1. Memory mapping[edit | edit source]
The table below gives an overview of the BSEC OTP memory mapping with useful information in the context of this Wiki reading. It gives the global mapping view including the SoC restricted layout (immutable) and the additional ecosystem choice that is used with OpenSTLinux ecosystem.
OTP words 0 to 127 are called lower OTP and are bit wise programmable.
OTP words 128 to 255 are called middle OTP and are bulk programmable.
OTP words 256 to 383 are called upper OTP and are bulk programmable. These OTP are the one where sensitive information (such as password or private keys) must be stored.
Further information for the words and fields that are not explicitly described here can be found in the reference manual.
OTP word | Bit field (size) | Name | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Lower OTP region | |||||||||
0 | OTP_HW_WORD0 | OTP Check Word (virgin -> non virgin) | |||||||
1 | OTP_HW_WORD1 | OTP Security word to close security state BSECXW | |||||||
2 | OTP_HW_WORD2 | OTP Word for re-opening via RMA password : RMA bits | |||||||
3 | OTP_HW_WORD3 | OTP Word for re-opening via RMA password : RMA tries bits | |||||||
4 | OTP_HW_WORD4 | OTP word for TK Retries (ECIES) | |||||||
5 | ID0 | ID0 for Engineering purposes | |||||||
6 | ID1 | ID1 for Engineering purposes | |||||||
7 | ID2 | ID2 for Engineering purposes | |||||||
8 | Reserved | ||||||||
9 | RPN_CODING | STM32MP21 Reference Manuals | |||||||
10
BOOTROM_CONFIG_1 |
0-0 (1 bit) | chip cpbk y sign | Chip Public key sign of Y | ||||||
1-1 (1 bit) | stkeyprov ecies ok | Status of ECIES ST key provisionning when it was attempted. | |||||||
2-2 (1 bit) | stkeyprov hwkey done | ST HW Key provisionning done | |||||||
10-3 (8 bits) | security counter | security counter involved in productID for chip certificate verification by HSM-OEM in RSSe_prov context | |||||||
14-11 (4 bits) | st pub key id | ST ECDSA Public Key ID (ST Key Instance fuse part) involved in productID for chip certificate verification by HSM-OEM in RSSe_prov context | |||||||
22-15 (8 bits) | rssefw active signing key | 8 possible ST public keys (ST key revocation feature for RSSe_FW authentication) | |||||||
28-23 (6 bits) | nb added stsecrets | Number of additional ST secrets words provisionned | |||||||
31-29 (3 bits) | Reserved | - | |||||||
11
BOOTROM_CONFIG_2 |
0-0 (1 bit) | Reserved | |||||||
1-1 (1 bit) | sdmmc1 not default af | SDMMC1 default Afmux usage | |||||||
2-2 (1 bit) | sdmmc2 not default af | SDMMC2 default Afmux usage | |||||||
4-3 (2 bits) | Reserved | ||||||||
5-5 (1 bit) | no cpu pll | CPU PLL usage | |||||||
9-6 (4 bits) | Reserved | ||||||||
14-10 (5 bits) | disable uart | Disable UART instances | |||||||
15-15 (1 bit) | no data cache | Data cache usage | |||||||
23-16 (8 bits) | boot source disable | Each bit disable a boot source.
Default to UART if all disabled. | |||||||
25-24 (2 bits) | bootpins layout sel | Bootpins layout selection | |||||||
29-26 (4 bits) | boot source sel | Boot source selection | |||||||
30-30 (1 bit) | dont boot on cfm tamper | Disable boot on confirmed tamper feature | |||||||
31-31 (1 bit) | Reserved | ||||||||
12
BOOTROM_CONFIG_3 |
BOOTROM / FSBL-A version monotonic counter | ||||||||
13
BOOTROM_CONFIG_4 |
7-0 (8 bits) | Reserved | |||||||
11-8 (4 bits) | RNG configuration 3 | STM32MP21 Reference Manuals (RNG CR register) | |||||||
12 (1 bit) | NIST custom | STM32MP21 Reference Manuals (RNG CR register) | |||||||
15-13 (3 bits) | RNG configuration 2 | STM32MP21 Reference Manuals (RNG CR register) | |||||||
19-16 (4 bits) | Clock divider factor | STM32MP21 Reference Manuals (RNG CR register) | |||||||
27-20 (8 bits) | RNG configuration 2 | STM32MP21 Reference Manuals (RNG CR register) | |||||||
31-28 (4 bits) | Reserved | ||||||||
14
BOOTROM_CONFIG_5 |
17 -0 (18 bits) | RNG health test control configuration (HTCR0) | STM32MP21 Reference Manuals (RNG HTCR0 register) | ||||||
31-18 (14 bits) | Reserved | ||||||||
15
BOOTROM_CONFIG_6 |
8-0 (9 bits) | RNG noise source control | STM32MP21 Reference Manuals (RNG NSCR register) | ||||||
31-10 (22 bits) | Reserved | ||||||||
16
BOOTROM_CONFIG_7 |
0-0 (1 bit) | disable traces | Disable bootROM traces | ||||||
1-1 (1 bit) | disable hse freq detect | Disable HSE frequency autodetection | |||||||
2-2 (1 bit) | disable hse bypass detect | Disable HSE bypass detection | |||||||
3-3 (1 bit) | disable blocking failure traces | Disable traces done by blocking failure process | |||||||
4-4 (1 bit) | a35 mode | Select a35 architecture mode | |||||||
5-5 (1 bit) | fmc force sw reset | FMC is used by CA35 to connect a NAND and by CM33 to connect a NOR or PSRAM | |||||||
6-6 (1 bit) | emergency debug req | Emergency debug request | |||||||
7-7 (1 bit) | emmc 128k boot partition | Support eMMC with 128Kb boot partition | |||||||
8-8 (1 bit) | fsbl decrypt prio | FSBL decryption priority (speed or security) | |||||||
9-9 (1 bit) | Reserved | ||||||||
10-10 (1 bit) | Reserved | ||||||||
13-11 (3 bits) | HSE value | HSE value | |||||||
14-14 (1 bit) | snand need plane select 1 | NAND parameters bank1 - Serial NAND plane selection | |||||||
17-15 (3 bits) | pnand number of ecc bits 1 | NAND parameters bank1 - Number of Error Correction Code (ECC) bits | |||||||
18-18 (1 bit) | pnand bus width 1 | NAND parameters bank1 - Parallel NAND data witdh | |||||||
26-19 (8 bits) | nand nb of blocks 1 | NAND parameters bank1 - Number of blocks in unit of 256 blocks | |||||||
28-27 (2 bits) | nand block size 1 | NAND parameters bank1 - Block size in number of pages | |||||||
30-29 (2 bits) | nand page size 1 | NAND parameters bank1 - Page size | |||||||
31-31 (1 bit) | pnand param stored in otp | Parallel NAND parameters stored in OTP bank1 or bank2 | |||||||
17
BOOTROM_CONFIG_8 |
7-0 (8 bits) | oem active signing key1 | 8 possible OEM public keys (OEM key revocation feature for OEM-FSBL authentication) | ||||||
8-8 (1 bit) | oem keys2 enable | Enable second ECDSA OEM key set for FSBL-M authentication and decryption[fsblm-keys 1] | |||||||
31-16 (16 bits) | Reserved | ||||||||
18
BOOTROM_CONFIG_9 |
3-0 (4 bits) | secure boot | Enable enforced secure boot | ||||||
7-4 (4 bits) | prov done | RSSE provisioning done | |||||||
11-8 (4 bits) | debug lock | Lock debug enabling until next reset when chip is CLOSED-LOCKED | |||||||
15-12 (4 bits) | otp prov done | RSSe OTP provisioning done | |||||||
21-16 (6 bits) | Reserved | ||||||||
22-22 (1 bit) | ns epoch enable | Enable non secure EPOCH use | |||||||
26-23 (4 bits) | fingerprint enable | Enable fingerprint feature | |||||||
31-27 (5 bits) | free for future use | ||||||||
19
BOOTROM_CONFIG_10 |
31-0 (32 bits) | fsblm_monotonic | BOOTROM / OEM-FSBLM version monotonic counter | ||||||
20
BOOTROM_CONFIG_11 |
0-0 (1 bit) | nand config distribution | NAND configurations distribution | ||||||
1-1 (1 bit) | snand need plane select 2 | idem BOOTROM_CONFIG_7.snand_need_plane_select_1 | |||||||
4-2 (3 bits) | pnand number of ecc bits 2 | idem BOOTROM_CONFIG_7.pnand_number_of_ecc_bits_1 | |||||||
5-5 (1 bit) | pnand bus width 2 | idem BOOTROM_CONFIG_7.pnand_bus_width_1 | |||||||
13-6 (8 bits) | nand nb of blocks 2 | idem BOOTROM_CONFIG_7.nand_nb_of_blocks_1 | |||||||
15-14 (2 bits) | nand block size 2 | idem BOOTROM_CONFIG_7.nand_block_size_1 | |||||||
17-16 (2 bits) | nand page size 2 | idem BOOTROM_CONFIG_7.nand_page_size_1 | |||||||
18-18 (1 bit) | hyperflash 3V3 device | is HyperFlash a 3.3V device | |||||||
21-19 (3 bits) | rng htcr value | RNG HTCR value | |||||||
22-22 (1 bit) | ospi io speed ovrw | OSPI IO speed overwrite enable | |||||||
24-23 (2 bits) | ospi io speed clk nclk | OSPI IO speed of clk nclk IO | |||||||
25-24 (2 bits) | ospi io speed data cs | OSPI IO speed of CS IO | |||||||
31-26 (6 bits) | Reserved | ||||||||
21
BOOTROM_CONFIG_12 |
31-0 (32 bits) | rsse_monotonic | BOOTROM / RSSe FW version monotonic counter | ||||||
22
BOOTROM_CONFIG_13 |
7-0 (8 bits) | oem active signing key2 | 8 possible OEM public keys (OEM key revocation feature for OEM-FSBL authentication) | ||||||
31-8 (24 bits) | Reserved | ||||||||
23 | H32ENCPRVKEY | BOOTROM / Hash of E1CPvK | |||||||
24 | 31-0 (32 bits) | BOOTROM TZ EPOCH0 | Secure side Epoch counter | ||||||
25 | 31-0 (32 bits) | BOOTROM TZ EPOCH1 | |||||||
26 | 31-0 (32 bits) | BOOTROM TZ EPOCH2 | |||||||
27 | 31-0 (32 bits) | BOOTROM TZ EPOCH3 | |||||||
28 | 31-0 (32 bits) | BOOTROM TZ EPOCH4 | |||||||
29 | 31-0 (32 bits) | BOOTROM TZ EPOCH5 | |||||||
30 | 31-0 (32 bits) | BOOTROM TZ EPOCH6 | |||||||
31 | 31-0 (32 bits) | BOOTROM TZ EPOCH7 | |||||||
32 | 31-0 (32 bits) | BOOTROM NS EPOCH0 | Non Secure Epoch counter | ||||||
33 | 31-0 (32 bits) | BOOTROM NS EPOCH1 | |||||||
34 | 31-0 (32 bits) | BOOTROM NS EPOCH2 | |||||||
35 | 31-0 (32 bits) | BOOTROM NS EPOCH3 | |||||||
36 | 31-0 (32 bits) | BOOTROM NS EPOCH4 | |||||||
37 | 31-0 (32 bits) | BOOTROM NS EPOCH5 | |||||||
38 | 31-0 (32 bits) | BOOTROM NS EPOCH6 | |||||||
39 | 31-0 (32 bits) | BOOTROM NS EPOCH7 | |||||||
40 | Available for customer | ||||||||
41 | Available for customer | ||||||||
42 | Available for customer | ||||||||
43 | Available for customer | ||||||||
44 | Available for customer | ||||||||
45 | Available for customer | ||||||||
46 | Available for customer | ||||||||
47 | Available for customer | ||||||||
48 | Available for customer | ||||||||
49 | Available for customer | ||||||||
50 | Available for customer | ||||||||
51 | Available for customer | ||||||||
52 | Available for customer | ||||||||
53 | Available for customer | ||||||||
54 | Available for customer | ||||||||
55 | Available for customer | ||||||||
56 | Available for customer | ||||||||
57 | Available for customer | ||||||||
58 | Available for customer | ||||||||
59 | Available for customer | ||||||||
60 | Available for customer | ||||||||
61 | Available for customer | ||||||||
62 | Available for customer | ||||||||
63 | Available for customer | ||||||||
64 | Available for customer | ||||||||
65 | Available for customer | ||||||||
66 | Available for customer | ||||||||
67 | Available for customer | ||||||||
68 | Available for customer | ||||||||
69 | Available for customer | ||||||||
70 | Available for customer | ||||||||
71 | Available for customer | ||||||||
72 | Available for customer | ||||||||
73 | Available for customer | ||||||||
74 | Available for customer | ||||||||
75 | Available for customer | ||||||||
76 | Available for customer | ||||||||
77 | Available for customer | ||||||||
78 | Available for customer | ||||||||
79 | Available for customer | ||||||||
80 | Available for customer | ||||||||
81 | Available for customer | ||||||||
82 | Available for customer | ||||||||
83 | Available for customer | ||||||||
84 | Available for customer | ||||||||
85 | Available for customer | ||||||||
86 | Available for customer | ||||||||
87 | Available for customer | ||||||||
88 | Available for customer | ||||||||
89 | Available for customer | ||||||||
90 | Available for customer | ||||||||
91 | Available for customer | ||||||||
92 | Available for customer | ||||||||
93 | Available for customer | ||||||||
94 | Available for customer | ||||||||
95 | Available for customer | ||||||||
96 | Available for customer | ||||||||
97 | Available for customer | ||||||||
98 | Available for customer | ||||||||
99 | Available for customer | ||||||||
100 | Available for customer | ||||||||
101 | ADAC_SOC_MASK | Control the maximum debug level possible via ADAC | |||||||
102 | ID | STM32MP21 Reference Manuals | |||||||
103 | CRC_HSM | ||||||||
104 | CAL1 | STM32MP21 Reference Manuals | |||||||
105 | Reserved | ||||||||
106 | CAL3 | STM32MP21 Reference Manuals | |||||||
107 | Reserved | ||||||||
108 | CAL5 | STM32MP21 Reference Manuals | |||||||
109 | Reserved | ||||||||
110 | CAL7 | STM32MP21 Reference Manuals | |||||||
111 | Reserved | ||||||||
112 | ENGI1 | Engineering | |||||||
113 | ENGI2 | Engineering | |||||||
114 | ENGI3 | Engineering | |||||||
115 | ENGI4 | Engineering | |||||||
116 | ENGI5 | Engineering | |||||||
117 | ENGI6 | Engineering | |||||||
118 | ENGI7 | Engineering | |||||||
119 | ENGI8 | Engineering | |||||||
120 | ATRIM1 | STM32MP21 Reference Manuals | |||||||
121 | ATRIM2 | STM32MP21 Reference Manuals | |||||||
122 | ATRIM3 | STM32MP21 Reference Manuals | |||||||
123 | ATRIM4 | STM32MP21 Reference Manuals | |||||||
124 | HCONF1 | STM32MP21 Reference Manuals | |||||||
125 | MREPAIR1 | ||||||||
126 | MREPAIR2 | ||||||||
127 | MREPAIR3 | ||||||||
Middle OTP region | |||||||||
128 | 31-0 (32 bits) | STM32CERTIF0 | STM32 chip certificate (public key)[key-formats 1] | ||||||
129 | 31-0 (32 bits) | STM32CERTIF1 | |||||||
130 | 31-0 (32 bits) | STM32CERTIF2 | |||||||
131 | 31-0 (32 bits) | STM32CERTIF3 | |||||||
132 | 31-0 (32 bits) | STM32CERTIF4 | |||||||
133 | 31-0 (32 bits) | STM32CERTIF5 | |||||||
134 | 31-0 (32 bits) | STM32CERTIF6 | |||||||
135 | 31-0 (32 bits) | STM32CERTIF7 | |||||||
136 | 31-0 (32 bits) | STM32CERTIF8 | |||||||
137 | 31-0 (32 bits) | STM32CERTIF9 | |||||||
138 | 31-0 (32 bits) | STM32CERTIF10 | |||||||
139 | 31-0 (32 bits) | STM32CERTIF11 | |||||||
140 | 31-0 (32 bits) | STM32CERTIF12 | |||||||
141 | 31-0 (32 bits) | STM32CERTIF13 | |||||||
142 | 31-0 (32 bits) | STM32CERTIF14 | |||||||
143 | 31-0 (32 bits) | STM32CERTIF15 | |||||||
144 | 31-0 (32 bits) | STM32CERTIF16 | |||||||
145 | 31-0 (32 bits) | STM32CERTIF17 | |||||||
146 | 31-0 (32 bits) | STM32CERTIF18 | |||||||
147 | 31-0 (32 bits) | STM32CERTIF19 | |||||||
148 | 31-0 (32 bits) | STM32CERTIF20 | |||||||
149 | 31-0 (32 bits) | STM32CERTIF21 | |||||||
150 | 31-0 (32 bits) | STM32CERTIF22 | |||||||
151 | 31-0 (32 bits) | STM32CERTIF23 | |||||||
152 | 31-0 (32 bits) | OEM KEY1 ROT0 | OEM Key1 Root of Trust Hash[key-formats 1][fsblm-keys 1] | ||||||
153 | 31-0 (32 bits) | OEM KEY1 ROT1 | |||||||
154 | 31-0 (32 bits) | OEM KEY1 ROT2 | |||||||
155 | 31-0 (32 bits) | OEM KEY1 ROT3 | |||||||
156 | 31-0 (32 bits) | OEM KEY1 ROT4 | |||||||
157 | 31-0 (32 bits) | OEM KEY1 ROT5 | |||||||
158 | 31-0 (32 bits) | OEM KEY1 ROT6 | |||||||
159 | 31-0 (32 bits) | OEM KEY1 ROT7 | |||||||
160 | 31-0 (32 bits) | OEM KEY2 ROT0 | OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1] | ||||||
161 | 31-0 (32 bits) | OEM KEY2 ROT1 | |||||||
162 | 31-0 (32 bits) | OEM KEY2 ROT2 | |||||||
163 | 31-0 (32 bits) | OEM KEY2 ROT3 | |||||||
164 | 31-0 (32 bits) | OEM KEY2 ROT4 | |||||||
165 | 31-0 (32 bits) | OEM KEY2 ROT5 | |||||||
166 | 31-0 (32 bits) | OEM KEY2 ROT6 | |||||||
167 | 31-0 (32 bits) | OEM KEY2 ROT7 | |||||||
168 | 31-0 (32 bits) | STM32PUBKEY0 | STM32 chip public key[key-formats 1] | ||||||
169 | 31-0 (32 bits) | STM32PUBKEY1 | |||||||
170 | 31-0 (32 bits) | STM32PUBKEY2 | |||||||
171 | 31-0 (32 bits) | STM32PUBKEY3 | |||||||
172 | 31-0 (32 bits) | STM32PUBKEY4 | |||||||
173 | 31-0 (32 bits) | STM32PUBKEY5 | |||||||
174 | 31-0 (32 bits) | STM32PUBKEY6 | |||||||
175 | 31-0 (32 bits) | STM32PUBKEY7 | |||||||
176 | 31-0 (32 bits) | STM32PUBKEY8 | |||||||
177 | 31-0 (32 bits) | STM32PUBKEY9 | |||||||
178 | 31-0 (32 bits) | STM32PUBKEY10 | |||||||
179 | 31-0 (32 bits) | STM32PUBKEY11 | |||||||
A35-TD flavor ![]() |
M33-TD flavor ![]() | ||||||||
Name | Description | Name | Description | ||||||
180 | RPROC-FW-PKH_0 | Hash of the Public Key for remote processor firmware[key-formats 2] | Available for customer | ||||||
181 | RPROC-FW-PKH_1 | Available for customer | |||||||
182 | RPROC-FW-PKH_2 | Available for customer | |||||||
183 | RPROC-FW-PKH_3 | Available for customer | |||||||
184 | RPROC-FW-PKH_4 | Available for customer | |||||||
185 | RPROC-FW-PKH_5 | Available for customer | |||||||
186 | RPROC-FW-PKH_6 | Available for customer | |||||||
187 | RPROC-FW-PKH_7 | Available for customer | |||||||
A35-TD flavor ![]() |
M33-TD flavor ![]() | ||||||||
Name | Description | Name | Description | ||||||
188 | Available for customer | FSBLM-M33-FW-PKH_0 | Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2] | ||||||
189 | Available for customer | FSBLM-M33-FW-PKH_1 | |||||||
190 | Available for customer | FSBLM-M33-FW-PKH_2 | |||||||
191 | Available for customer | FSBLM-M33-FW-PKH_3 | |||||||
192 | Available for customer | FSBLM-M33-FW-PKH_4 | |||||||
193 | Available for customer | FSBLM-M33-FW-PKH_5 | |||||||
194 | Available for customer | FSBLM-M33-FW-PKH_6 | |||||||
195 | Available for customer | FSBLM-M33-FW-PKH_7 | |||||||
A35-TD flavor ![]() |
M33-TD flavor ![]() | ||||||||
Name | Description | Name | Description | ||||||
196 | Available for customer | FSBLM-DDR-FW-PKH_0 | Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2] | ||||||
197 | Available for customer | FSBLM-DDR-FW-PKH_1 | |||||||
198 | Available for customer | FSBLM-DDR-FW-PKH_2 | |||||||
199 | Available for customer | FSBLM-DDR-FW-PKH_3 | |||||||
200 | Available for customer | FSBLM-DDR-FW-PKH_4 | |||||||
201 | Available for customer | FSBLM-DDR-FW-PKH_5 | |||||||
202 | Available for customer | FSBLM-DDR-FW-PKH_6 | |||||||
203 | Available for customer | FSBLM-DDR-FW-PKH_7 | |||||||
A35-TD flavor ![]() |
M33-TD flavor ![]() | ||||||||
Name | Description | Name | Description | ||||||
204 | Available for customer | FSBLM-A35-FW-PKH_0 | Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2] | ||||||
205 | Available for customer | FSBLM-A35-FW-PKH_1 | |||||||
206 | Available for customer | FSBLM-A35-FW-PKH_2 | |||||||
207 | Available for customer | FSBLM-A35-FW-PKH_3 | |||||||
208 | Available for customer | FSBLM-A35-FW-PKH_4 | |||||||
209 | Available for customer | FSBLM-A35-FW-PKH_5 | |||||||
210 | Available for customer | FSBLM-A35-FW-PKH_6 | |||||||
211 | Available for customer | FSBLM-A35-FW-PKH_7 | |||||||
212 | Available for customer | ||||||||
213 | Available for customer | ||||||||
214 | Available for customer | ||||||||
215 | Available for customer | ||||||||
216 | Available for customer | ||||||||
217 | Available for customer | ||||||||
218 | Available for customer | ||||||||
219 | Available for customer | ||||||||
220 | Available for customer | ||||||||
221 | Available for customer | ||||||||
222 | Available for customer | ||||||||
223 | Available for customer | ||||||||
224 | Available for customer | ||||||||
225 | Available for customer | ||||||||
226 | Available for customer | ||||||||
227 | Available for customer | ||||||||
228 | Available for customer | ||||||||
229 | Available for customer | ||||||||
230 | Available for customer | ||||||||
231 | Available for customer | ||||||||
232 | Available for customer | ||||||||
233 | Available for customer | ||||||||
234 | Available for customer | ||||||||
235 | Available for customer | ||||||||
236 | Available for customer | ||||||||
237 | Available for customer | ||||||||
238 | OEM ADAC ROTPK HASH0 | OEM ADAC key Root of Trust Hash | |||||||
239 | OEM ADAC ROTPK HASH1 | ||||||||
240 | OEM ADAC ROTPK HASH2 | ||||||||
241 | OEM ADAC ROTPK HASH3 | ||||||||
242 | OEM ADAC ROTPK HASH4 | ||||||||
243 | OEM ADAC ROTPK HASH5 | ||||||||
244 | OEM ADAC ROTPK HASH6 | ||||||||
245 | OEM ADAC ROTPK HASH7 | ||||||||
246 | ST_BOARD_ID | Identifier for ST boards (available to customer on chip) | |||||||
247 | MAC_ADDR_0 | Mac address [coding 1] | |||||||
248 | MAC_ADDR_1 | Mac address [coding 1] | |||||||
249 | MAC_ADDR_2 | Mac address [coding 1] | |||||||
250 | MAC_ADDR_3 | Mac address [coding 1] | |||||||
251 | MAC_ADDR_4 | Mac address [coding 1] | |||||||
252 | MAC_ADDR_5 | Mac address [coding 1] | |||||||
253 | MAC_ADDR_6 | Mac address [coding 1] | |||||||
254 | MAC_ADDR_7 | Mac address [coding 1] | |||||||
255 | ST_RSSE_EDMK_DERIV_CSTE_FUSE | ST Encryption Decryption Master Key Derivation constant | |||||||
Upper OTP region | |||||||||
256 | OTP_RMA_LOCK_PSWD0 | RMA lock password (128 bit) | |||||||
257 | OTP_RMA_LOCK_PSWD1 | ||||||||
258 | OTP_RMA_LOCK_PSWD2 | ||||||||
259 | OTP_RMA_LOCK_PSWD3 | ||||||||
260 | FIP-EDMK0 | FIP encryption decryption master key (256-bit) | |||||||
261 | FIP-EDMK1 | ||||||||
262 | FIP-EDMK2 | ||||||||
263 | FIP-EDMK3 | ||||||||
264 | FIP-EDMK4 | ||||||||
265 | FIP-EDMK5 | ||||||||
266 | FIP-EDMK6 | ||||||||
267 | FIP-EDMK7 | ||||||||
268 | OEM Secrets available to customer | ||||||||
269 | OEM Secrets available to customer | ||||||||
270 | OEM Secrets available to customer | ||||||||
271 | OEM Secrets available to customer | ||||||||
272 | OEM Secrets available to customer | ||||||||
273 | OEM Secrets available to customer | ||||||||
274 | OEM Secrets available to customer | ||||||||
275 | OEM Secrets available to customer | ||||||||
276 | OEM Secrets available to customer | ||||||||
277 | OEM Secrets available to customer | ||||||||
278 | OEM Secrets available to customer | ||||||||
279 | OEM Secrets available to customer | ||||||||
280 | OEM Secrets available to customer | ||||||||
281 | OEM Secrets available to customer | ||||||||
282 | OEM Secrets available to customer | ||||||||
283 | OEM Secrets available to customer | ||||||||
284 | OEM Secrets available to customer | ||||||||
285 | OEM Secrets available to customer | ||||||||
286 | OEM Secrets available to customer | ||||||||
287 | OEM Secrets available to customer | ||||||||
288 | OEM Secrets available to customer | ||||||||
289 | OEM Secrets available to customer | ||||||||
290 | OEM Secrets available to customer | ||||||||
291 | OEM Secrets available to customer | ||||||||
292 | OEM Secrets available to customer | ||||||||
293 | OEM Secrets available to customer | ||||||||
294 | OEM Secrets available to customer | ||||||||
295 | OEM Secrets available to customer | ||||||||
296 | OEM Secrets available to customer | ||||||||
297 | OEM Secrets available to customer | ||||||||
298 | OEM Secrets available to customer | ||||||||
299 | OEM Secrets available to customer | ||||||||
300 | OEM Secrets available to customer | ||||||||
301 | OEM Secrets available to customer | ||||||||
302 | OEM Secrets available to customer | ||||||||
303 | OEM Secrets available to customer | ||||||||
304 | OEM Secrets available to customer | ||||||||
305 | OEM Secrets available to customer | ||||||||
306 | OEM Secrets available to customer | ||||||||
307 | OEM Secrets available to customer | ||||||||
308 | OEM Secrets available to customer | ||||||||
309 | OEM Secrets available to customer | ||||||||
310 | OEM Secrets available to customer | ||||||||
311 | OEM Secrets available to customer | ||||||||
312 | OEM Secrets available to customer | ||||||||
313 | OEM Secrets available to customer | ||||||||
314 | OEM Secrets available to customer | ||||||||
315 | OEM Secrets available to customer | ||||||||
316 | OEM Secrets available to customer | ||||||||
317 | OEM Secrets available to customer | ||||||||
318 | OEM Secrets available to customer | ||||||||
319 | OEM Secrets available to customer | ||||||||
320 | OEM Secrets available to customer | ||||||||
321 | OEM Secrets available to customer | ||||||||
322 | OEM Secrets available to customer | ||||||||
323 | OEM Secrets available to customer | ||||||||
324 | OEM Secrets available to customer | ||||||||
325 | OEM Secrets available to customer | ||||||||
326 | OEM Secrets available to customer | ||||||||
327 | OEM Secrets available to customer | ||||||||
328 | OEM Secrets available to customer | ||||||||
329 | OEM Secrets available to customer | ||||||||
330 | OEM Secrets available to customer | ||||||||
331 | OEM Secrets available to customer | ||||||||
A35-TD flavor ![]() |
M33-TD flavor ![]() | ||||||||
Name | Description | Name | Description | ||||||
332 | RPROC-FW-ENC-KEY0 | Encryption/Decryption Key for remote processor firmware | BL2_ASYM_PRVK_KEY0 | BL2 Asymmetric private key for encryption | |||||
333 | RPROC-FW-ENC-KEY1 | BL2_ASYM_PRVK_KEY0 | |||||||
334 | RPROC-FW-ENC-KEY2 | BL2_ASYM_PRVK_KEY2 | |||||||
335 | RPROC-FW-ENC-KEY3 | BL2_ASYM_PRVK_KEY3 | |||||||
336 | RPROC-FW-ENC-KEY4 | BL2_ASYM_PRVK_KEY4 | |||||||
337 | RPROC-FW-ENC-KEY5 | BL2_ASYM_PRVK_KEY5 | |||||||
338 | RPROC-FW-ENC-KEY6 | BL2_ASYM_PRVK_KEY6 | |||||||
339 | RPROC-FW-ENC-KEY7 | BL2_ASYM_PRVK_KEY7 | |||||||
340 | TF-M IAK0 | Initial attestation 256-bit key (Symmetric or Asymmetric key) | |||||||
341 | TF-M IAK1 | ||||||||
342 | TF-M IAK2 | ||||||||
343 | TF-M IAK3 | ||||||||
344 | TF-M IAK4 | ||||||||
345 | TF-M IAK5 | ||||||||
346 | TF-M IAK6 | ||||||||
347 | TF-M IAK7 | ||||||||
348 | 31-0 (32 bits) | OEM KEY2 EDMK0 | OEM master key used to derive FSBLM decryption key. This key must use Format 1 .
| ||||||
349 | 31-0 (32 bits) | OEM KEY2 EDMK1 | |||||||
350 | 31-0 (32 bits) | OEM KEY2 EDMK2 | |||||||
351 | 31-0 (32 bits) | OEM KEY2 EDMK3 | |||||||
352 | 31-0 (32 bits) | OEM KEY2 EDMK4 | |||||||
353 | 31-0 (32 bits) | OEM KEY2 EDMK5 | |||||||
354 | 31-0 (32 bits) | OEM KEY2 EDMK6 | |||||||
355 | 31-0 (32 bits) | OEM KEY2 EDMK7 | |||||||
356 | 31-0 (32 bits) | OEM KEY1 EDMK0 | OEM master key used to derive FSBLA or M decryption key. This key must use Format 1 .
| ||||||
357 | 31-0 (32 bits) | OEM KEY1 EDMK1 | |||||||
358 | 31-0 (32 bits) | OEM KEY1 EDMK2 | |||||||
359 | 31-0 (32 bits) | OEM KEY1 EDMK3 | |||||||
360 | 31-0 (32 bits) | OEM KEY1 EDMK4 | |||||||
361 | 31-0 (32 bits) | OEM KEY1 EDMK5 | |||||||
362 | 31-0 (32 bits) | OEM KEY1 EDMK6 | |||||||
363 | 31-0 (32 bits) | OEM KEY1 EDMK7 | |||||||
364 | 31-0 (32 bits) | STM32PRVKEY0 | STM32 ECC chip private key | ||||||
365 | 31-0 (32 bits) | STM32PRVKEY1 | |||||||
366 | 31-0 (32 bits) | STM32PRVKEY2 | |||||||
367 | 31-0 (32 bits) | STM32PRVKEY3 | |||||||
368 | 31-0 (32 bits) | STM32PRVKEY4 | |||||||
369 | 31-0 (32 bits) | STM32PRVKEY5 | |||||||
370 | 31-0 (32 bits) | STM32PRVKEY6 | |||||||
371 | 31-0 (32 bits) | STM32PRVKEY7 | |||||||
372 | 31-0 (32 bits) | STM32PRVKEY8 | |||||||
373 | 31-0 (32 bits) | STM32PRVKEY9 | |||||||
374 | 31-0 (32 bits) | STM32PRVKEY10 | |||||||
375 | 31-0 (32 bits) | STM32PRVKEY11 | |||||||
376 | 31-0 (32 bits) | HWKEY0 | Secret hardware unique key | ||||||
377 | 31-0 (32 bits) | HWKEY1 | |||||||
378 | 31-0 (32 bits) | HWKEY2 | |||||||
379 | 31-0 (32 bits) | HWKEY3 | |||||||
380 | 31-0 (32 bits) | HWKEY4 | |||||||
381 | 31-0 (32 bits) | HWKEY5 | |||||||
382 | 31-0 (32 bits) | HWKEY6 | |||||||
383 | 31-0 (32 bits) | HWKEY7 |
2. References[edit | edit source]
2.1. Key storage in OTP[edit | edit source]
Keys are represented as a string of byte to be stored in consecutive OTP words.
For example, a 64-bit key (0xAABBCCDDEEFF5566) is stored into two consecutive OTP words KEY0 and KEY1.
A key is stored in OTP words using one of the following formats:
- ↑ Jump up to: 1.0 1.1 1.2 1.3 KEY0 = 0xAABBCCDD, KEY1 = 0xEEFF5566
- ↑ Jump up to: 2.0 2.1 2.2 2.3 KEY0 = 0xDDCCBBAA, KEY1 = 0x6655FFEE
2.2. MAC address[edit | edit source]
- ↑ Jump up to: 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7
Mac addresses are stored as octets list using the following coding convention:
- OTP 247: mac_addr_1[4 first octets]
- OTP 248: mac_addr_2[2 first octets] | mac_addr_1[2 last octets]
- OTP 249: mac_addr_2[4 last octets]
- OTP 250: mac_addr_3[4 first octets]
- ...
- mac_addr1 : 10:E7:7A:E3:95:F4
- mac_addr2 : 10:E7:7A:E3:95:F5
- ...
On STM32MP257F-EV1 Evaluation boardthe ETH2 use the first mac address (ethernet0 = ð2), ETH1 use the second mac address (ethernet1 = ð1).
On STM32MP257F-DK Discovery kitthe ETH1 use the first mac address (ethernet0 = ð1).
On the default mapping the MAC 3, 4 and 5 are assigned to TSN switch (depending on product version).
A unused MAC address (for example when TSN is not used) should be set to FF:FF:FF:FF:FF:FF, to avoids the trace "invalid MAC address" in U-Boot.
2.3. FSBL-M keys[edit | edit source]
- ↑ Jump up to: 1.0 1.1 1.2
By default STM32MP21x lines
use OEM_KEY1_ROT and OEM_KEY1_EDMK for FSBLA and FSBLM. To use the dedicated FSBLM keys (OEM_KEY2_ROT and OEM_KEY2_EDMK) you must program bit 8 from OTP17.