STM32MP21 OTP mapping

Applicable for

1. Memory mapping[edit | edit source]↑

The table below gives an overview of the BSEC OTP memory mapping with useful information in the context of this Wiki reading. It gives the global mapping view including the SoC restricted layout (immutable) and the additional ecosystem choice that is used with OpenSTLinux ecosystem.
OTP words 0 to 127 are called lower OTP and are bit wise programmable.
OTP words 128 to 255 are called middle OTP and are bulk programmable.
OTP words 256 to 383 are called upper OTP and are bulk programmable. These OTP are the one where sensitive information (such as password or private keys) must be stored.

Further information for the words and fields that are not explicitly described here can be found in the reference manual.

OTP word	Bit field (size)	Name		Description
Lower OTP region
0		OTP_HW_WORD0		OTP Check Word (virgin -> non virgin)
1		OTP_HW_WORD1		OTP Security word to close security state BSECXW
2		OTP_HW_WORD2		OTP Word for re-opening via RMA password : RMA bits
3		OTP_HW_WORD3		OTP Word for re-opening via RMA password : RMA tries bits
4		OTP_HW_WORD4		OTP word for TK Retries (ECIES)
5		ID0		ID0 for Engineering purposes
6		ID1		ID1 for Engineering purposes
7		ID2		ID2 for Engineering purposes
8		Reserved
9		RPN_CODING		STM32MP21 Reference Manuals
10 BOOTROM_CONFIG_1	0-0 (1 bit)	chip cpbk y sign		Chip Public key sign of Y Expand 0 : Chip public key Y is positive 1 : Chip Public key Y is negative
	1-1 (1 bit)	stkeyprov ecies ok		Status of ECIES ST key provisionning when it was attempted. Expand 0 : ECIES ST key provisionning last attempt was failed 1 : ECIES ST key provisionning last attempt was successfull
	2-2 (1 bit)	stkeyprov hwkey done		ST HW Key provisionning done Expand 0 : HWKEY not provisionned 1 : HWKEY was provisioned
	10-3 (8 bits)	security counter		security counter involved in productID for chip certificate verification by HSM-OEM in RSSe_prov context
	14-11 (4 bits)	st pub key id		ST ECDSA Public Key ID (ST Key Instance fuse part) involved in productID for chip certificate verification by HSM-OEM in RSSe_prov context
	22-15 (8 bits)	rssefw active signing key		8 possible ST public keys (ST key revocation feature for RSSe_FW authentication) Expand [1-0xFF] -> [1-8] : Value of monotonic counter is X where X is position of the most significant bit at 1.
	28-23 (6 bits)	nb added stsecrets		Number of additional ST secrets words provisionned Expand 0 : no additional ST secrets [1-63] : nb of OTP words located in upper area [360-nb_added_stsecrets..359] that were provisionned with ST secrets.
	31-29 (3 bits)	Reserved		-
11 BOOTROM_CONFIG_2	0-0 (1 bit)	Reserved
	1-1 (1 bit)	sdmmc1 not default af		SDMMC1 default Afmux usage Expand 0 : SDMMC1 uses default hard coded AFmux. 1 : SDMMC1 uses AFmux defined in OTP.
	2-2 (1 bit)	sdmmc2 not default af		SDMMC2 default Afmux usage Expand 0 : SDMMC2 uses default hard coded AFmux. 1 : SDMMC2 uses AFmux defined in OTP.
	4-3 (2 bits)	Reserved
	5-5 (1 bit)	no cpu pll		CPU PLL usage Expand 0 : PLLs for CPU/AXI are enable for cold boot. 1 : PLLs for CPU/AXI are not enable for cold boot
	9-6 (4 bits)	Reserved
	14-10 (5 bits)	disable uart		Disable UART instances Expand 0b00001 : disable USART2 0b00010 : disable UART5 0b00100 : disable UART6
	15-15 (1 bit)	no data cache		Data cache usage Expand 0 : Data cache is used by bootrom. 1 : Data cache is not used by bootrom.
	23-16 (8 bits)	boot source disable		Each bit disable a boot source. Default to UART if all disabled. Expand 0b00000001 : disable FMC boot source. 0b00000010 : disable QSPI NOR boot source. 0b00000100 : disable eMMC boot source. 0b00001000 : disable SD boot source. 0b00010000 : disable UART boot source. 0b00100000 : disable USB boot source. 0b01000000 : disable QSPI NAND boot source. 0b10000000 : disable QSPI HyperFlash boot source.
	25-24 (2 bits)	bootpins layout sel		Bootpins layout selection Expand [0-3] : Select one among the three possible bootpins layout
	29-26 (4 bits)	boot source sel		Boot source selection Expand [0-15] : Select one among the 16 possible boot source of the selected bootpins layout
	30-30 (1 bit)	dont boot on cfm tamper		Disable boot on confirmed tamper feature Expand 0 : boot on confirmed tamper 1 : do not boot on confirmed tamper
	31-31 (1 bit)	Reserved
12 BOOTROM_CONFIG_3				BOOTROM / FSBL-A version monotonic counter
13 BOOTROM_CONFIG_4	7-0 (8 bits)	Reserved
	11-8 (4 bits)	RNG configuration 3		STM32MP21 Reference Manuals (RNG CR register)
	12 (1 bit)	NIST custom		STM32MP21 Reference Manuals (RNG CR register)
	15-13 (3 bits)	RNG configuration 2		STM32MP21 Reference Manuals (RNG CR register)
	19-16 (4 bits)	Clock divider factor		STM32MP21 Reference Manuals (RNG CR register)
	27-20 (8 bits)	RNG configuration 2		STM32MP21 Reference Manuals (RNG CR register)
	31-28 (4 bits)	Reserved
14 BOOTROM_CONFIG_5	17 -0 (18 bits)	RNG health test control configuration (HTCR0)		STM32MP21 Reference Manuals (RNG HTCR0 register)
14 BOOTROM_CONFIG_5	31-18 (14 bits)	Reserved
15 BOOTROM_CONFIG_6	8-0 (9 bits)	RNG noise source control		STM32MP21 Reference Manuals (RNG NSCR register)
15 BOOTROM_CONFIG_6	31-10 (22 bits)	Reserved
16 BOOTROM_CONFIG_7	0-0 (1 bit)	disable traces		Disable bootROM traces Expand 0 : bootROM traces are enabled 1 : bootROM traces are disabled
	1-1 (1 bit)	disable hse freq detect		Disable HSE frequency autodetection Expand 0 : HSE frequency autodetection is enabled 1 : HSE frequency autodetection is disabled
	2-2 (1 bit)	disable hse bypass detect		Disable HSE bypass detection Expand 0 : HSE bypass detection is enabled 1 : HSE bypass detection is disabled
	3-3 (1 bit)	disable blocking failure traces		Disable traces done by blocking failure process Expand 0 : blocking failure traces are enabled 1 : blocking failure traces are disabled
	4-4 (1 bit)	a35 mode		Select a35 architecture mode Expand 0 : FSBL-A is AArch64 1 : FSBL-A is AArch32
	5-5 (1 bit)	fmc force sw reset		FMC is used by CA35 to connect a NAND and by CM33 to connect a NOR or PSRAM Expand 0 : Use RCC to reset FMC 1 : Use sw procedure to reset FMC witout impacting CM33
	6-6 (1 bit)	emergency debug req		Emergency debug request Expand 0 : emergency debug is not requested 1 : emergency debug is requested
	7-7 (1 bit)	emmc 128k boot partition		Support eMMC with 128Kb boot partition Expand 0 : bootROM does not support eMMC with 128Kb boot partition. 1 : bootROM supports eMMC with 128Kb boot partition.
	8-8 (1 bit)	fsbl decrypt prio		FSBL decryption priority (speed or security) Expand 0 : use CRYP (fast but no DPA protection) 1 : use SAES (slow but DPA protection))
	9-9 (1 bit)	Reserved
	10-10 (1 bit)	Reserved
	13-11 (3 bits)	HSE value		HSE value Expand 0b000 : HSE value is autodetected among 16, 20, 24, 28, 32, 36, 40, 48MHz 0b001 : HSE = 24MHz 0b010 : HSE = 25MHz 0b011 : HSE = 26MHz 0b100 (19_2 Mhz): HSE = 19.2MHz 0b101 : HSE = 40MHz 0b110 : HSE = 48MHz 0b111 : Reserved
	14-14 (1 bit)	snand need plane select 1		NAND parameters bank1 - Serial NAND plane selection Expand 0 : Serial NAND plane select is not needed. 1 : Serial NAND plane select is need
	17-15 (3 bits)	pnand number of ecc bits 1		NAND parameters bank1 - Number of Error Correction Code (ECC) bits Expand 0 : ECC unset. 1 : ECC 1bit (Hamming). 2 : ECC 4bit (BCH4). 3 : ECC 8bit (BCH8). 4 : on-die ECC.
	18-18 (1 bit)	pnand bus width 1		NAND parameters bank1 - Parallel NAND data witdh Expand 0 : data width is 8 bits 1 : data width is 16 bits
	26-19 (8 bits)	nand nb of blocks 1		NAND parameters bank1 - Number of blocks in unit of 256 blocks Expand [1-256] : Number of block = 256 * value
	28-27 (2 bits)	nand block size 1		NAND parameters bank1 - Block size in number of pages Expand 0 : 64 pages per block 1 : 128 pages per block 2 : 256 pages per block
	30-29 (2 bits)	nand page size 1		NAND parameters bank1 - Page size Expand 0 : 2Kbytes 1 : 4Kbytes 2 : 8Kbytes
	31-31 (1 bit)	pnand param stored in otp		Parallel NAND parameters stored in OTP bank1 or bank2 Expand 0 : BootROM uses ONFI parameter table to get parallel nand parameters. 1 : parallel nand parameters are defined in bank1 or bank2, depending on nand_config_distribution value.
17 BOOTROM_CONFIG_8	7-0 (8 bits)	oem active signing key1		8 possible OEM public keys (OEM key revocation feature for OEM-FSBL authentication) Expand [1-256] -> [1-8] : Value of monotonic counter is X where X is position of the most significant bit at 1.
	8-8 (1 bit)	oem keys2 enable		Enable second ECDSA OEM key set for FSBL-M authentication and decryption^{[fsblm-keys 1]} Expand 0 : keys2 are not used ; keys1 are used for both FSBLA and FSBLM 1 : keys2 are enabled ; keys1 are used for FSBLA ; keys2 are used for FSBLM
	31-16 (16 bits)	Reserved
18 BOOTROM_CONFIG_9	3-0 (4 bits)	secure boot		Enable enforced secure boot Expand 0 : chip is in CLOSED_UNLOCKED state. Secure boot is not enforced (FSBL authentication is not mandatory). [1-15] : chip is in CLOSED_LOCKED state. Secure boot is enforced (FSBL authentication is mandatory)
	7-4 (4 bits)	prov done		RSSE provisioning done Expand 0 : RSSE provisioning is not done [1-15] : RSSE provisioning is done
	11-8 (4 bits)	debug lock		Lock debug enabling until next reset when chip is CLOSED-LOCKED Expand 0 : don't lock debug enabling [1-15] : lock debug enabling
	15-12 (4 bits)	otp prov done		RSSe OTP provisioning done Expand 0 : RSSe OTP provisioning is not done [1-15] : RSSe OTP provisioning part done, used to manage RSSe extension issue
	21-16 (6 bits)	Reserved
	22-22 (1 bit)	ns epoch enable		Enable non secure EPOCH use Expand 0 : bootROM does not manage NS_EPOCH. BOOTROM_NS_EPOCH monotonic counter fuse bits are free for other use. 1 : bootROM manages NS_EPOCH. bootROM uses BOOTROM_NS_EPOCH monotonic counter fuse bits.
	26-23 (4 bits)	fingerprint enable		Enable fingerprint feature Expand 0 : fingerprint feature is disabled 1 : fingerprint feature is enabled
	31-27 (5 bits)	free for future use
19 BOOTROM_CONFIG_10	31-0 (32 bits)	fsblm_monotonic		BOOTROM / OEM-FSBLM version monotonic counter
20 BOOTROM_CONFIG_11	0-0 (1 bit)	nand config distribution		NAND configurations distribution Expand 0 : pNAND config in nand_2 fields / sNAND config in nand_1 fields 1 : pNAND config in nand_1 fields / sNAND config in nand_2 fields
	1-1 (1 bit)	snand need plane select 2		idem BOOTROM_CONFIG_7.snand_need_plane_select_1
	4-2 (3 bits)	pnand number of ecc bits 2		idem BOOTROM_CONFIG_7.pnand_number_of_ecc_bits_1
	5-5 (1 bit)	pnand bus width 2		idem BOOTROM_CONFIG_7.pnand_bus_width_1
	13-6 (8 bits)	nand nb of blocks 2		idem BOOTROM_CONFIG_7.nand_nb_of_blocks_1
	15-14 (2 bits)	nand block size 2		idem BOOTROM_CONFIG_7.nand_block_size_1
	17-16 (2 bits)	nand page size 2		idem BOOTROM_CONFIG_7.nand_page_size_1
	18-18 (1 bit)	hyperflash 3V3 device		is HyperFlash a 3.3V device Expand 0 : hyperflash is not a 3.3V device 1 : hyperflash is a 3.3V device
	21-19 (3 bits)	rng htcr value		RNG HTCR value Expand 0 : 0xA2B3 1 : 0xA2B3 2 : 0xAA74 3 : 0xA6BA 4 : 0x9AAE 5 : 0x72AC (corresponds to the default value of IP after reset) 6 : 0xAAC7 value set by engineering in OTP 7 : 0xA2B3 only other possible value for OTP after engineering set above "6: 0xAAC7" value
	22-22 (1 bit)	ospi io speed ovrw		OSPI IO speed overwrite enable Expand 0 : OSPI io speed is not overwritten by otp configuration 1 : OSPI io speed is overwritten by otp configuration
	24-23 (2 bits)	ospi io speed clk nclk		OSPI IO speed of clk nclk IO Expand 0b00 : low speed. 0b01 : medium speed. 0b10 : high speed 0b11 : very high speed
	25-24 (2 bits)	ospi io speed data cs		OSPI IO speed of CS IO Expand 0b00 : low speed. 0b01 : medium speed. 0b10 : high speed 0b11 : very high speed
	31-26 (6 bits)	Reserved
21 BOOTROM_CONFIG_12	31-0 (32 bits)	rsse_monotonic		BOOTROM / RSSe FW version monotonic counter
22 BOOTROM_CONFIG_13	7-0 (8 bits)	oem active signing key2		8 possible OEM public keys (OEM key revocation feature for OEM-FSBL authentication) Expand [1-256] -> [1-8] : Value of monotonic counter is X where X is position of the most significant bit at 1.
22 BOOTROM_CONFIG_13	31-8 (24 bits)	Reserved
23		H32ENCPRVKEY		BOOTROM / Hash of E1CPvK
24	31-0 (32 bits)	BOOTROM TZ EPOCH0		Secure side Epoch counter
25	31-0 (32 bits)	BOOTROM TZ EPOCH1
26	31-0 (32 bits)	BOOTROM TZ EPOCH2
27	31-0 (32 bits)	BOOTROM TZ EPOCH3
28	31-0 (32 bits)	BOOTROM TZ EPOCH4
29	31-0 (32 bits)	BOOTROM TZ EPOCH5
30	31-0 (32 bits)	BOOTROM TZ EPOCH6
31	31-0 (32 bits)	BOOTROM TZ EPOCH7
32	31-0 (32 bits)	BOOTROM NS EPOCH0		Non Secure Epoch counter
33	31-0 (32 bits)	BOOTROM NS EPOCH1
34	31-0 (32 bits)	BOOTROM NS EPOCH2
35	31-0 (32 bits)	BOOTROM NS EPOCH3
36	31-0 (32 bits)	BOOTROM NS EPOCH4
37	31-0 (32 bits)	BOOTROM NS EPOCH5
38	31-0 (32 bits)	BOOTROM NS EPOCH6
39	31-0 (32 bits)	BOOTROM NS EPOCH7
40		Available for customer
41		Available for customer
42		Available for customer
43		Available for customer
44		Available for customer
45		Available for customer
46		Available for customer
47		Available for customer
48		Available for customer
49		Available for customer
50		Available for customer
51		Available for customer
52		Available for customer
53		Available for customer
54		Available for customer
55		Available for customer
56		Available for customer
57		Available for customer
58		Available for customer
59		Available for customer
60		Available for customer
61		Available for customer
62		Available for customer
63		Available for customer
64		Available for customer
65		Available for customer
66		Available for customer
67		Available for customer
68		Available for customer
69		Available for customer
70		Available for customer
71		Available for customer
72		Available for customer
73		Available for customer
74		Available for customer
75		Available for customer
76		Available for customer
77		Available for customer
78		Available for customer
79		Available for customer
80		Available for customer
81		Available for customer
82		Available for customer
83		Available for customer
84		Available for customer
85		Available for customer
86		Available for customer
87		Available for customer
88		Available for customer
89		Available for customer
90		Available for customer
91		Available for customer
92		Available for customer
93		Available for customer
94		Available for customer
95		Available for customer
96		Available for customer
97		Available for customer
98		Available for customer
99		Available for customer
100		Available for customer
101		ADAC_SOC_MASK		Control the maximum debug level possible via ADAC
102		ID		STM32MP21 Reference Manuals
103		CRC_HSM
104		CAL1		STM32MP21 Reference Manuals
105		Reserved
106		CAL3		STM32MP21 Reference Manuals
107		Reserved
108		CAL5		STM32MP21 Reference Manuals
109		Reserved
110		CAL7		STM32MP21 Reference Manuals
111		Reserved
112		ENGI1		Engineering
113		ENGI2		Engineering
114		ENGI3		Engineering
115		ENGI4		Engineering
116		ENGI5		Engineering
117		ENGI6		Engineering
118		ENGI7		Engineering
119		ENGI8		Engineering
120		ATRIM1		STM32MP21 Reference Manuals
121		ATRIM2		STM32MP21 Reference Manuals
122		ATRIM3		STM32MP21 Reference Manuals
123		ATRIM4		STM32MP21 Reference Manuals
124		HCONF1		STM32MP21 Reference Manuals
125		MREPAIR1
126		MREPAIR2
127		MREPAIR3
Middle OTP region
128	31-0 (32 bits)	STM32CERTIF0		STM32 chip certificate (public key)^{[key-formats 1]}
129	31-0 (32 bits)	STM32CERTIF1
130	31-0 (32 bits)	STM32CERTIF2
131	31-0 (32 bits)	STM32CERTIF3
132	31-0 (32 bits)	STM32CERTIF4
133	31-0 (32 bits)	STM32CERTIF5
134	31-0 (32 bits)	STM32CERTIF6
135	31-0 (32 bits)	STM32CERTIF7
136	31-0 (32 bits)	STM32CERTIF8
137	31-0 (32 bits)	STM32CERTIF9
138	31-0 (32 bits)	STM32CERTIF10
139	31-0 (32 bits)	STM32CERTIF11
140	31-0 (32 bits)	STM32CERTIF12
141	31-0 (32 bits)	STM32CERTIF13
142	31-0 (32 bits)	STM32CERTIF14
143	31-0 (32 bits)	STM32CERTIF15
144	31-0 (32 bits)	STM32CERTIF16
145	31-0 (32 bits)	STM32CERTIF17
146	31-0 (32 bits)	STM32CERTIF18
147	31-0 (32 bits)	STM32CERTIF19
148	31-0 (32 bits)	STM32CERTIF20
149	31-0 (32 bits)	STM32CERTIF21
150	31-0 (32 bits)	STM32CERTIF22
151	31-0 (32 bits)	STM32CERTIF23
152	31-0 (32 bits)	OEM KEY1 ROT0		OEM Key1 Root of Trust Hash^{[key-formats 1]}^{[fsblm-keys 1]}
153	31-0 (32 bits)	OEM KEY1 ROT1
154	31-0 (32 bits)	OEM KEY1 ROT2
155	31-0 (32 bits)	OEM KEY1 ROT3
156	31-0 (32 bits)	OEM KEY1 ROT4
157	31-0 (32 bits)	OEM KEY1 ROT5
158	31-0 (32 bits)	OEM KEY1 ROT6
159	31-0 (32 bits)	OEM KEY1 ROT7
160	31-0 (32 bits)	OEM KEY2 ROT0		OEM Key2 Root of Trust Hash^{[key-formats 1]}^{[fsblm-keys 1]}
161	31-0 (32 bits)	OEM KEY2 ROT1
162	31-0 (32 bits)	OEM KEY2 ROT2
163	31-0 (32 bits)	OEM KEY2 ROT3
164	31-0 (32 bits)	OEM KEY2 ROT4
165	31-0 (32 bits)	OEM KEY2 ROT5
166	31-0 (32 bits)	OEM KEY2 ROT6
167	31-0 (32 bits)	OEM KEY2 ROT7
168	31-0 (32 bits)	STM32PUBKEY0		STM32 chip public key^{[key-formats 1]}
169	31-0 (32 bits)	STM32PUBKEY1
170	31-0 (32 bits)	STM32PUBKEY2
171	31-0 (32 bits)	STM32PUBKEY3
172	31-0 (32 bits)	STM32PUBKEY4
173	31-0 (32 bits)	STM32PUBKEY5
174	31-0 (32 bits)	STM32PUBKEY6
175	31-0 (32 bits)	STM32PUBKEY7
176	31-0 (32 bits)	STM32PUBKEY8
177	31-0 (32 bits)	STM32PUBKEY9
178	31-0 (32 bits)	STM32PUBKEY10
179	31-0 (32 bits)	STM32PUBKEY11
		A35-TD flavor		M33-TD flavor
		Name	Description	Name	Description
180		RPROC-FW-PKH_0	Hash of the Public Key for remote processor firmware^{[key-formats 2]}	Available for customer
181		RPROC-FW-PKH_1		Available for customer
182		RPROC-FW-PKH_2		Available for customer
183		RPROC-FW-PKH_3		Available for customer
184		RPROC-FW-PKH_4		Available for customer
185		RPROC-FW-PKH_5		Available for customer
186		RPROC-FW-PKH_6		Available for customer
187		RPROC-FW-PKH_7		Available for customer
		A35-TD flavor		M33-TD flavor
		Name	Description	Name	Description
188		Available for customer		FSBLM-M33-FW-PKH_0	Hash of the Public Key for M33TDCID M33 Firmware^{[key-formats 2]}
189		Available for customer		FSBLM-M33-FW-PKH_1
190		Available for customer		FSBLM-M33-FW-PKH_2
191		Available for customer		FSBLM-M33-FW-PKH_3
192		Available for customer		FSBLM-M33-FW-PKH_4
193		Available for customer		FSBLM-M33-FW-PKH_5
194		Available for customer		FSBLM-M33-FW-PKH_6
195		Available for customer		FSBLM-M33-FW-PKH_7
		A35-TD flavor		M33-TD flavor
		Name	Description	Name	Description
196		Available for customer		FSBLM-DDR-FW-PKH_0	Hash of the Public Key for M33TDCID DDR Firmware^{[key-formats 2]}
197		Available for customer		FSBLM-DDR-FW-PKH_1
198		Available for customer		FSBLM-DDR-FW-PKH_2
199		Available for customer		FSBLM-DDR-FW-PKH_3
200		Available for customer		FSBLM-DDR-FW-PKH_4
201		Available for customer		FSBLM-DDR-FW-PKH_5
202		Available for customer		FSBLM-DDR-FW-PKH_6
203		Available for customer		FSBLM-DDR-FW-PKH_7
		A35-TD flavor		M33-TD flavor
		Name	Description	Name	Description
204		Available for customer		FSBLM-A35-FW-PKH_0	Hash of the Public Key for M33TDCID A35 bare metal Firmware^{[key-formats 2]}
205		Available for customer		FSBLM-A35-FW-PKH_1
206		Available for customer		FSBLM-A35-FW-PKH_2
207		Available for customer		FSBLM-A35-FW-PKH_3
208		Available for customer		FSBLM-A35-FW-PKH_4
209		Available for customer		FSBLM-A35-FW-PKH_5
210		Available for customer		FSBLM-A35-FW-PKH_6
211		Available for customer		FSBLM-A35-FW-PKH_7
212		Available for customer
213		Available for customer
214		Available for customer
215		Available for customer
216		Available for customer
217		Available for customer
218		Available for customer
219		Available for customer
220		Available for customer
221		Available for customer
222		Available for customer
223		Available for customer
224		Available for customer
225		Available for customer
226		Available for customer
227		Available for customer
228		Available for customer
229		Available for customer
230		Available for customer
231		Available for customer
232		Available for customer
233		Available for customer
234		Available for customer
235		Available for customer
236		Available for customer
237		Available for customer
238		OEM ADAC ROTPK HASH0		OEM ADAC key Root of Trust Hash
239		OEM ADAC ROTPK HASH1
240		OEM ADAC ROTPK HASH2
241		OEM ADAC ROTPK HASH3
242		OEM ADAC ROTPK HASH4
243		OEM ADAC ROTPK HASH5
244		OEM ADAC ROTPK HASH6
245		OEM ADAC ROTPK HASH7
246		ST_BOARD_ID		Identifier for ST boards (available to customer on chip)
247		MAC_ADDR_0		Mac address ^{[coding 1]}
248		MAC_ADDR_1		Mac address ^{[coding 1]}
249		MAC_ADDR_2		Mac address ^{[coding 1]}
250		MAC_ADDR_3		Mac address ^{[coding 1]}
251		MAC_ADDR_4		Mac address ^{[coding 1]}
252		MAC_ADDR_5		Mac address ^{[coding 1]}
253		MAC_ADDR_6		Mac address ^{[coding 1]}
254		MAC_ADDR_7		Mac address ^{[coding 1]}
255		ST_RSSE_EDMK_DERIV_CSTE_FUSE		ST Encryption Decryption Master Key Derivation constant
Upper OTP region
256		OTP_RMA_LOCK_PSWD0		RMA lock password (128 bit)
257		OTP_RMA_LOCK_PSWD1
258		OTP_RMA_LOCK_PSWD2
259		OTP_RMA_LOCK_PSWD3
260		FIP-EDMK0		FIP encryption decryption master key (256-bit)
261		FIP-EDMK1
262		FIP-EDMK2
263		FIP-EDMK3
264		FIP-EDMK4
265		FIP-EDMK5
266		FIP-EDMK6
267		FIP-EDMK7
268		OEM Secrets available to customer
269		OEM Secrets available to customer
270		OEM Secrets available to customer
271		OEM Secrets available to customer
272		OEM Secrets available to customer
273		OEM Secrets available to customer
274		OEM Secrets available to customer
275		OEM Secrets available to customer
276		OEM Secrets available to customer
277		OEM Secrets available to customer
278		OEM Secrets available to customer
279		OEM Secrets available to customer
280		OEM Secrets available to customer
281		OEM Secrets available to customer
282		OEM Secrets available to customer
283		OEM Secrets available to customer
284		OEM Secrets available to customer
285		OEM Secrets available to customer
286		OEM Secrets available to customer
287		OEM Secrets available to customer
288		OEM Secrets available to customer
289		OEM Secrets available to customer
290		OEM Secrets available to customer
291		OEM Secrets available to customer
292		OEM Secrets available to customer
293		OEM Secrets available to customer
294		OEM Secrets available to customer
295		OEM Secrets available to customer
296		OEM Secrets available to customer
297		OEM Secrets available to customer
298		OEM Secrets available to customer
299		OEM Secrets available to customer
300		OEM Secrets available to customer
301		OEM Secrets available to customer
302		OEM Secrets available to customer
303		OEM Secrets available to customer
304		OEM Secrets available to customer
305		OEM Secrets available to customer
306		OEM Secrets available to customer
307		OEM Secrets available to customer
308		OEM Secrets available to customer
309		OEM Secrets available to customer
310		OEM Secrets available to customer
311		OEM Secrets available to customer
312		OEM Secrets available to customer
313		OEM Secrets available to customer
314		OEM Secrets available to customer
315		OEM Secrets available to customer
316		OEM Secrets available to customer
317		OEM Secrets available to customer
318		OEM Secrets available to customer
319		OEM Secrets available to customer
320		OEM Secrets available to customer
321		OEM Secrets available to customer
322		OEM Secrets available to customer
323		OEM Secrets available to customer
324		OEM Secrets available to customer
325		OEM Secrets available to customer
326		OEM Secrets available to customer
327		OEM Secrets available to customer
328		OEM Secrets available to customer
329		OEM Secrets available to customer
330		OEM Secrets available to customer
331		OEM Secrets available to customer
		A35-TD flavor		M33-TD flavor
		Name	Description	Name	Description
332		RPROC-FW-ENC-KEY0	Encryption/Decryption Key for remote processor firmware	BL2_ASYM_PRVK_KEY0	BL2 Asymmetric private key for encryption
333		RPROC-FW-ENC-KEY1		BL2_ASYM_PRVK_KEY0
334		RPROC-FW-ENC-KEY2		BL2_ASYM_PRVK_KEY2
335		RPROC-FW-ENC-KEY3		BL2_ASYM_PRVK_KEY3
336		RPROC-FW-ENC-KEY4		BL2_ASYM_PRVK_KEY4
337		RPROC-FW-ENC-KEY5		BL2_ASYM_PRVK_KEY5
338		RPROC-FW-ENC-KEY6		BL2_ASYM_PRVK_KEY6
339		RPROC-FW-ENC-KEY7		BL2_ASYM_PRVK_KEY7
340		TF-M IAK0		Initial attestation 256-bit key (Symmetric or Asymmetric key)
341		TF-M IAK1
342		TF-M IAK2
343		TF-M IAK3
344		TF-M IAK4
345		TF-M IAK5
346		TF-M IAK6
347		TF-M IAK7
348	31-0 (32 bits)	OEM KEY2 EDMK0		OEM master key used to derive FSBLM decryption key. This key must use `Format 1`.
349	31-0 (32 bits)	OEM KEY2 EDMK1
350	31-0 (32 bits)	OEM KEY2 EDMK2
351	31-0 (32 bits)	OEM KEY2 EDMK3
352	31-0 (32 bits)	OEM KEY2 EDMK4
353	31-0 (32 bits)	OEM KEY2 EDMK5
354	31-0 (32 bits)	OEM KEY2 EDMK6
355	31-0 (32 bits)	OEM KEY2 EDMK7
356	31-0 (32 bits)	OEM KEY1 EDMK0		OEM master key used to derive FSBLA or M decryption key. This key must use `Format 1`.
357	31-0 (32 bits)	OEM KEY1 EDMK1
358	31-0 (32 bits)	OEM KEY1 EDMK2
359	31-0 (32 bits)	OEM KEY1 EDMK3
360	31-0 (32 bits)	OEM KEY1 EDMK4
361	31-0 (32 bits)	OEM KEY1 EDMK5
362	31-0 (32 bits)	OEM KEY1 EDMK6
363	31-0 (32 bits)	OEM KEY1 EDMK7
364	31-0 (32 bits)	STM32PRVKEY0		STM32 ECC chip private key
365	31-0 (32 bits)	STM32PRVKEY1
366	31-0 (32 bits)	STM32PRVKEY2
367	31-0 (32 bits)	STM32PRVKEY3
368	31-0 (32 bits)	STM32PRVKEY4
369	31-0 (32 bits)	STM32PRVKEY5
370	31-0 (32 bits)	STM32PRVKEY6
371	31-0 (32 bits)	STM32PRVKEY7
372	31-0 (32 bits)	STM32PRVKEY8
373	31-0 (32 bits)	STM32PRVKEY9
374	31-0 (32 bits)	STM32PRVKEY10
375	31-0 (32 bits)	STM32PRVKEY11
376	31-0 (32 bits)	HWKEY0		Secret hardware unique key
377	31-0 (32 bits)	HWKEY1
378	31-0 (32 bits)	HWKEY2
379	31-0 (32 bits)	HWKEY3
380	31-0 (32 bits)	HWKEY4
381	31-0 (32 bits)	HWKEY5
382	31-0 (32 bits)	HWKEY6
383	31-0 (32 bits)	HWKEY7

2. References[edit | edit source]↑

2.1. Key storage in OTP[edit | edit source]↑

Keys are represented as a string of byte to be stored in consecutive OTP words.

For example, a 64-bit key (0xAABBCCDDEEFF5566) is stored into two consecutive OTP words KEY0 and KEY1.

A key is stored in OTP words using one of the following formats:

↑ ^{Jump up to: 1.0} ^1.1 ^1.2 ^1.3 KEY0 = 0xAABBCCDD, KEY1 = 0xEEFF5566
↑ ^{Jump up to: 2.0} ^2.1 ^2.2 ^2.3 KEY0 = 0xDDCCBBAA, KEY1 = 0x6655FFEE

2.2. MAC address[edit | edit source]↑

↑ ^{Jump up to: 1.0} ^1.1 ^1.2 ^1.3 ^1.4 ^1.5 ^1.6 ^1.7
Mac addresses are stored as octets list using the following coding convention:
- OTP 247: mac_addr_1[4 first octets]
- OTP 248: mac_addr_2[2 first octets] | mac_addr_1[2 last octets]
- OTP 249: mac_addr_2[4 last octets]
- OTP 250: mac_addr_3[4 first octets]
- ...
Example: 247 = 0xE37AE710 / 248 = 0xE710F495 / 249 = 0xF595E37A
- mac_addr1 : 10:E7:7A:E3:95:F4
- mac_addr2 : 10:E7:7A:E3:95:F5
- ...
Each MAC address is associated in U-Boot to an ethernet device with alias in device tree: ethernet0, ethernet1, ...
On STM32MP257F-EV1 Evaluation board the ETH2 use the first mac address (ethernet0 = &eth2), ETH1 use the second mac address (ethernet1 = &eth1).
On STM32MP257F-DK Discovery kit the ETH1 use the first mac address (ethernet0 = &eth1).
On the default mapping the MAC 3, 4 and 5 are assigned to TSN switch (depending on product version).
A unused MAC address (for example when TSN is not used) should be set to FF:FF:FF:FF:FF:FF, to avoids the trace "invalid MAC address" in U-Boot.

2.3. FSBL-M keys[edit | edit source]↑

↑ ^{Jump up to: 1.0} ^1.1 ^1.2 By default STM32MP21x lines use OEM_KEY1_ROT and OEM_KEY1_EDMK for FSBLA and FSBLM. To use the dedicated FSBLM keys (OEM_KEY2_ROT and OEM_KEY2_EDMK) you must program bit 8 from OTP17.

[key-format1-2] {Jump up to: 1.0} ^1.1 ^1.2 ^1.3 KEY0 = 0xAABBCCDD, KEY1 = 0xEEFF5566

[key-format2-3] {Jump up to: 2.0} ^2.1 ^2.2 ^2.3 KEY0 = 0xDDCCBBAA, KEY1 = 0x6655FFEE

[macaddr-4] {Jump up to: 1.0} ^1.1 ^1.2 ^1.3 ^1.4 ^1.5 ^1.6 ^1.7 Mac addresses are stored as octets list using the following coding convention:
OTP 247: mac_addr_1[4 first octets]

OTP 248: mac_addr_2[2 first octets] | mac_addr_1[2 last octets]

OTP 249: mac_addr_2[4 last octets]

OTP 250: mac_addr_3[4 first octets]

...
Example: 247 = 0xE37AE710 / 248 = 0xE710F495 / 249 = 0xF595E37A
mac_addr1 : 10:E7:7A:E3:95:F4

mac_addr2 : 10:E7:7A:E3:95:F5

...
Each MAC address is associated in U-Boot to an ethernet device with alias in device tree: ethernet0, ethernet1, ...
On STM32MP257F-EV1 Evaluation board the ETH2 use the first mac address (ethernet0 = &eth2), ETH1 use the second mac address (ethernet1 = &eth1).
On STM32MP257F-DK Discovery kit the ETH1 use the first mac address (ethernet0 = &eth1).
On the default mapping the MAC 3, 4 and 5 are assigned to TSN switch (depending on product version).
A unused MAC address (for example when TSN is not used) should be set to FF:FF:FF:FF:FF:FF, to avoids the trace "invalid MAC address" in U-Boot.

[4] OTP 247: mac_addr_1[4 first octets]

[5] OTP 248: mac_addr_2[2 first octets] | mac_addr_1[2 last octets]

[6] OTP 249: mac_addr_2[4 last octets]

[7] OTP 250: mac_addr_3[4 first octets]

[8] ...

[9] _addr1 : 10:E7:7A:E3:95:F4

[10] _addr2 : 10:E7:7A:E3:95:F5

[11] ...

[fsblm-key-enable-1] {Jump up to: 1.0} ^1.1 ^1.2 By default STM32MP21x lines use OEM_KEY1_ROT and OEM_KEY1_EDMK for FSBLA and FSBLM. To use the dedicated FSBLM keys (OEM_KEY2_ROT and OEM_KEY2_EDMK) you must program bit 8 from OTP17.

[fsblm-keys 1]

[key-formats 1]

[key-formats 2]

[coding 1]