Otpbin Seeprombin Upd -

stm32programmer_cli -g ./update_project.xml -upd ./firmware_v2.upd

// Update procedure using OTPBin and SEEPROMBin
int perform_update(const uint8_t* new_firmware, uint32_t size) 
    // 1. Verify signature using OTP-stored public key
    if (!verify_signature(new_firmware, size, OTP_PUBKEY_ADDR)) 
        return -1; // Invalid signature
// 2. Read current version from SEEPROMBin
uint32_t current_ver = seeprom_read(UPDATE_VERSION_ADDR);
uint32_t new_ver = get_firmware_version(new_firmware);
if (new_ver <= current_ver) 
    return -2; // Rollback prevented
// 3. Write new firmware to application area
flash_erase(APP_START_ADDR);
flash_write(APP_START_ADDR, new_firmware, size);
// 4. Update SEEPROMBin with new version and status
seeprom_write(UPDATE_VERSION_ADDR, new_ver);
seeprom_write(UPDATE_STATUS_ADDR, UPDATE_SUCCESS);
// 5. Reset device
system_reset();
return 0;

---

Often, a successful firmware update (UPD) can:

A sophisticated embedded system might combine all three in a secure update pipeline: otpbin seeprombin upd

Some embedded development tools use the command syntax:

programmer --otpbin otp_data.bin --seeprombin eeprom_data.bin --upd firmware.upd

Here, --upd triggers the update sequence, first burning OTP (if unprogrammed), then writing the EEPROM image, and finally programming the main flash. stm32programmer_cli -g

Because EEPROM is rewritable, attackers can: