under construction
1. Environment setup
1.1. HW
1.2. SW
- CubeFW
- XCube security
1.3. Tools
- CubePrg
2. Development @ OEM: Firmware creation
3. Secure Room @ OEM: SFI package generation and HSM provisioning
3.1. Package structure overview
copy windows directories tree
3.2. SFI package generation
3.2.1. Inputs preparation
3.2.1.1. Key
3.2.1.2. IV
3.2.1.3. OEM FW
3.2.1.4. OEM OBK
3.2.1.4.1. DA
from C:\STM32CubeFirmware_Installation_path\Firmware\Projects\STM32H573I-DK\ROT_Provisioning\DA\Config\DA_Config.xml SMAK getting started: slide 50
3.2.1.4.2. HDPL1_for_STiRoT
from C:\STM32CubeFirmware_Installation_path\Firmware\Projects\STM32H573I-DK\ROT_Provisioning\SM\Config\SM_Config_Others.xml SMAK getting started: slide 49
3.2.1.4.3. HDPL2_for_3NS_Config
from C:\STM32CubeFirmware_Installation_path\Firmware\Projects\STM32H573I-DK\ROT_Provisioning\SM\Config\SM_Config_General.xml SMAK getting started: slide 46
3.2.1.4.4. HDPL2_for_3NS
from C:\STM32CubeFirmware_Installation_path\Firmware\Projects\STM32H573I-DK\ROT_Provisioning\SM\Config\SM_Config_Keys.xml generate obk %stm32tpccli% -pb %projectdir%ST\SM_ST_Settings_1.xml %stm32tpccli% -obk %projectdir%ST\SM_ST_Settings_2.xml SMAK getting started: slide 48
3.2.1.5. Modules
3.2.1.6. OB
3.2.1.7. output
Output SFI file is the file to be created with sfi extension.
3.2.2. SFI package generation using STM32 Trusted Package Creator CLI (command line interface)
3.2.3. SFI package generation using STM32 Trusted Package Creator GUI (graphical user interface)
3.3. HSM programming
10min
To program the HSM, you can follow the same steps described in this section of the SFI article using the STM32H573_DK MB1677 board: HSM programming.
After programming the HSM, it is now ready to be shipped to the CM together with the xxx.sfi package created before.