How to start with certificate linked to SOC class and ID on STM32H5
Target description
The generation of a root certificate and a certificate chain and how to use it to open the debugger through a debug authentication are explained in the two following articles:
- How to start with OEMiRoT on STM32H573 and 563 TrustZone enabled.
- How to start with STiRoT on STM32H573.
The purpose of this article is to explain how to generate a certificate and a certificate chain valid only for one specific MCU product and for one specific sample.
Introduction
It is advised to read the following article: Debug Authentication STM32H5 How to Introduction.
Read the chapter about the root certificate and the certificate chain included in one of the "How to start" mentioned previously.
Prerequisites
To try out the certificate and certificate chain that will be generated, a provisioned board is needed with an installed running application code.
It is advised to use one of the two following examples based on the STM32Cube Firmware.
Execute chapter 1 to chapter 4
- How to start with OEMiRoT on STM32H573 and 563 TrustZone enabled.
- How to start with STiRoT on STM32H573.
Step by step instructions
- The different stages to configure and use the STiRoT are based on a script provided in the STM32CubeFW (provisioning.bat)
- The following documentation is a guide through all the steps of this script, and explains how to perform each of them.