1. Article purpose[edit | edit source]
This article describes the procedure for flashing Android cryptography keys into OTP memory with the U-boot stm32key tool.
The OSTL stm32key tool has been updated for Android in order to flash the "RPMB key" and "Trusty Device Master key". The tool is embedded in the U-Boot programmer firmware.
2. Prerequisites[edit | edit source]
STM32CubeProgrammer must be installed.
The keys "Trusty device master key" and "RPMB authentication key" have been created and stored in the default folder <your android folder>/device/stm/stm32mp2/security/keys.
3. Flash the U-boot programmer firmware[edit | edit source]
STM32_Programmer_CLI -c port=usb1 -w <your android folder>/device/stm/stm32mp2/layout/programmer/FlashLayout_emmc_cm33tdcid_rpmb.tsv
4. Fuse the OTPs[edit | edit source]
It's recommended to use the serial console on Arm®-Cortex®-A35 to check command execution (see How to open several serial consoles page for more information). Then, enter in the U-Boot shell, pressing a key on you host keyboard as soon as required.
In the U-Boot shell, executes the command:
fastboot usb 0
4.1. The Trusty Device Master key[edit | edit source]
Select the key slot fused (Trusty device master key)
fastboot oem run:'stm32key select TRUSTY-DV-MK'
Load the key on the device (default address : 0x84000000)
fastboot stage <your android folder>/device/stm/stm32mp2/security/keys/your_trusty_dv_k.bin
Verify key values before start fusing, compare the output of the two commands:
fastboot oem run:'stm32key read 0x84000000' hexdump -C <your android folder>/device/stm/stm32mp2/security/keys/your_trusty_dv_k.bin
Start fusing (not reversible)
fastboot oem run:'stm32key fuse 0x84000000'
4.2. The RPMB authentication key[edit | edit source]
Regarding the RPMB authentication key, the key flashed in OTP must be identical to the one flashed in the eMMC key slot.
You can use the rpmb_provision script, which allows you to flash the OTP and the eMMC key slot simultaneously.
rpmb_provision
If the eMMC is already fused with a key, you can execute the following commands to flash the OTP :
Select the key slot fused (RPMB)
fastboot oem run:'stm32key select RPMB-KEY'
Load the key on the device (default address : 0x84000000)
fastboot stage <your android folder>/device/stm/stm32mp2/security/keys/your_rpmbkey.bin
Verify key values before start fusing, compare the output of the two commands:
fastboot oem run:'stm32key read 0x84000000' hexdump -C <your android folder>/device/stm/stm32mp2/security/keys/your_rpmbkey.bin
Start fusing (not reversible)
fastboot oem run:'stm32key fuse 0x84000000'
Arm® is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere. 
Arm® is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.