Introduction article for Initial Attestation example
Literature
- Step by step Wiki article: How to start with Initial Attestation on STM32U3
- AN6205 Introduction to the use of PKA Key wrapping
- RM0487 STM32U3 Reference Manual
- Initial Attestation using Mbed TLS and the STM32 coupling and chaining bridge peripheral (CCB)
- X-CUBE-RSSe Root security System binaries extensions and configuration files package
Introduction
Initial Attestation or Device Attestation is used in many use cases.
Initial attestation is used to filter which device can access a sensitive service.
To make the OEM manufacturing easier, STMicroelectronics has preprovisioned for each device a unique ECC asymmetric key pair and a certificate used for the device unique authentication. It is called the DUA initial attestation key. It is dedicated to and used by the PSA initial attestation service to sign the token.
1. DUA keys
Inside the chip, two key pairs are provided: the DUA_USER and DUA_USLU.
DUA stands for Device Unique Authentication.
The first key is User Usage while the second is User Licensed Usage.
The Certificate Authority of the DUA_USER key is public and available in the certificate utility within the STM32U3 Cube firmware.
The Certificate Authority of the DUA_USLU key is provided to the customer only if they need it. It is delivered under a NDA.
The useful parts of the DUA certificates are stored in a nonprotected memory; any application or debug access is allowed to read them.
However, the private keys are kept secret even toward the OEM. Only the RSSe_KW can provide their access in a wrapped format.
To help customers with the initial attestation use case, ST provides middlewares and examples to be able to use these private keys and to build the Entity Attestation Token.
2. Get wrapped DUA key with RSSe
This process ensures the secure export of the DUA private key, protecting it from unauthorized access and side-channel attacks.
For detailed guidance on Wrapped DUA private Key export using RSSe KW, refer to the application note AN6278. This document provides an introduction to the RSS extension for Key Wrap (RSSe KW) service on the STM32 MCUs.
STM32U3 HW Cryptographic Subsystem guaranties the DUA private keys’ secrecy. The customer can get access to the private keys in a wrapped format using STM32CubeProgrammer tool and the RSSe_KW (provided inside the X-Cube RSSe (add link)). These wrapped keys are usable only on the device from which they are extracted, with an application running in the context the key was requested in the Cube Programmer command (see AN6278 table 16 for more information) and with the RDP level > 0.
3. Entity Attestation Token (EAT) creation
The initial attestation service can create an entity attestation token (EAT) on request, which contains a fixed set of device specific data.
There are three elements in an Entity Attestation Token.
- Claims: it corresponds to the device identity and provides information about its origin and its security level for example. Can contain:
- Device identifiers (e.g., serial number, model number)
- Manufacturer details
- Hardware and software versions
- Security status (e.g., firmware integrity, secure boot status).
- Random number or “challenge” from the service provider it wants to access. This element is important to be sure that the request is the one initiated and not some old request.
- The signature of the EAT content, computed with a private key stored in the chip (DUA). It allows to validate the integrity of data above (no modification) and to authenticate the device because this key is unique per device and secret.
The device sends the EAT to the server.
In the application example delivered in STM32Cube Firmware, here are the steps developed to create an EAT:
- Step1: The challenge generated by the service provider / Informations are collected to fill the attestation token
- Step2: Compute the hash of the attestation token
- Step3: Import the device user key (DUA_USER or DUA_USLU) to sign the token
- Step4: Token signature generation
- Step5: Entity Attestation Token Generation
- Step6: Certificate Retrieval
