Last edited 3 weeks ago

Hardware Unique Key overview

Applicable for STM32MP13x lines, STM32MP15x lines, STM32MP25x lines

1. Article purpose[edit source]

The main purpose of this article is to present how to use an Hardware Unique Key (HUK) on the STM32MPU platforms.

2. HUK overview[edit source]

The Hardware Unique Key is a symmetric encryption key stored in the OTP of the platform.

Thus, the HUK ensures that other chip cannot decrypt data encrypted with it. This is mandatory to properly enable a secure storage. The HUK prevents any hacker attempts access the data or clone them to use it on another chip.

In most cases, it is recommended to use different keys for several use cases to prevent hackers to access all encrypted data if one key is found. Hence, HUK must not be used directly. Instead, it is best practice to use keys derived from the HUK (DHUK). The HUK is also called Root HUK because it is used as a root key to obtain a DHUK.

2.1. HUK: Hardware protected[edit source]

On STM32MP13xC/F lines More info.png and STM32MP25xC/F lines More info.png, STMicroelectronics provisions an HUK in the OTPs. These OTPs cannot be read through the BSEC IP. The OTPs storing the HUK are directly wired to SAES.
SAES computes internally a derived HUK (DHUK). The value of the DHUK depends on the privilege level, key selection, key selected mode, the chaining mode, and on the requester CPU execution domain (secure/non secure).

2.2. HUK: Software implementation[edit source]

On STM32MP15x lines More info.png, STMicroelectronics does not pre-provision an HUK. It is a customer choice to define and provision one in the OTP.

The provisioning can be done with the fuse command in U-Boot, with STM32CubeProgrammer or during secure manufacturing.

It is possible to use software algorithms to derive a key from the HUK provided by the customer.

3. OP-TEE API[edit source]

OP-TEE provides the following function to perform a software key derivation.

 TEE_Result huk_subkey_derive(enum huk_subkey_usage usage, const void *const_data, size_t const_data_len, uint8_t *subkey, size_t subkey_len);

The function huk_subkey_derive calls the function tee_otp_get_hw_unique_key to read the HUK. The default implementation provided in OP-TEE returned a statically defined key. This function is redefined for platforms that allow the software to read the HUK (STM32MP15x lines More info.png).

 TEE_Result tee_otp_get_hw_unique_key(struct tee_hw_unique_key *hwkey);
HUK subkey derivation overview

3.1. HUK: Hardware protected[edit source]

On platforms that provide SAES (STM32MP13xC/F lines More info.png or STM32MP25xC/F lines More info.png), the key derivation is done by the hardware. Hence, the function huk_subkey_derive is redefined in the SAES driver.

Warning white.png Warning
If SAES is disabled or on STM32MP13xA/D lines More info.png STM32MP25xA/D lines More info.png, the HUK is no more accessible.

In this case, the default implementation of the functions huk_subkey_derive and tee_otp_get_hw_unique_key are used.

3.2. HUK: Software implementation[edit source]

If a customer chooses to add an HUK, they must configure OP-TEE to indicate in which OTPs the HUK is located. The location of the HUK in the OTP can be set in the DT of OP-TEE or in the build command line.

An additional NVMEM data cell in BSEC can represent the location of the HUK in the OTP. The following code is an example of how to register a 128-bits HUK provisioned in OTPs 60 to 63.

&bsec {
 	huk_otp: huk-otp@f0 {
 		reg = <0xf0 0x10>;

Compile OP-TEE with the following directives to read the location of the HUK in the DT:


The section OP-TEE build command provides the location of HUK in the OTP. There are two possibilities :

  • The HUK is stored in contiguous OTPs. In this case, it is possible to use the first OTP that stores the HUK. The following directives locates the HUK in OTP 60 to 63.
  • The HUK is scattered in a non contiguous field. For example, the following directives locates the HUK in OTPs 60 63 64 65

4. References[edit source]