Secure Bootloader

Problem Solved

Unleash your STM32-based IoT device or embedded system with our new second-generation V2  Secure Bootloader and Firmware Update solution with delta patching, multi-segment and SPI flash capability.

Get state of the art security, application integration, build-system integration, APIs, full source code and support, faster and for less cost than if you did it yourself.

Secure Bootloader IoT Device Internal Flash Layout (V2)FM-SBSFU V2 Secure Bootloader Firmware Update System for STM32


  • Image authentication with ECDSA.
  • Image encryption with AES.
  • Download and install patches containing only differences with new firmware.
  • Dual image capability. 3
  • Multi-Segment.
  • Supporting External SPI Flash.
  • Supports STM32Cube IDE.
  • Supports TouchGFX.
  • Includes firmware image preparation tool (requires Python).
  • Simple and easy to use firmware update APIs.
  • Full source code provided.
  • Option for firmware update via USB flash drive in bootloader.


  • Allows your product's firmware to be safely and securely updated in the field.
  • Prevents unauthorized 3rd parties from installing malicious firmware. 2
  • Dual Image update method offers robust and reliable in-field updates of your devices.
  • Delta patches offer smaller downloads reducing time-on-air costs like network access fees and battery consumption. 1
  • Multi-Segment allows handling of application binaries located in discontinuous segments - for example application binary in MCU flash and application resources in external QSPI flash.
  • External SPI flash support allows for larger application binaries by freeing up the MCU internal flash for the application executable while maintaining dual-image robustness.
  • Get a bootloader, security, OTA update and STM32 MCU expert to perform the integration and guide you and your staff to firmware update bliss.
  • Get a tested and working solution up and running fast.


Product Flyer


 Contact Us 

Sample API


// Initialize the patching engine in preparation for update.
uint32_t SFU_APP_Init(uint32_t uFileSize);

// Supply patch data to the patching engine.
// Data can be supplied in chunks of any size to adapt to any
// OTA download method.
uint32_t SFU_APP_Data(uint8_t *pData, uint32_t uSize);

// Complete the patching operation.
uint32_t SFU_APP_Finish();

// Get the currently installed firmware version.
SE_ErrorStatus SE_APP_GetActiveFwInfo(SE_StatusTypeDef *peSE_Status, SE_APP_ActiveFwInfo *p_FwInfo);



  • Git project (re)structured appropriately.
  • SBSFU application, this is the bootloader executable.
  • SECORE application, this the secure core and patching engine, hosted inside the bootloader but built separately.
  • TestApp application, a sample application that demonstrates bootloader functionality.
  • Your application, suitably modified as you require to work seamlessly with the bootloader and the patching engine.
  • Python tool to generate the secure firmware patch for distribution, and the bootloader+application combined image for manufacturing.
  • Integration of the Python tool into your build system.
  • Support for ensuring update APIs work with your OTA update strategy, or implementation of your selected OTA update strategy (cellular, LoRaWAN, USB flash drive, Contactless NFC, custom).


See the bootloader in action in this demonstration.

The Fine Print

  1. Actual delta patch compression ratio depends on application program structure and number of differences between versions.
  2. Secure root of trust must be established by enabling RDP Level 2 at time of production.
  3. Device must have enough internal flash space to hold two complete copies of the application firmware (now and projected),  and secure bootloader (50K typical but varies with features and target sector sizes).
  4. Integration requires access to repository in GitHub or Bitbucket or similar Git-based version control system.
  5. A UART debug port should be available on your device to help verify and validate the bootloader operation.
  6. Organizations based in Canada are charged 5% GST.
  7. Components licensed under ST Ultimate Liberty license and Firmware Modules Commercial license.  The bootloader may only be distributed on ST devices and in binary form on devices you make.
  8. You get support for the life of your product.  That's right - if there's something wrong with the bootloader or FOTA update system, keep us in the loop.



Get Your Secure Bootloader and Secure Firmware Update System Now