Target description
1. Introduction
A critical security feature is a dedicated memory location where secret data such as keys can be stored in a very safe way.
The STM32H5 provides up to five secure storage fuflilling this requirement, called OB Keys storages.
Every secure storage is temporaly isolated through the HDPL level.
The figure below shows the five OB Keys secure storages, one for every HDPL level (HDPL0, HDPL1, HDPL2 , HDPL3 Secure and HDPL3 Non-Secure).
2. The secure storage areas for STM32H5 (OB key area)
The secure storage areas are also called Option-Byte key (OBKeys) areas or secure key storage areas.
As mentioned in the introduction, the STM32H5 provides up to five secure storage areas that can be used to store key but also any sensitive or secret data.
Any of this area is related to a specific temporal isolation level HDPL. This will be explained in the next chapter.
The size and location of these areas are described in the table below:
HDPL0 (255 Bytes), HDPL1 (2047 Bytes), HDPL2 (767 Bytes), HDPL3S (3071 Bytes), HDPL3NS (2031 Bytes)
2.1. ==========
The hhhh Hardware Unique Key (HUK): to get a secure storage resistant to logical, side and physical attack. 5 secure storage domains; 4 HDPL Secure + 1 NS; Incl. Flash Secure Storage H5 Native support of key storage inside FLASH interface (enabling constraint debug feature)
5 secure storage areas • HDPL0 ➔ST (never erased) • HDPL1 ➔iROT (ST-iROT or OEM-iROT) • HDPL2 ➔uROT • HDPL3 + Secure ➔Trust Zone • HDPL3 + NS ➔Non secure appli
• Data can be Wrapped with DHUK • Based on HUK + Version counter • Different for each HDPLx