Revision as of 16:56, 27 February 2024 by Registered User (→‎External flash memory programming principle)
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.
Under construction.png Coming soon

1. What is SFIX

OEM product can embed external Flash additionally to STM32 internal Flash.
The SFIX solution provides security when programming STM32 devices and external Flash in a non-trusted facility owned by a Contract Manufacturer (CM).
The SFIX solution is the same solution than the SFI solution, it also allows the external Flash programming.

Info white.png Information
For detailed on SFIX, please refer to AN4992 STM32 MCUs secure firmware install (SFI) overview

2. External flash memory programming principle

The OEM external flash content must be encrypted to ensure the OEM data confidentiality.

External flash crypto is handled by the OTFDEC peripheral. This peripheral can encrypt and decrypt on-the-fly external firmware and data stored in external flash memory connected to STM32 microcontrollers through the OCTOSPI interface. The OTFDEC can handle up to 4 regions of external flash memory, each one with its own dedicated Key. The OTFDEC uses standard AES CTR 128-bit algorithm for encryption and decryption operations. Refer to the OTFDEC section of the STM32 microcontroller reference manual to get more insight.

The internal flash OEM firmware must enable the read/fetch of data/code within external flash memory, using OTFDEC and OCTOSPI peripherals.

3. External flash memory encryption with global key

4. External flash memory encryption with chip unique key

5. References


Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:SFIx&oldid=50503"