Debug Authentication STM32H5 How to Introduction

Revision as of 10:11, 21 March 2023 by Registered User (→‎Certificate chain creation)
Under construction.png Coming soon

Introduction to Debug Authentication for STM32H5 MCUs

1. Debug Authentication

  • Debug authentication controls
    • Debug opening
    • Regressions
  • It can be used
    • During development
    • During manufacturing
    • For field return analysis
  • Features
    • When TZ disabled: usage of a password (very similar to U5). Only regression possible
    • When TZ enabled: usage of cryptography (certificates). Regressions and debug opening
  • Debug Authentication principle
    • Uses JTAG dedicated access point (ap0) to communicate with the chip
    • Secure protocol defined by ARM : ARM PSA ADAC V1.0. (Authenticated Debug Access Control)[1]
SECURITY Debug Authentication principle.png

2. Debug Authentication - STM32H503 device

SECURITY Lifecycle TZ disabled.png

Provisioning with password management

  • STM32H503 doesn't provide OB-Key area and uses OTP(One time programming) to store the provisioning data
  • Provisioning data is the HASH (SHA256) of the Password
  • STM32TrustedPackageCreator is used to generate the Hash of the password choosen by user (16 bytes) adding SHA256 to ensure integrity
SECURITY Provisioning H503.png

Debug Authentication allows to control

  • Full Regression thanks to the Debug Authentication password
  • Debug Authentication password has to be provisioned in OTP to allow this regression
SECURITY Regression TZ disabled.png

Getting started with Debug Authentication

You can refer to the following page for getting started example of DA access on STM32H503 devices :

How to start with DA access on STM32H503

3. Debug Authentication - STM32H563/573 device when TrustZone disabled

SECURITY Lifecycle TZ disabled.png

Provisioning with password management

  • the provisioning data is located at beginning of the OBK-HDPL1 area
  • Provisioning data is the HASH (SHA256) of the Password
  • STM32TrustedPackageCreator is used to generate the obk files containing the HASH of the Debug Authentication password adding SHA256 to ensure integrity
SECURITY Provisioning TZ disabled 2.png

Debug Authentication allows to control

  • Full Regression thanks to the Debug Authentication password
  • Debug Authentication password has to be provisioned in OBKeys to allow this regression
SECURITY Regression TZ disabled.png

Getting started with Debug Authentication

You can refer to the following page for getting started example of DA access when TrustZone is disabled:

How to start with DA access on STM32H573 – TrustZone disabled

4. Debug Authentication - STM32H563/573 device when TrustZone enabled

SECURITY Lifecycle TZ enabled.png

Provisioning with certificate management

  • the provisioning data is located at beginning of the OBK-HDPL1 area
  • Provisioning data contain
    • HASH (SHA256) of the root Certificate Pub Key
    • SOC_PERMISSION: 16 bits defining the permissions authorized by default
  • STM32TrustedPackageCreator is used to generate the obk files containing the provisioning datas adding SHA256 to ensure integrity
SECURITY Provisioning TZ enabled.png

Debug Authentication allows to control

  • Re-enabling debug possibility
  • Partial or full regression

To perform Debug Authentication

  • the chip must be provisioned with
    • ECC public key
    • SOC_PERMISSION: 16 bits defining the permissions authorized by default
  • a certificate signed by a private ECC key has to be created to be able to authenticate, which embeds
    • ECC public key
    • PERM_MASK_CERT : which describes the capabilities associated with this certificate.
SECURITY Regression from closed TZ enabled 2.png

Getting started with Debug Authentication

You can refer to the following pages for getting started example of DA access when TrustZone is enabled:

5. Debug Authentication - Certificates

When debug authentication control is based on certificates (when TrustZone enabled (TZEN = 0xB4)), device must be provisioned with ECC public key and the SOC_PERMISSION. A certificate signed by a private ECC key has to be created to be able to authenticate

5.1. Generate certificate for DA access

  • The certificate embeds
    • ECC public key
    • PERM_MASK_CERT : which describes the capabilities associated with this certificate.
  • This certificate should be created in a secure environment.
  • Certificate is signed by a private ECC key to keep secret

This certificate is created with the tool STM32TrustedPackageCreator. User enters the public root key and defines the 16-bytes permission mask which allows a lot of flexibility: Full or Partial regression, or to open the debug for non-secure or secure application (setting 1 gives the permission) :

SECURITY DA Permission Mask.png

STM32CubeH5 package provides certificates and public keys examples in
STM32Cube_FW_H5_V1.0.0\Projects\STM32H573I-DK\ROT_Provisioning\DA\Certificates,
STM32Cube_FW_H5_V1.0.0\Projects\NUCLEO-H563ZI\ROT_Provisioning\DA\Certificates,
STM32Cube_FW_H5_V1.0.0\Projects\STM32H573I-DK\ROT_Provisioning\DA\Keys and
STM32Cube_FW_H5_V1.0.0\Projects\NUCLEO-H563ZI\ROT_Provisioning\DA\Keys folders.

User can make a provisioning and a full or partial regression using these examples without crating a certificate.

5.2. Certificate chain creation

A certificate chain is used to delegate Debug Authentication access with the capability to restrict the possible actions to an other team. We can imagine 3 teams :

  • Team A : A secure development team which must have access to complete platform SW/HW

The certificate for this team allows Full and partial regression, secure and nonsecure debug

  • Team B : A non-secure development team which should have only access to non-secure resources

In this case the certificate allows full and partial regression, nonsecure debug

  • Team C : A field engineer who should only have the capability to do a regression to check HW

Certificate must allow only full regression

6. References