1. Purpose[edit | edit source]
In this article, the stm32key
U-Boot command is used to illustrate and experiment the steps to provision the keys in the correct OTP needed to activate secure boot features: authentication and encryption.
It also allows to directly set the device to CLOSED state.
1.1. Prerequisite[edit | edit source]
All the required keys have to be generated to provision the OTP.
2. stm32key command[edit | edit source]
U-Boot in OpenSTLinux embeds a stm32key
command that can be called from U-Boot command line interface to manage the keys in OTPs.
STM32MP> stm32key help stm32key - Manage key on STM32 Usage: stm32key list : list the supported key with description stm32key select [<key>] : Select the key identified by <key> or display the key used for read/fuse command stm32key read [<addr> | -a ] : Read the curent key at <addr> or current / all (-a) key in OTP stm32key fuse [-y] <addr> : Fuse the current key at addr in OTP stm32key close [-y] : Close the device, force use of PKH stored in OTP
The optional option -y
is used to skip the confirmation message.
The name of the used <key> is
STM32MP> stm32key list PKHTH : Hash of the 8 ECC Public Keys Hashes Table (ECDSA is the authentication algorithm) OTP24..32 EDMK : Encryption/Decryption Master Key" OTP92..95
STM32MP> stm32key list PKH : Hash of the ECC Public Key (ECDSA is the authentication algorithm) OTP24..32
3. Authentication keys provisioning[edit | edit source]
The key provisioning is the first step to enable the authentication: burn the keys in OTPs with the key hash output file from STM32 KeyGen.
3.1. Select keys[edit | edit source]
Key is selected with the command sm32key select <key>
, with <key>=
STM32MP> sm32key select PKHTH PKHTH selected
STM32MP> sm32key select PKH PKH selected
3.2. Load keys file in DDR[edit | edit source]
The keys hash file, output file from STM32 KeyGen, must be available in DDR before proceeding the stm32key
command;
this file is loaded at 0xc0000000 in the next examples.
The file publicKeysHash.bin can be loaded from a filesystem partition on a storage device by using the load
command.
For example, the file publicKeysHash.bin is in the bootfs (partition 7) on SD card (mmc0):
STM32MP> load mmc 0:7 0xc0000000 publicKeysHash.bin 32 bytes read in 50 ms (0 Bytes/s)
3.3. Verify keys file in DDR[edit | edit source]
Once the publicKeysHash.bin file is loaded in DDR, you can verify the content of the file with the command:
STM32MP> stm32key read 0xc0000000
Example for STM32MP13x lines with PKHTH
STM32MP> stm32key read 0xC0000000 Read PKHTH at 0xc0000000 PKHTH OTP 24: [c0000000] 27051956 PKHTH OTP 25: [c0000004] b56aef2d PKHTH OTP 26: [c0000008] 6215263c PKHTH OTP 27: [c000000c] 00000439 PKHTH OTP 28: [c0000010] 00000000 PKHTH OTP 29: [c0000014] 00000000 PKHTH OTP 30: [c0000018] 72429173 PKHTH OTP 31: [c000001c] 05020600
Example for STM32MP15x lines with PKH
STM32MP> stm32key read 0xC0000000 Read PKH at 0xc0000000 PKH OTP 24: [c0000000] 27051956 PKH OTP 25: [c0000004] b56aef2d PKH OTP 26: [c0000008] 6215263c PKH OTP 27: [c000000c] 00000439 PKH OTP 28: [c0000010] 00000000 PKH OTP 29: [c0000014] 00000000 PKH OTP 30: [c0000018] 72429173 PKH OTP 31: [c000001c] 05020600
3.4. Key provisioning[edit | edit source]
To write and lock the keys in OTP, you use the command:
STM32MP> stm32key fuse 0xc0000000
3.5. Verify keys file in OTP[edit | edit source]
After the previous command, the device contains the keys to authenticate images and it can be verified with the command:
STM32MP> stm32key read
Result for STM32MP13x lines with PKHTH
STM32MP> stm32key read PKHTH OTP 24: 27051956 lock : 50000000 PKHTH OTP 25: b56aef2d lock : 50000000 PKHTH OTP 26: 6215263c lock : 50000000 PKHTH OTP 27: 00000439 lock : 50000000 PKHTH OTP 28: 00000000 lock : 50000000 PKHTH OTP 29: 00000000 lock : 50000000 PKHTH OTP 30: 72429173 lock : 50000000 PKHTH OTP 31: 05020600 lock : 50000000
Result for STM32MP15x lines with PKH
STM32MP> stm32key read PKH OTP 24: 27051956 lock : 50000000 PKH OTP 25: b56aef2d lock : 50000000 PKH OTP 26: 6215263c lock : 50000000 PKH OTP 27: 00000439 lock : 50000000 PKH OTP 28: 00000000 lock : 50000000 PKH OTP 29: 00000000 lock : 50000000 PKH OTP 30: 72429173 lock : 50000000 PKH OTP 31: 05020600 lock : 50000000
4. Encryption Decryption Master Key provisioning[edit | edit source]
The EDMK key provisioning is the first step to enable the image decryption.
It is only available on STM32MP13x lines .
4.1. Select EDMK[edit | edit source]
Key is selected with the command sm32key select <key>
, with <key>=
STM32MP> stm32key select EDMK EDMK selected
4.2. Load EDMK file in DDR[edit | edit source]
The keys file must be available in DDR before proceeding the stm32key
command;
this file is loaded at 0xc0000000 in the next examples.
The file edmk.bin can be loaded from a filesystem partition on a storage device by using the load
command.
For example, the file edmk.bin is in the bootfs (partition 7) on SD card (mmc0):
STM32MP> load mmc 0:7 0xc0000000 edmk.bin 32 bytes read in 50 ms (0 Bytes/s)
4.3. Verify EDMK in DDR[edit | edit source]
Then you can verify the content of keys files loaded in DDR with the command: sm32key read <addr>
Result for STM32MP13x lines with EDMK and <addr>=0xc0000000
STM32MP> stm32key read 0xc0000000 Read EDMK at 0xc0000000 EDMK OTP 92: [c0000000] 27051956 EDMK OTP 93: [c0000004] b56aef2d EDMK OTP 94: [c0000008] 6215263c EDMK OTP 95: [c000000c] 00000439
4.4. EDMK provisioning[edit | edit source]
To write and lock the EDMK in OTP, you use the command with the same address:
STM32MP> stm32key fuse 0xc0000000
4.5. Verify EDMK in OTP[edit | edit source]
After the previous command, the device contains the keys to decrypt the images and it can be verified with the command:
STM32MP> stm32key read
Result for STM32MP13x lines with EDMK
STM32MP> stm32key read EDMK OTP 92: 00000000 lock : 50000000 EDMK OTP 93: 00000000 lock : 50000000 EDMK OTP 94: 00000000 lock : 50000000 EDMK OTP 95: 00000000 lock : 50000000
Warning the content of the key can't be read, it is masked, but the lock property can be verified to ensure the key as been written.
5. Closing the device[edit | edit source]
Once the authentication process is confirmed in ROM code and in TF-A, the device can be closed to ensure that only signed images can be used.
This operation is perform with the U-Boot command:
STM32MP> stm32key close