case 0x1:
        APP_CRITICALSECTION_SVC_Handler(args);
        break;
    case 0x2:
        APP_NVIC_SVC_Handler(args);
        break;
    default:
        break;
}
```

Note:

SE\_APP\_SVC\_Handler() is the interface given in se\_interface\_application.o that is defined on the SBSFU as follows:

```
__root void SE_APP_SVC_Handler(uint32_t *args) {
    SE_SVC_Handler(args);
}
```

AN5682 - Rev 2 page 36/59



## 5 Memory mapping

The flash memory mapping of the device contains some elements described in the table below. The following items concern exclusively the SBSFU that runs before switching to <RF App> execution:

- SB CM4: Secure Boot binary
- SBSFU + SE CM0+: Secure Boot, Secure Firmware Update, Secure Engine and SKMS binary
- Firmware Header: flash memory area where the not contiguous firmware headers are stored
- Blob download area: not used in the scope of the provided <Secure RF App> projects

The items listed below are also used by the <RF\_App>:

- Active slots (contains <RF\_App> executable code downloaded via SBSFU)
- KMS Data Storage (non-volatile memory area where RF session keys are dynamically derived via SKMS on <RF\_App> request)
- User/SE keys (<RF App> and secure-engine static embedded keys)

|       | _  | _   |      |      |     |         |       |
|-------|----|-----|------|------|-----|---------|-------|
| Iahla | ×  | FIA | ıen  | memo | rv. | man     | nına  |
| IUDIC | Ο. |     | 1311 |      | ·y  | HILLIAP | PIIIM |

| Start address | End address | Size<br>(Kbytes)  | Flash memory region                         |
|---------------|-------------|-------------------|---------------------------------------------|
| 0x0800 0000   | 0x0800 27FF | 10                | Secure Boot Cortex-M4                       |
| 0x0800 28FF   | 0x0800 2FFF | 2                 | Blob download <sup>(1)</sup>                |
| 0x0800 3000   | 0x0801 BFFF | 100               | Slot Active 2 <rf_app>_CM4</rf_app>         |
| 0x0801 C000   | 0x0802 AFFF | 60 <sup>(2)</sup> | Slot Active 1 <rf_app>_CM0</rf_app>         |
| 0x0802 B000   | 0x0802 CFFF | 8                 | KMS Data Storage <sup>(3)</sup>             |
| 0x0802 D000   | 0x0802 E3FF | 5                 | SE interface Cortex-M0+                     |
| 0x0802 E000   | 0x0803 67FF | 33                | SBSFU Cortex-M0+                            |
| 0x0803 0000   | 0x0803 E7FF | 32                | SE Cortex-M0+                               |
| 0x0803 E800   | 0x0803 EFFF | 2                 | UserApp and SE embedded keys <sup>(3)</sup> |
| 0x0803 F000   | 0x0803 F7FF | 2                 | SLOT Active 2 header <sup>(3)(4)</sup>      |
| 0x0803 F800   | 0x0803 FFFF | 2                 | SLOT Active 1 header <sup>(3)(4)</sup>      |

- 1. Not used by <Secure\_RF\_App> projects.
- if LoRaWAN\_End\_Node\_DualCore, 60 Kbytes are allocated for LoRaWAN Cortex-M0+ code.
   If Sigfox\_PushButton\_DualCore, the 60 Kbytes are the sum of Sigfox Cortex-M0+ code (56 Kbytes) and EE data storage (4 Kbytes).
- 3. Accessible by the Cortex-M0+ only.
- 4. Flash memory area where not-contiguous firmware headers are stored.

AN5682 - Rev 2 page 37/59



The RAM memory mapping of the device contains some elements described in the following table.

Table 9. RAM mapping

| Start address | End address | Size<br>(Kbytes) | RAM region                                                        |
|---------------|-------------|------------------|-------------------------------------------------------------------|
| 0x2000 0000   | 0x2000 0CDF | 3                | Secure Boot Cortex-M4 <sup>(1)</sup>                              |
| 0x2000 0CE0   | 0x2000 0CFF | 0.25             | Cortex-M0+/Cortex-M4 synchronization flag <sup>(1)</sup>          |
| 0x2000 0D00   | 0x2000 7FFF | 28.75            | <rf_app>_CM4<sup>(1)</sup></rf_app>                               |
| 0x2000 8000   | 0x2000 83FF | 1                | SHARED_MailBox_MEM1 (allocated by the Cortex-M4) <sup>(2)</sup>   |
| 0x2000 8400   | 0x2000 8FFF | 3                | SHARED_MailBox_MEM2 ((allocated by the Cortex-M0+) <sup>(2)</sup> |
| 0x2000 9000   | 0x2000 D3FF | 17               | <rf_app>_CM0+ and SBSFU Cortex-M0+<sup>(3)</sup></rf_app>         |
| 0x2000 D400   | 0x2000 FFFF | 11               | SE Cortex-M0+ <sup>(3)</sup>                                      |

- 1. SRAM1.
- 2. SRAM2 accessible by Cortex-M4 and Cortex-M0+.
- 3. SRAM2 accessible by Cortex-M0+ only.

The major boundaries are described in two common linker script files in the Linker\_Common folder:

- linker file for IAR Embedded Workbench and STM32CubeIDE
- · include files are for MDK-ARM

Figure 31. File structure of linker\_common



These linker files, thanks to <code>mapping\_export.h</code>, contain the major boundaries that can be refined in the linker files of the separate projects (2\_Image\_SBSFU, 2\_Image\_SeCoreBin, <RF\_App>). Refer to the document [1] for more details about this configuration.

AN5682 - Rev 2 page 38/59



The STM32WL devices have the two following blocks of RAM:

- SRAM1 with no retention memory goes until 0x2000 7FFF.
- SRAM2 (starting at 0x2000 8000) has retention properties. In <RF\_App> projects configuration, the first part of this memory is not secured (shared between the Cortex-M4 and the Cortex-M0+). The rest is secured (only accessible by the Cortex-M0+).

MBMUX is a mailbox communication system between the two cores designed for the <RF\_App> on STM32WL5x dual-core devices (see the document [7] for more details). MBMUX uses a part of RAM shared by the two cores for exchanging messages.

The shared memory is divided in two sections:

- SRAM2\_SHARED section MB\_MEM1: allocated/placed by the Cortex-M4 linker file (contains the mapping table and the wrapper for the Cortex-M4 function calls)
- SRAM2\_SHARED section MB\_MEM2: allocated/placed by the Cortex-M0+ linker file (contains the wrapper for the Cortex-M0+ function calls, including the buffer for traces)

The RAM repartition is defined into two <RF App> linker files depending on the IDE.

Figure 32. File structure of <RF\_App> linker



AN5682 - Rev 2 page 39/59



## 6 Memory footprint

The previous section shows that almost 96 Kbytes are allocated for SBSFU and 160 Kbytes remain available for the RF application. This section shows that the memory occupied by each block is smaller than what is allocated for this block. The next section explains why it happens and how the mapping can be adapted to the user needs.

<RF\_App>\_CM0 (60k allocated 86% used) <RF\_App>\_CM4 (100k allocated 26% used) SBSFU\_CM0 SB\_CM4

Figure 33. Allocation of 256-Kbyte flash memory (<Secure\_RF\_App> projects)

## 6.1 RF dual-core applications

#### 6.1.1 LoRaWAN End Node dual-core application

Values in Table 10 and Table 11 are measured for the following configuration of the IAR Embedded Workbench compiler (EWARM version 9.20.1):

- optimization level 3 for size
- debug option off
- trace option VLEVEL\_M (medium traces)
- target: STM32WL55JC
- LoRaWAN\_End\_Node\_DualCore application
- LoRaMAC Class A
- LoRaMAC region EU868 only

Table 10. Memory footprint for LoRaWAN\_Secure\_DualCore\_End\_Node\_CM0PLUS

| Project module    | Flash memory<br>(bytes) | RAM (bytes) | Description                                                            |
|-------------------|-------------------------|-------------|------------------------------------------------------------------------|
| Application       | 3205                    | 176         | Core, application, and target components                               |
| HAL               | 5414                    | 0           | STM32WL HAL and LL drivers                                             |
| IAR Lib           | 1012                    | 0           | Proprietary IAR libraries                                              |
| IAR Startup       | 563                     | 4096        | Int_vect, init routines, init table, CSTACK, and HEAP                  |
| LoRAWAN stack     | 27715                   | 5814        | Middleware LmHandler interface, crypto, MAC, and Region                |
| MBMux             | 3135                    | 912         | Mailbox multiplexer wrappers and services                              |
| SubGHz_Phy        | 6175                    | 417         | Middleware radio interface                                             |
| Utilities         | 3123                    | 1648        | All STM32 services (sequencer, time server, low-power mgr, trace, mem) |
| Total application | 50342                   | 13063       | Memory footprint for LoRaWAN_End_Node_DualCore_CM0+ application        |

AN5682 - Rev 2 page 40/59



Table 11. Memory footprint for LoRaWAN\_Secure\_DualCore\_End\_Node\_CM4

| Project module    | Flash memory<br>(bytes) | RAM (bytes) | Description                                                            |
|-------------------|-------------------------|-------------|------------------------------------------------------------------------|
| Application       | 6835                    | 891         | Core, application, and target components                               |
| HAL               | 14260                   | 36          | STM32WL HAL and LL drivers                                             |
| IAR Lib           | 1418                    | 0           | Proprietary IAR libraries                                              |
| IAR Startup       | 784                     | 2051        | Int_vect, init routines, init table, CSTACK, and HEAP                  |
| MBMux             | 2554                    | 942         | Mailbox multiplexer wrappers and services                              |
| Utilities         | 2741                    | 1628        | All STM32 services (sequencer, time server, low-power mgr, trace, mem) |
| Total application | 28592                   | 5548        | Memory footprint for LoRaWAN_End_Node_DualCore_CM4 application         |

## 6.1.2 Sigfox push-button dual-core application

Values in the tables below are measured for the following configuration of the IAR Embedded Workbench compiler (EWARM version 9.20.1):

- optimization level 3 for size
- · debug option off
- trace option VLEVEL\_M (medium traces)
- target: STM32WL55JC
- Sigfox\_PushButton\_DualCore application

Table 12. Memory footprint for Sigfox\_Secure\_DualCore\_End\_Node\_CM0PLUS

| Project module    | Flash memory<br>(bytes) | RAM (bytes) | Description                                                            |
|-------------------|-------------------------|-------------|------------------------------------------------------------------------|
| Application       | 8044                    | 336         | Core, application, and target components                               |
| HAL               | 7155                    | 76          | STM32WL HAL and LL drivers                                             |
| IAR Lib           | 6928                    | 132         | Proprietary IAR libraries                                              |
| IAR Startup       | 592                     | 4096        | Int_vect, init routines, init table, CSTACK, and HEAP                  |
| MBMux             | 2763                    | 532         | Mailbox multiplexer wrappers and services                              |
| Sigfox stack      | 15166                   | 1214        | Middleware Sigfox and libraries                                        |
| SubGHz_Phy        | 8164                    | 417         | Middleware radio interface                                             |
| Utilities         | 2854                    | 884         | All STM32 services (sequencer, time server, low-power mgr, trace, mem) |
| Total application | 51666                   | 7687        | Memory footprint for Sigfox_PushButton_DualCore_CM0+ application       |

AN5682 - Rev 2 page 41/59



Table 13. Memory footprint for Sigfox\_Secure\_DualCore\_End\_Node\_CM4

| Project module    | Flash memory<br>(bytes) | RAM (bytes) | Description                                                            |
|-------------------|-------------------------|-------------|------------------------------------------------------------------------|
| Application       | 4987                    | 426         | Core, application, and target components                               |
| HAL               | 13926                   | 12          | STM32WL HAL and LL drivers                                             |
| IAR Lib           | 1036                    | 0           | Proprietary IAR libraries                                              |
| IAR Startup       | 794                     | 4096        | Int_vect, init routines, init table, CSTACK, and HEAP                  |
| MBMux             | 2695                    | 750         | Mailbox multiplexer wrappers and services                              |
| Utilities         | 2605                    | 856         | All STM32 services (sequencer, time server, low-power mgr, trace, mem) |
| Total application | 51666                   | 7687        | Memory footprint for Sigfox_PushButton_DualCore_CM4 application        |

## 6.2 SBSFU application

Values in the tables below are measured for the following configuration of the IAR Embedded Workbench compiler (EWARM version 9.20.1):

- optimization level 3 for size
- · debug option off
- trace option off
- target: STM32WL55JC

Table 14. Memory footprint for SECoreBin

| Project module    | Flash memory<br>(bytes) | RAM (bytes) | Description                                           |
|-------------------|-------------------------|-------------|-------------------------------------------------------|
| Application       | 838                     | 4           | Core, application, and target components              |
| HAL               | 5778                    | 76          | STM32WL HAL and LL drivers                            |
| IAR Lib           | 180                     | 0           | Proprietary IAR libraries                             |
| IAR Startup       | 220                     | 0           | Int_vect, init routines, init table, CSTACK, and HEAP |
| KMS               | 23964                   | 10380       | Middleware key management services                    |
| SE                | 1380                    | 16          | Middleware Secure Engine                              |
| Total application | 32360                   | 10476       | Memory footprint for SECoreBin application            |

Table 15. Memory footprint for SBSFU Cortex-M0+

| Project module    | Flash memory<br>(bytes) | RAM (bytes) | Description                                           |
|-------------------|-------------------------|-------------|-------------------------------------------------------|
| Application       | 225                     | 4           | Core, application, and target components              |
| HAL               | 6146                    | 160         | STM32WL HAL and LL drivers                            |
| IAR Lib           | 6523                    | 132         | Proprietary IAR libraries                             |
| IAR Startup       | 560                     | 6660        | Int_vect, init routines, init table, CSTACK, and HEAP |
| SBSFU             | 15199                   | 3564        | Secure Firmware Update and Secure boot                |
| SE                | 4576                    | 1           | Middleware Secure Engine                              |
| Total application | 33229                   | 10521       | Memory footprint for SBSFU CM0+ application           |

Note: The SBSFU Cortex-M0+ binary is about 64 Kbytes as it integrates the SECoreBin library from Table 12.

AN5682 - Rev 2 page 42/59





Table 16. Memory footprint for SBSFU Cortex-M4

| Project module    | Flash memory<br>(bytes) | RAM (bytes) | Description                                           |
|-------------------|-------------------------|-------------|-------------------------------------------------------|
| Application       | 694                     | 4           | Core, application, and target components              |
| HAL               | 4427                    | 24          | STM32WL HAL and LL drivers                            |
| IAR Lib           | 120                     | 0           | Proprietary IAR libraries                             |
| IAR Startup       | 718                     | 512         | Int_vect, init routines, init table, CSTACK, and HEAP |
| SBSFU             | 1637                    | 112         | Secure Firmware Update and Secure boot                |
| Total application | 7594                    | 652         | Memory footprint for SBSFU CM4 application            |

AN5682 - Rev 2 page 43/59



## 7 How to customize the memory mapping

### 7.1 Memory use versus memory allocation

There is a difference between the memory mapping/allocation mentioned in Table 8 and the memory footprint detailed by tables in Section 6 .

For example, Table 15 shows that SBSFU (including the SE interface) occupies 33.2 Kbytes while the memory allocation for these items is 33 + 5 = 38 Kbytes. Table 16 shows that the SBSFU Cortex-M4 occupies 6.1 Kbytes while the memory allocation for it is 10 Kbytes.

The main reasons for these differences are listed below:

- Space may be wasted in padding: some restrictions (for example given by the MPU) require boundaries of the blocks to be n-bytes aligned.
- The memory allocated to SBSFU let some margins for the following:
  - To have a common denominator mapping fitting for the different IDEs.
  - To avoid remappings for small changes.
  - To avoid remappings if the IDE version has changed and uses a bit more memory.
  - To enable some features (currently disabled) without having linker problem (such as tamper, or IWDG).

The remaining flash memory is for the <RF\_App> that includes the RF middleware, the RF drivers, the mailbox, the utilities, and the user application. The mapping provided with <Secure\_RF\_App> examples maximizes the free space for the Cortex-M4, considering the Cortex-M0+ as coprocessor.

The figure below shows that, on the Cortex-M4, about 75% of the space remains available for developing the application, while, on the Cortex-M0+, the remaining space is about 10%, depending on the IDE. The footprint given here is related to a specific release of the STM32CubeWL and can evolve.

Note: Similar principles apply to LoRaWAN and Sigfox examples.

Figure 34. LoRaWAN SBSFU 1 Slot DualCore flash memory use vs allocation



AN5682 - Rev 2 page 44/59



Sigfox CM4 100 Kbytes Sigfox CM0+ 60 Kbytes **IAR** 120000 100000 Embedded MDK-ARM STM32CubeIDE Workbench IAR 100000 80000 Embedded STM32CubeIDE MDK-ARM Workbench 80000 60000 7384 7538 8536 69176 74056 74640 60000 40000 40000 52462 51464 20000 20000 30824 25944 25360 0 0 1 2 3 2 3 1 Used Free Used Free

Figure 35. Sigfox\_SBSFU\_1\_Slot\_DualCore flash memory use vs allocation

In LoRaWAN\_SBSFU\_1\_Slot\_DualCore, the middleware has been configured as follows:

- LoRaMAC Class A
- LoRaMAC region EU868 only
- optimization level 3 for size

### Example 1: Memory space demanded by Class B and by RF regions

Class B occupies about 6 Kbytes, depending on the compiler. Each LoRa region needs between 2 and 3 Kbytes, depending on the region and the compiler.

The memory repartition may require modifications to enable class B or several regions simultaneously. For example, items that fit in the 8344 remaining space with IAR Embedded Workbench, and in the 7542 remaining space with MDK-ARM (as described in Figure 34), do not fit in the 2360-byte remaining space with the STM32CubeIDE (that uses the GCC compiler).

Table 17. LoRaWAN\_SBSFU\_1\_Slot\_DualCore regions

| Region         | IAR Embedded<br>Workbench | MDK-ARM | STM32CubeIDE |
|----------------|---------------------------|---------|--------------|
| Region.o       | 1764                      | 2284    | 1600         |
| RegionAS923.o  | 2792                      | 2894    | 3188         |
| RegionAU915.o  | 2940                      | 2890    | 3328         |
| RegionBaseUS.o | 154                       | 158     | 146          |
| RegionCN470.o  | 2112                      | 2128    | 2582         |
| RegionCN779.o  | 2720                      | 2822    | 3068         |
| RegionCommon.o | 1980                      | 2008    | 2064         |
| RegionEU433.o  | 2712                      | 2802    | 3076         |
| RegionEU868.o  | 2968                      | 2936    | 3264         |
| RegionIN865.o  | 2744                      | 2880    | 3100         |
| RegionKR920.o  | 2692                      | 2732    | 3048         |
| RegionRU864.o  | 2696                      | 2790    | 3044         |
| RegionUS915.o  | 2880                      | 2870    | 3284         |

AN5682 - Rev 2 page 45/59



#### Example 2: Memory space needed to change the compiler optimization level

It may be also necessary to modify the memory repartition to optimize the speed vs the memory size, or simply to temporarily reduce the optimization level in order to debug the Cortex-M0+.

LoRaWAN\_SBSFU\_1\_Slot CM0PLUS compiled with IAR Embedded Workbench in 'optimize-medium' needs about 56 Kbytes, instead of about 51 Kbytes in 'optimize-max'. Compiling in 'optimize-low' needs about 65.5 Kbytes, which does not fit in the 60 Kbytes available. 'optimize none' demands about 68.5 Kbytes. The situation is similar for Sigfox\_SBSFU\_1\_Slot CM0PLUS.

See the documents [3] and [4] for more details about the <RF\_App> and how to configure/reduce it.

## 7.2 How to change the memory repartition between the cores

The main constraint when changing the memory repartition between Cortex-M4 and Cortex-M0+ is given by the MPU. At boot time, the SBSFU protects the Active 2 slot from access via the MPU. The related addresses have to be changed.

The secure memory boundaries (Cortex-M4 versus Cortex-M0+) are changed in the common linker file. For the IAR Embedded Workbench, the file is:

<RF\_App>\_1\_Slot\_DualCore\Linker\_Common\EWARM\mapping\_fwimg.icf and the concerned
definitions are:

```
define exported symbol __ICFEDIT_SLOT_Active_2_end_ = 0x0801BFFF;
define exported symbol __ICFEDIT_SLOT_Active_1_start__ = 0x0801C000;
```

To change the MPU protection, the SBSFU code must be modified, specifically the following file:

<RF\_App>\_SBSFU\_1\_Slot\_DualCore\2\_Images\_SBSFU\CM4\Inc\sfu\_low\_level\_security.h

The SBSFU mapping is not impacted, but the <RF\_App> mapping requires a change in the SBSFU configuration file.

This section explains how to change only the  $\RF_App>$  mapping , while maintaining the same total  $\RF_App>\_CM4 + \RF_App>\_CM0PLUS$  (from 0x0800 3000 to 0x0802 AFFF).

Figure 36. <RF\_App> memory repartition allocation without impact on SBSFU



AN5682 - Rev 2 page 46/59



The Slot Active 2 area (<RF App> CM4) is protected by the following Cortex-M4 MPU regions:

- Cortex-M4 MPU region 3 (4 Kbytes, eight subregions of 0.5 bytes each)
- Cortex-M4 MPU region 4 (128 Kbytes with 96 Kbytes active, six subregions of 16 Kbytes each)

#### Remember:

A MPU region is composed of a start address, a size (power of two), and eight subregions that are enabled/disabled with an 8-bit mask in the corresponding SRD register (0: subregion enabled, 1: subregion disabled).

The Cortex-M4 MPU region 3 ranges from 0x0800 3000 to 0x0800 3FFF.

```
/**

* @brief Region 3 - Forbid all access to the active slot.

* From 0x08003000 ==> 0x08003FFF (4 kbytes)

*/

#define SFU_PROTECT_MPU_APP_FLASHEXE_RGNV MPU_REGION_NUMBER3

#define SFU_PROTECT_MPU_APP_FLASHEXE_START SLOT_ACTIVE_2_START

#define SFU_PROTECT_MPU_APP_FLASHEXE_SIZE MPU_REGION_SIZE_4KB

#define SFU_PROTECT_MPU_APP_FLASHEXE_SREG 0x00U /*!< All subregions activated */

#define SFU_PROTECT_MPU_APP_FLASHEXE_PERM MPU_REGION_NO_ACCESS
```

The Cortex-M4 MPU region 4 ranges from 0x0800 4000 to 0x0801 BFFF.

```
/**
    * @brief Region 4 - Forbid all access to the active slot.
    * In addition to region 3, from 0x08004000 ==> 0x0801BFFF (96 kbytes)
    */
#define SFU_PROTECT_MPU_APP_FLASHEXE_ADJUST_RGNV MPU_REGION_NUMBER4
#define SFU_PROTECT_MPU_APP_FLASHEXE_ADJUST_START FLASH_BASE
#define SFU_PROTECT_MPU_APP_FLASHEXE_ADJUST_SIZE MPU_REGION_SIZE_128KB
#define SFU_PROTECT_MPU_APP_FLASHEXE_ADJUST_SREG 0x81U /*!< 128 Kbytes / 8 * 6 ==> 96
Kbytes */
#define SFU_PROTECT_MPU_APP_FLASHEXE_PERM MPU_REGION_NO_ACCESS
```

The easier change is to move 16 Kbytes from the Cortex-M4 to the Cortex-M0+ by disabling one subregion of the Cortex-M4 MPU region 4. The bit 7 of the SDR value is set from 0 to 1 to disable the sixth subregion, as shown in the figure below.

Figure 37. MPU region 4 - Changing subregion settings



The Cortex-M4 MPU region 4 is then reduced to 5 active subregions (16 Kbytes less) covering from 0x0800 4000 to 0x0801 7FFF.

With this change, <RF\_App>\_CM4 is reduced to 84 Kbytes (4 + 80), ranging from 0x0800 3000 to 0x0801 7FF. <RF\_App>\_CM0PLUS is augmented to 76 Kbytes (enough size to enable class B or activate RF regions, or to adapt the optimization mode, for example).

AN5682 - Rev 2 page 47/59



The linker file must be updated accordingly. For EWARM, mapping fwimg.icf is modified as follows:

```
/* Active slot #2 (84 kbytes) */
define exported symbol __ICFEDIT_SLOT_Active_2_header__ = 0x0803F000; define exported symbol __ICFEDIT_SLOT_Active_2_start__ = 0x08003000; define exported symbol __ICFEDIT_SLOT_Active_2_end__ = 0x08017FFF;
 /* Active slot #1 (76 kbytes) */
define exported symbol __ICFEDIT_SLOT_Active_1_header__ = 0x0803F800; define exported symbol __ICFEDIT_SLOT_Active_1_start__ = 0x08018000; define exported symbol __ICFEDIT_SLOT_Active_1_end__ = 0x0802AFFF;
```

If the Cortex-M0+ flash memory must be increased further, the Cortex-M4 MPU region 4 can be reduced by 16 Kbytes more by setting the SDR to 0xA1U: <RF App> CM4 covers only 68 Kbytes (up to 0x0801 3FFF), and <RF\_App>\_CM0PLUS raises to 92 Kbytes (from 0x0801 4000).

Intermediate solutions are possible but require an additional MPU region with subregion size smaller than 16 Kbytes.

Remember: The STM32WLxx MPU is divided in eight regions of definable size. Each MPU region includes eight subregions of equal size.

> On STM32WL devices, both LoRaWAN\_SBSFU\_1\_Slot and Sigfox\_SBSFU\_1\_Slot use six MPU regions at boot. One of the two remaining MPU regions at boot can be used to define an additional MPU region. This refines the memory split between the cores.

#### Example:

Allocating 88 Kbytes to the Cortex-M4 and 7288 Kbytes to the Cortex-M0+ can be achieved by adding a new 4-Kbyte region to

2 Images SBSFU\CM4\Inc\sfu low level security.h:

```
* @brief Region 6 - Forbid all access to the active slot.
                        From 0x08018000 ==> 0x08018FFF (4 kbytes)
#define SFU PROTECT MPU APP FLASHEXE RGNV MPU REGION NUMBER6
#define SFU PROTECT MPU APP FLASHEXE START SLOT ACTIVE 2 LAST
#define SFU_PROTECT_MPU_APP_FLASHEXE_SIZE MPU_REGION_SIZE_4KB
#define SFU_PROTECT_MPU_APP_FLASHEXE_SREG 0x00U /*!< All subregions activated */
#define SFU PROTECT MPU APP FLASHEXE PERM MPU REGION NO ACCESS
```

The linker file must be adapted accordingly. For EWARM, Linker Common\EWARM\mapping fwimg.icf is modified as follows:

```
/* Active slot #2 (88 kbytes) */
define exported symbol __ICFEDIT_SLOT_Active_2_header__= 0x0803F000;
/* Active slot #1 (72 kbytes) */
define exported symbol __ICFEDIT_SLOT_Active_1_header__ = 0x0803F800;
define exported symbol __ICFEDIT_SLOT_Active_1_start = 0x08019000;
define exported symbol __ICFEDIT_SLOT_Active_1_start__ = 0x08019000;
define exported symbol __ICFEDIT_SLOT_Active_1_end__ = 0x0802AFFF;
```

AN5682 - Rev 2 page 48/59



## 7.3 How to reduce the SBSFU footprint and remap the memory accordingly

As explained in Section 7.1 , there is a mismatch between the SBSFU memory footprint and its memory allocation.

This section gives some guidelines to reduce further the SBSFU footprint, which means reducing the SBSFU feature to increase the slot active area (currently 100 + 60 = 160 Kbytes). The main objective is to remap the memory to reduce the SBSFU allocation.

Flash memory 0x08000000 12 0x0800 3000 100 <RF\_App> CM0+ <RF App> CM4 0x0801 C000 CM0 regions 2 DataStorage 60 SBSFU CM0+ 76kb SB Unprivileged 0x0802 B000 CM<sub>4</sub> 0x0802 D000 76 0x0803 6800 (SECoreBin start) 0x08000000 Privileged 0x0803 FFFF

Figure 38. SBSFU memory optimization

The achievable results depend on the IDE. Footprints are calculated with IAR Embedded Workbench in this section, but the principle can be extended to other compilers.

Remember:

Some constraints on memory alignment have to be taken into account when calculating the mapping (refer to the documents [1], [2], and [6]).

In order to optimize the number of MPU regions used, the examples provided in this section focus on reducing the SBSFU memory by blocks of at least 4 Kbytes or multiple of 4 Kbytes. This limits the changes to enable/disable only few subregions or to change the start address of some regions. There is no need to involve other MPU parameters and restrictions (such as adding regions, changing size, or alignment constraints).

The following modules can be reduced in the scope of the global SBSFU CM0+:

- NVM KMS Data Storage
- SBSFU CM0+
- SECoreBin

From the SBSFU footprint compiled with IAR Embedded Workbench version 8.30.1, the following features has been identified as good example candidates to be removed:

- trace and tamper features concerning the SBSFU area
- RSA in the SECoreBin area

Y-MODEM and MPU/GTZC can also be removed. Refer to section 'how to reduce SBSFU footprint' in document [1] for a general presentation . This section is a complement that shows in few examples which code lines can be modified.

AN5682 - Rev 2 page 49/59



### 7.3.1 NVM KMS Data Storage

The NVM KMS Data Storage is the simplest to modify because it is positioned just after the slot active area, the <RF\_App> area (see Table 8).

KMS\_DataStorage in <Secure\_RF\_App> is 8 Kbytes and contains LoRaWAN or Sigfox derived keys. This can be reduced to 4 Kbytes without any impact on the functionality of current projects. A larger place than necessary has been provided for derived key because it implies longer "estimated live time" for the memory. The KMS Data Storage is filled sequentially each time a key is derived. Once a page reaches its end, the full page is erased, and keys are written in a FLOP page. The expected memory lifetime is 10.000 page erase. Sigfox derives one key each time it sends data. LoRaWAN derives keys only at the JOIN procedure, but the number of keys depends on the configuration (such as OTAA/APB or multicast). See the documents [3] and [4] for a deeper explanation with precise examples about key size, or number of requested keys.

The NVM is organized by 2-Kbyte pages. Due to the double buffering (flip/flop EEPROM emulation mechanism), each page needs a 'twin'. The minimum to be allocated for KMS\_DataStorage is then 4 Kbytes. Reducing KMS Data Storage from 8 Kbytes to 4 Kbytes can be simply done by changing the correspondent MPU execution region.



Figure 39. KMS\_DataStorage reduction

These are the configurations to be changed in

2\_Images\_SBSFU\CMOPLUS\SBSFU\Target\sfu\_low\_level\_security.h:

```
/**

* @brief Region 4 - Enable the rw operation in privileged mode for KMS_DataStorage

* Execution capability disabled

* Inner region inside the Region 0

*/

#define SFU_PROTECT_MPU_KMS_RGNV MPU_REGION_NUMBER4

#define SFU_PROTECT_MPU_KMS_START 0x08028000UL

#define SFU_PROTECT_MPU_KMS_SREG 0xE8U /*!< 32 Kbytes / 8 * 1 ==> 4 Kbytes */

#define SFU_PROTECT_MPU_KMS_SIZE MPU_REGION_SIZE_32KB

#define SFU_PROTECT_MPU_KMS_PERM MPU_REGION_PRIV_RW

#define SFU_PROTECT_MPU_KMS_EXECV MPU_INSTRUCTION_ACCESS_DISABLE
```

The linker file example below is given for EWARM, but the same principle applies for other IDEs.

Update in Linker\_Common\EWARM\mapping\_sbsfu.icf:

```
/* KMS Data Storage (NVMS) region protected area */
/* KMS Data Storage need for 2 images : 4 kbytes * 2 ==> 8 kbytes */
define exported symbol __ICFEDIT_KMS_DataStorage_start__ = 0x0802C000;
define exported symbol __ICFEDIT_KMS_DataStorage_end__ = 0x0802CFFF;
```

AN5682 - Rev 2 page 50/59



Slot Active 1 is then increased from 60 Kbytes to 64 Kbytes in Linker Common\EWARM\mapping fwimg.icf:

```
/* Active slot #1 (64 kbytes) */
define exported symbol __ICFEDIT_SLOT_Active_1_header__= 0x0803F800;
define exported symbol __ICFEDIT_SLOT_Active_1_start__ = 0x0801C000;
define exported symbol __ICFEDIT_SLOT_Active_1_end__ = 0x0802BFFF;
```

#### 7.3.2 Trace and tamper

Trace and tamper are two different features that belong to the SBSFU CM0+ memory area. The SBSFU CM0+ footprint can be reduced by disabling the definition SFU DEBUG MODE in

```
2_Images_SBSFU\CM0PLUS\SBSFU\App\app_sfu.h:
/* #define SFU_DEBUG_MODE */
```

The SBSFU CM0+ footprint is then reduced of around 13 Kbytes (depending on the compiler), but there are no more logs printed on the terminal during the SBSFU execution.

The size of the SBSFU is now reduced but all the code placed above must be shifted down to give more space to the application.

```
/* KMS Data Storage (NVMS) region protected area */
/* KMS Data Storage need for 2 images : 4 kbytes * 2 ==> 8 kbytes */
define exported symbol __ICFEDIT_KMS_DataStorage_start__ = 0x0802xxxx;
define exported symbol __ICFEDIT_KMS_DataStorage_end__ = 0x0802xxxx;

/* SE IF ROM: used to locate Secure Engine interface code out of MPU isolation */
Define exported symbol __SE_IF_region_ROM_start__ = __KMS_DataStorage_end__ + 1;
Define exported symbol __SE_IF_region_ROM_end_ = __SE_IF_region_ROM_start__ + 0x13FF;

/* SBSFU Code region */
define exported symbol __SB_region_ROM_start__ = __SE_IF_region_ROM_end__ + 1;
define exported symbol __ICFEDIT_SB_region_ROM_end__ = 0x080367FF;
```

\_\_SB\_region\_ROM\_start\_\_ can start lower, SE\_IF is shifted lower, and the KMS\_DataStorage as well. The MPU of the KMS, but also the MPU that protects the SBSFU has to be shifted.

In the STM32CubeWL example, the shift down makes sense if the region size is multiple the 4 Kbytes (even better 16 Kbytes), otherwise MPU regions may be not sufficient (taking into account the constraints when changing the MPU).

Disabling the trace reduces of 13 Kbytes (for IAR Embedded Workbench version 8.30.1). The mapping can be modified easily to gain 12 Kbytes for the application. To gain 16 Kbytes, the user must find other 3 Kbytes of available memory.

In the RF STM32CubeWL examples, the allocation have been made to assign the same mapping between different compilers and to respect alignment constraints. Some memory parts remain then unused (depending on the compiler) and can be exploited to reach the 16 Kbytes.

Some empty space may be reserved to allow users to enable features that are disabled by default in the RF STM32CubeWL examples. This is the case for the tamper feature: often disabled during development (because Nucleo boards are sensitive: strong movements can be interpreted as hardware attacks) but useful during production. The tamper code uses 3,2 Kbytes (for IAR Embedded Workbench 8.30.1). If this space is used to reach the 16 Kbytes, the tamper cannot be enabled in production.

AN5682 - Rev 2 page 51/59



The figures below show two solutions that do not need additional MPU regions, where KMS\_DataStorage is sized 4 Kbytes.



Figure 40. Example to reduce SBSFU by 12 Kbytes

Figure 41. Example to reduce SBSFU by a 16-Kbyte subregion



#### 7.3.3 RSA/ SECoreBin

The <Secure\_RF\_App> projects do not use RSA, which saves 2 Kbytes in the SECoreBin privileged area (see documents [1] and [2] for details about privileged/unprivileged memory settings). Changing the memory mapping for 2 Kbytes is complex and not described here. But some memory remain unused in the provided RF STM32CubeWL examples. Depending on the compiler, the user can check if SECoreBin can be reduced by 4 Kbytes, or how to combine with the SBSFU alignment in order to limit the impact on the MPU configuration. Combinations are multiples.

The Secure Engine is about the bottom of the memory mapping.

Changing \_\_ICFEDIT\_SE\_Code\_region\_ROM\_start\_\_ means changing all the above mappings up to Slot Active region:

- changing related Cortex-M0+ MPU (regions 2 and 4) as for the above SBSFU
- changing the privileged boundaries, as shown in Section 7.3

These changes can be done by repeating the principle already detailed previously.

AN5682 - Rev 2 page 52/59



#### 7.3.4 Summary

The table below lists the SBSFU features that can be removed/disabled to increase the user application memory. Further gain can be obtained by reducing memory loss due to alignment constraint, or by tailoring the memory mapping for a specific IDE.

Table 18. SBSFU code size reduction

| Option                                                                                                 | Description                                                                                                  | Gain                                                                                     |
|--------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------|
| Disable the RSA feature.                                                                               | This only removes the ability to handle RSA keys.                                                            | ~ 2 Kbytes                                                                               |
| Select the AES-GCM symmetric cryptographic scheme                                                      | Shared symmetric key secret stored in the device                                                             | Up to 6 Kbytes if the<br>'import blob' feature is<br>also disabled (no ECDSA,<br>no RSA) |
| Disable SFU_DEBUG_MODE.                                                                                | No more information displayed on the terminal during the SBSFU execution                                     | ~ 13 Kbytes                                                                              |
| Remove Y-MODEM, UART                                                                                   | No more possible to update the firmware (make sense to remove UART only if SFU_DEBUG_MODE is disabled.)      | ~ 3 Kbytes                                                                               |
| Remove SE internal isolation based on MPU/GTZC (only when all STM32 code is fully trusted and robust). | Removes alignment constraints with MPU/GTZC regions.                                                         | Up to 12 Kbytes                                                                          |
| Reduce KMS data storage.                                                                               | Reduces the number of keys stored in the KMS NVM, or short memory expected life-time.                        | 4 Kbytes                                                                                 |
| Configure the system clock with LL interface.                                                          | The code is a bit more complex and the tamper must not be used as the removed HAL dependencies are restored. | ~ 2 Kbytes                                                                               |

The relation between footprint and allocation gain is not always proportional. Reducing the footprint ~1,5 Kbytes can lead to zero gain in allocation, or to 4-Kbyte gain in allocation.

Reallocating boundaries for less than 4 Kbytes is technically possible but requires reworking the full MPU mapping provided in the STM32CubeWL (eight maximum regions allowed for each STM32WL5x core, flash memory and RAM included) . The examples in this application note avoid changing MPU region sizes, and avoid adding MPU regions.

Remapping can reduce the flash memory efficiently when tailored to a specific IDE compiler.

Note: The memory mapping may change with each STM32CubeWL revision.

AN5682 - Rev 2 page 53/59



## **Revision history**

Table 19. Document revision history

| Date         | Version | Changes                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
|--------------|---------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 26-July-2021 | 1       | Initial release.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      |
| 09-Nov-2022  | 2       | Updated:  Section 2 Secure project overview  Section 2.2.3 SKMS (secure key management services)  Section 2.3.4 SKMS and cryptographic configuration  Section 3 Firmware programming guide  Section 3.1 How to generate a <secure_rf_app>  Section 3.2.2 How to update/download only <rf_app>_DualCore_CM0PLUS or <rf_app>_DualCore_CM4 via Y-MODEM  Section 3.3.2 Configure <rf_app> firmware to allow debug  Section 6.1.1 LoRaWAN End_Node dual-core application  Section 6.1.2 Sigfox push-button dual-core application  Section 6.2 SBSFU application</rf_app></rf_app></rf_app></secure_rf_app> |

AN5682 - Rev 2 page 54/59



## **Contents**

| 1 | Gen   | General information |                                                                                                           |          |  |
|---|-------|---------------------|-----------------------------------------------------------------------------------------------------------|----------|--|
| 2 | Secu  | ure proj            | ect overview                                                                                              | 4        |  |
|   | 2.1   | Directo             | ory structure                                                                                             | 5        |  |
|   | 2.2   | SBSFU               | J features and switches                                                                                   | 5        |  |
|   |       | 2.2.1               | Secure Boot (root-of-trust services)                                                                      | 5        |  |
|   |       | 2.2.2               | SFU (Secure Firmware Update)                                                                              | 6        |  |
|   |       | 2.2.3               | SKMS (secure key management services)                                                                     | 8        |  |
|   |       | 2.2.4               | SBSFU cryptographic middleware                                                                            | 9        |  |
|   |       | 2.2.5               | SBSFU cryptographic schemes                                                                               | 9        |  |
|   | 2.3   | SBSFU               | J configuration in RF applications                                                                        | 9        |  |
|   |       | 2.3.1               | Common SFU configuration                                                                                  | 10       |  |
|   |       | 2.3.2               | Cortex-M4 SFU configuration                                                                               | 11       |  |
|   |       | 2.3.3               | Cortex-M0+ SFU configuration                                                                              | 11       |  |
|   |       | 2.3.4               | SKMS and cryptographic configuration                                                                      | 12       |  |
| 3 | Firm  | ware pr             | ogramming guide                                                                                           | 15       |  |
|   | 3.1   | How to              | generate a <secure_rf_app></secure_rf_app>                                                                | 16       |  |
|   | 3.2   | How to              | download and execute the firmware                                                                         | 21       |  |
|   |       | 3.2.1               | Generate and download the big binary file                                                                 | 21       |  |
|   |       | 3.2.2               | How to update/download only <rf_app>_DualCore_CM0PLUS <rf_app>_DualCore_CM4 via Y-MODEM</rf_app></rf_app> | or<br>22 |  |
|   | 3.3   | How to              | debug <rf_app></rf_app>                                                                                   | 23       |  |
|   |       | 3.3.1               | Configure SBSFU firmware to allow debug                                                                   | 24       |  |
|   |       | 3.3.2               | Configure <rf_app> firmware to allow debug</rf_app>                                                       | 25       |  |
|   |       | 3.3.3               | Compile the big binary file and download                                                                  | 26       |  |
|   |       | 3.3.4               | Attach the debugger                                                                                       | 26       |  |
| 4 | Privi | ileged/u            | nprivileged coding                                                                                        | 27       |  |
|   | 4.1   | NVIC.               |                                                                                                           | 28       |  |
|   | 4.2   | Critical            | sections                                                                                                  | 29       |  |
|   | 4.3   | Crypto              | graphic functions                                                                                         | 33       |  |
| 5 | Mem   | nory ma             | pping                                                                                                     | 37       |  |
| 6 |       |                     |                                                                                                           |          |  |
|   | 6.1   | •                   | al-core applications                                                                                      |          |  |
|   |       | 6.1.1               | LoRaWAN End_Node dual-core application                                                                    |          |  |
|   |       | 6.1.2               | Sigfox push-button dual-core application                                                                  |          |  |
|   | 6.2   | SBSFU               | J application                                                                                             |          |  |
|   |       |                     |                                                                                                           |          |  |



| 7 H     | How to customize the memory mapping |                                                                |    |
|---------|-------------------------------------|----------------------------------------------------------------|----|
| 7.      | Memory use versus memory allocation |                                                                |    |
| 7.      | 2 How t                             | to change the memory repartition between the cores             | 46 |
| 7.3     | 3 How t                             | to reduce the SBSFU footprint and remap the memory accordingly | 49 |
|         | 7.3.1                               | NVM KMS Data Storage                                           | 50 |
|         | 7.3.2                               | Trace and tamper                                               | 51 |
|         | 7.3.3                               | RSA/ SECoreBin                                                 | 52 |
|         | 7.3.4                               | Summary                                                        | 53 |
| Revisi  | on history                          | /                                                              | 54 |
| List of | tables                              |                                                                | 57 |
| List of | figures                             |                                                                | 58 |



## **List of tables**

| Table 1.  | Terms and acronyms                                            | . 2 |
|-----------|---------------------------------------------------------------|-----|
| Table 2.  | Security common switches                                      | . 7 |
| Table 3.  | Security Cortex-M0+ switches                                  | . 7 |
| Table 4.  | Security Cortex-M4 switches                                   | . 7 |
| Table 5.  | SKMS features default configuration                           | . 8 |
| Table 6.  | Cryptographic switches                                        | . 9 |
| Table 7.  | Automated process scripts                                     | 21  |
| Table 8.  | Flash memory mapping                                          | 37  |
| Table 9.  | RAM mapping                                                   | 38  |
| Table 10. | Memory footprint for LoRaWAN_Secure_DualCore_End_Node_CM0PLUS | 40  |
| Table 11. | Memory footprint for LoRaWAN_Secure_DualCore_End_Node_CM4     | 41  |
| Table 12. | Memory footprint for Sigfox_Secure_DualCore_End_Node_CM0PLUS  | 41  |
| Table 13. | Memory footprint for Sigfox_Secure_DualCore_End_Node_CM4      | 42  |
| Table 14. | Memory footprint for SECoreBin                                | 42  |
| Table 15. | Memory footprint for SBSFU Cortex-M0+                         | 42  |
| Table 16. | Memory footprint for SBSFU Cortex-M4                          | 43  |
| Table 17. | LoRaWAN_SBSFU_1_Slot_DualCore regions                         | 45  |
| Table 18. | SBSFU code size reduction                                     | 53  |
| Table 19. | Document revision history                                     | 54  |



# **List of figures**

| Figure 1.  | SBSFU_1_Slot_DualCore structure                                                    | . 4 |
|------------|------------------------------------------------------------------------------------|-----|
| Figure 2.  | Project file structure                                                             | . 5 |
| Figure 3.  | Boot flow with SBSFU                                                               | . 6 |
| Figure 4.  | Cryptographic library structure                                                    | . 9 |
| Figure 5.  | File structure of common security configuration                                    | 10  |
| Figure 6.  | File structure of Cortex-M4 security configuration                                 | 11  |
| Figure 7.  | File structure of Cortex-M0+ security configuration                                | 11  |
| Figure 8.  | File structure of KMS and cryptographic definition                                 | 12  |
| Figure 9.  | File structure of cryptographic scheme                                             | 14  |
| Figure 10. | Project order structure                                                            | 15  |
| Figure 11. | Application generation steps                                                       |     |
| Figure 12. | File structure of KMS user key configuration                                       |     |
| Figure 13. | File structure of SECoreBin output                                                 |     |
| Figure 14. | File structure of SBSFU Cortex-M0+ output (EWARM example)                          | 18  |
| Figure 15. | File structure of SE interface (EWARM example)                                     |     |
| Figure 16. | File structure of SBSFU Cortex-M4 output (EWARM example)                           | 19  |
| Figure 17. | File structure of <rf_app> Cortex-M0+ output</rf_app>                              | 19  |
| Figure 18. | File structure of <rf_app> Cortex-M0+ encrypted output</rf_app>                    | 19  |
| Figure 19. | File structure of <rf_app> Cortex-M4 output</rf_app>                               | 20  |
| Figure 20. | File structure of <rf_app> Cortex-M4 encrypted + big binary</rf_app>               | 20  |
| Figure 21. | File structure of automated process scripts                                        | 21  |
| Figure 22. | Terminal configuration                                                             | 22  |
| Figure 23. | Y-MODEM logs                                                                       | 22  |
| Figure 24. | How to use Y-MODEM from terminal                                                   |     |
| Figure 25. | UART baudrate configuration                                                        | 24  |
| Figure 26. | File structure of End_Node dual-core debug configuration                           |     |
| Figure 27. | Compile optimization level (example for IAR Embedded Workbench)                    | 25  |
| Figure 28. | sys_privileged_services.c/h and sys_privileged_wrap.c/h                            | 27  |
| Figure 29. | SBSFU binary calling SKMS for integrity and authenticity checks                    | 33  |
| Figure 30. | <pre><rf_app> binary calling SKMS (part of SBSFU binary)</rf_app></pre>            | 35  |
| Figure 31. | File structure of linker_common                                                    | 38  |
| Figure 32. | File structure of <rf_app> linker</rf_app>                                         | 39  |
| Figure 33. | Allocation of 256-Kbyte flash memory ( <secure_rf_app> projects)</secure_rf_app>   | 40  |
| Figure 34. | LoRaWAN_SBSFU_1_Slot_DualCore flash memory use vs allocation                       | 44  |
| Figure 35. | Sigfox_SBSFU_1_Slot_DualCore flash memory use vs allocation                        | 45  |
| Figure 36. | <pre><rf_app> memory repartition allocation without impact on SBSFU</rf_app></pre> | 46  |
| Figure 37. | MPU region 4 - Changing subregion settings                                         |     |
| Figure 38. | SBSFU memory optimization                                                          |     |
| Figure 39. | KMS_DataStorage reduction                                                          | 50  |
| Figure 40. | Example to reduce SBSFU by 12 Kbytes                                               | 52  |
| Figure 41. | Example to reduce SBSFU by a 16-Kbyte subregion                                    | 52  |

AN5682 - Rev 2 page 58/59



#### **IMPORTANT NOTICE - READ CAREFULLY**

STMicroelectronics NV and its subsidiaries ("ST") reserve the right to make changes, corrections, enhancements, modifications, and improvements to ST products and/or to this document at any time without notice. Purchasers should obtain the latest relevant information on ST products before placing orders. ST products are sold pursuant to ST's terms and conditions of sale in place at the time of order acknowledgment.

Purchasers are solely responsible for the choice, selection, and use of ST products and ST assumes no liability for application assistance or the design of purchasers' products.

No license, express or implied, to any intellectual property right is granted by ST herein.

Resale of ST products with provisions different from the information set forth herein shall void any warranty granted by ST for such product.

ST and the ST logo are trademarks of ST. For additional information about ST trademarks, refer to www.st.com/trademarks. All other product or service names are the property of their respective owners.

Information in this document supersedes and replaces information previously supplied in any prior versions of this document.

© 2022 STMicroelectronics - All rights reserved

AN5682 - Rev 2 page 59/59