Introduction

This document describes the firmware upgrade services (FUS) available on STM32WB Series microcontrollers. These services

are provided by ST code located in a secure portion of the embedded Flash memory, and is used by any code running on

Cortex

-M4 with an user Flash memory or through embedded bootloader commands (also running on Cortex

-M4).

ST firmware upgrade services for STM32WB Series

AN5185

Application note

AN5185 - Rev 3 - July 2019

For further information contact your local STMicroelectronics sales office.

www.st.com

1 General information

This document applies to STM32WB Series Arm

-based devices.

Note: Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

1.1 Firmware upgrade services definition

FUS (firmware upgrade services) is a firmware running on STM32WB Cortex

-M0+ and offering following

features:

1. Install, upgrade or delete STM32WB Cortex

-M0+ wireless stack:

– Only encrypted and signed by ST

– Optionally, additionally double signed by customer if needed

2. FUS self-upgrade:

– Only encrypted and signed by ST

– Optionally, additionally double signed by customer if needed

3. Customer authentication key management:

– Used for images double signature

– Install, update and lock the customer authentication key

4. User key management:

– Store customer keys

◦ Master key

◦ Simple clear key

◦ Encrypted key (by master key)

◦

In secure area accessible only by Cortex

-M0+ code.

– Write stored key (simple or encrypted) into AES1 (advanced encryption standard) in secure mode (key

not accessible by Cortex

-M4)

– Key width: 128 or 256 bits

– Up to 100 user keys (encrypted by master key or clear) and 1 user master key

5. Communication with Cortex

-M4 (user code or bootloader):

– Through IPCC commands and response model (same as wireless stack model)

– Commands already supported by STM32WB bootloader (in ROM)

1.2

FUS versioning and identification

The user needs to read the shared table memory in SRAM2a to identify FUS version, as explained in Section

1.6 Shared tables memory usage and in Section 6.1 Shared tables usage.

The first word in SRAM2a pointed by IPCCDBA option byte is the "Device info table" address. This table

(described in Table 5. Device information table) contains the FUS version at offset 0xC which is encoded on four

bytes. Typically, if IPCCDBA=0x0000 and @0x20030000 contains 0x20030024, then FUS version is

@0x20030030.

Installation of a FUS image respects the conditions stated in the image binary release notes.

AN5185

General information

AN5185 - Rev 3

page 2/33