STM32 Secure Patching Bootloader

Regular price $2,995.00
Please contact us if you are interested in this product.

Based upon our proven Firmware Modules Secure Boot and Secure Firmware Update (FM-SBSFU), we bring to you a new, simplified and improved solution that makes it far easier to get world-class secure firmware update capabilities into any STM32-based embedded system.

We are pleased to bring you the STM32 Secure Patching Bootloader. 

Features Overview:

  • Dual slot architecture.
  • Encrypted and signed firmware update images.
  • Delta Patch Engine -automatic patch generation (in tools) and application (in bootloader).
  • Multiple application firmware update methods, from the bootloader, where hardware permits: UART or USB flash.
  • In-application (IAP) and over-the-air (OTA) update support from within the application at runtime via easy to use API.
  • Pre-built libraries - nothing to build, it just works out of the box.
  • Ready-to-go firmware image preparation scripts for Python including secure patch generation.
  • Can deploy and update TouchGFX applications.
  • Designed for STM32CubeIDE.
  • 64-bytes uninitialized area reserved at start of RAM for user application requirements such as fault info reporting.
  • 128-byte reserved OTP area for secure identity provisioning.
  • Reserves 40-80 KB at start of internal flash.
  • Reserves 5 KB at start of SRAM for IAP services.

The solution has a FREE development edition for supported NUCLEO, DISCO and EVAL boards.  

Refer to our GitHub Repository to setup and use our bootloader system with one of these platforms.

If you are launching a commercial product or project with custom hardware, consider supporting us by registering the STM32 Secure Patching Bootloader.

Registered users of the STM32 Secure Patching Bootloader get:

  • Bootloader library customized for your platform (E.g. flash layout, clock configuration, UART I/O configuration, external flash support).
  • Dedicated personalized support through email.
  • License to use your custom bootloader binary and build system tools for an unlimited number of units for one product line/board configuration (enforced by bootloader's board-specific build-time configuration).

Our Standard Registration includes all features and capabilities except for external flash and TouchGFX support.

Our External Flash Registration include all features and capabilities of the Standard Registration plus support for your board's external (Q)(O)SPI flash for placement of SLOT1 (download slot).

Our TouchGFX Registration includes all features and capabilities of the Standard and External Flash version plus support for loading and updating TouchGFX applications.  The system creates a single combined .hex and .sfb/.sfbp update files to support your TouchGFX application spread across internal and external flash.

After registration we will get you a short questionnaire to fill out with your specific STM32 Secure Patching Bootloader configuration needs.  You will have your customized bootloader within as little as 1 day!

While we offer a comprehensive Quick Start Guide for your development team to reference while performing the bootloader integration into your application and build system, some customers prefer us to handle it.  We charge $1000 CAD for the bootloader integration service.  For as little as $3995 you can have your product's core bootloader and firmware update system solved without allocating any internal resources.  Quite a bargain!

Our STM2 Secure Patching Bootloader Customization Questionnaire

 Customizable Element Example
MCU Part Number STM32F429ZI
Board Name SensorThingyRevA

Clock Source: HSE? Speed?

 (Note: HSE is optional in projects without USB)


Internal Flash Allocation

All remaining, or




Diagnostic UART Parameters (115200,N,8,1 default)


External Flash YES/NO and Part Number

* Requires External Flash Registration

YES - MX25LM51245G

CLK - PA7, CS - PA8, MISO - PA9, MOSI - PA10

MultiSegment YES/NO

* YES only valid if External Flash is YES

* Specify start of (Q)(O)SPI memory mapped address

* Specify start address of SLOT0 extension (SEG1) and length



0x90002000 (leaves 8K at start of QSPI flash)


Questions?  Refer to our GitHub Repository or Contact us.