Approved version. Approved on: 08:45, 10 October 2019
You are viewing an old version of this page. Return to the latest version.
Version of 08:45, 10 October 2019 by Gerald Baeza
- Last edited 3 years ago ago
STM32 header for binary files
The STM32 header is a STMicroelectronics header needed for binaries loaded by ROM code and by TF-A.
Each binary image (signed or not) loaded by ROM code and by TF-A need to include a specific STM32 header added on top of the binary data. The header includes the authentication information.
|Magic number||32 bits||0||4 bytes in big endian:|
'S', 'T', 'M', 0x32 = 0x53544D32
|Image signature||512 bits||4||ECDSA signature for image authentication[Header 1]|
|Image checksum||32 bits||68||Checksum of the payload[Header 2]|
|Header version||32 bits||72||Header version v1.0 = 0x00010000|
Byte1:major version = 0x01
Byte2: minor version = 0x00
|Image length||32 bits||76||Length of image in bytes[Header 3]|
|Image entry Point||32 bits||80||Entry point of image|
|Load address||32 bits||88||Load address of image[Header 4]|
|Version number||32 bits||96||Image Version (monotonic number)[Header 5]|
|Option flags||32 bits||100||b0=1: no signature verification[Header 6]|
|ECDSA algorithm||32 bits||104||1: P-256 NIST ; 2: brainpool 256|
|ECDSA public key||512 bits||108||ECDSA public key to be used to verify the signature.[Header 7]|
|Padding||83 Bytes||172||Reserved padding bytes[Header 8]. Must all be set to 0|
|Binary type||1 Byte||255||Used to check the binary type|
- ↑ Signature is calculated from first byte of header version field to last byte of image given by image length field.
- ↑ 32-bit sum of all payload bytes accessed as 8-bit unsigned numbers, discarding any overflow bits. Used to check the downloaded image integrity when signature is not used (if b0=1 in Option flags).
- ↑ Length is the length of the built image, it does not include the length of the STM32 header.
- ↑ This field is used by ROM code for specific executable images.
- ↑ Image version number is an anti rollback monotonic counter. The ROM code checks that it is higher or equal to the monotonic counter stored in OTP.
- ↑ Enabling signature verification is mandatory on secure closed chips.
- ↑ Hash of (algorithm+pubKey) is stored in OTP.
- ↑ This padding forces STM32 header size to 256 bytes (0x100).
The OTP used for the Version number and the Hash of (algorithm+pubKey) are defined in the chapter “OTP configuration“ of the ROM code overview.