1. Article purpose[edit source]
The main purpose of this article is to present how to use an Hardware Unique Key (HUK) on the STM32MPU platforms.
2. HUK overview[edit source]
The Hardware Unique Key is a symmetric encryption key stored in the OTP of the platform.
Thus, the HUK ensures that other chip cannot decrypt data encrypted with it. This is mandatory to properly enable a secure storage. The HUK prevents any hacker attempts access the data or clone them to use it on another chip.
In most cases, it is recommended to use different keys for several use cases to prevent hackers to access all encrypted data if one key is found.
Hence, HUK must not be used directly. Instead, it is best practice to use keys derived from the HUK (DHUK). The HUK is also called Root HUK because it is used as a root key to obtain a DHUK.
2.1. HUK: Hardware protected[edit source]
On STM32MP13xC/F lines and STM32MP25xC/F lines , STMicroelectronics provisions an HUK in the OTPs. These OTPs cannot be read through the BSEC IP.
The OTPs storing the HUK are directly wired to SAES.
SAES computes internally a derived HUK (DHUK). The value of the DHUK depends on the privilege level, key selection, key selected mode, the chaining mode, and on the requester CPU execution domain (secure/non secure).
2.2. HUK: Software implementation[edit source]
On STM32MP15x lines , STMicroelectronics does not pre-provision an HUK. It is a customer choice to define and provision one in the OTP.
The provisioning can be done with the fuse command in U-Boot, with STM32CubeProgrammer or during secure manufacturing.
It is possible to use software algorithms to derive a key from the HUK provided by the customer.
3. OP-TEE API[edit source]
OP-TEE provides the following function to perform a software key derivation.
TEE_Result huk_subkey_derive(enum huk_subkey_usage usage, const void *const_data, size_t const_data_len, uint8_t *subkey, size_t subkey_len);
The function huk_subkey_derive calls the function tee_otp_get_hw_unique_key to read the HUK. The default implementation provided in OP-TEE returned a statically defined key. This function is redefined for platforms that allow the software to read the HUK (STM32MP15x lines ).
TEE_Result tee_otp_get_hw_unique_key(struct tee_hw_unique_key *hwkey);
3.1. HUK: Hardware protected[edit source]
On platforms that provide SAES (STM32MP13xC/F lines or STM32MP25xC/F lines ), the key derivation is done by the hardware. Hence, the function huk_subkey_derive is redefined in the SAES driver.
3.2. HUK: Software implementation[edit source]
If a customer chooses to add an HUK, they must configure OP-TEE to indicate in which OTPs the HUK is located. The location of the HUK in the OTP can be set in the DT of OP-TEE or in the build command line.
An additional NVMEM data cell in BSEC can represent the location of the HUK in the OTP. The following code is an example of how to register a 128-bits HUK provisioned in OTPs 60 to 63.
&bsec { huk_otp: huk-otp@f0 { reg = <0xf0 0x10>; }; };
Compile OP-TEE with the following directives to read the location of the HUK in the DT:
CFG_STM32MP15_HUK=y CFG_STM32_HUK_FROM_DT=y
The section OP-TEE build command provides the location of HUK in the OTP. There are two possibilities :
- The HUK is stored in contiguous OTPs. In this case, it is possible to use the first OTP that stores the HUK. The following directives locates the HUK in OTP 60 to 63.
CFG_STM32MP15_HUK=y CFG_STM32MP15_HUK_OTP_BASE=0xf0
- The HUK is scattered in a non contiguous field. For example, the following directives locates the HUK in OTPs 60 63 64 65
CFG_STM32MP15_HUK=y CFG_STM32MP15_HUK_BSEC_KEY_0=0xf0 CFG_STM32MP15_HUK_BSEC_KEY_1=0xfc CFG_STM32MP15_HUK_BSEC_KEY_2=0x100 CFG_STM32MP15_HUK_BSEC_KEY_3=0x104
4. References[edit source]