STM32MP23-25 OTP mapping

Applicable for

1. OTP memory mapping[edit | edit source]

The table below gives an overview of the BSEC OTP memory mapping with useful information in the context of this Wiki reading. It gives the global mapping view including the SoC restricted layout (immutable) and the additional ecosystem choice that is used with OpenSTLinux ecosystem.

OTP words 0 to 127 are called lower OTP and are bit wise programmable.
OTP words 128 to 255 are called middle OTP and are bulk programmable.
OTP words 256 to 383 are called upper OTP and are bulk programmable. These OTP are the one where sensitive information (such as password or private keys) must be stored.

Further information for the words and fields that are not explicitly described here can be found in the reference manual.

1.1. Lower OTP region[edit | edit source]

		For both TD flavor (A35-TD or M33-TD)
OTP word	Bit field (size)	Name	Description
0		OTP_HW_WORD0	OTP Check Word (virgin -> non virgin)
1		OTP_HW_WORD1	OTP Security word to close security state BSECXW
2		OTP_HW_WORD2	OTP Word for re-opening via RMA password : RMA bits
3		OTP_HW_WORD3	OTP Word for re-opening via RMA password : RMA tries bits
4		OTP_HW_WORD4	OTP word for TK retries (ECIES) and retention cell disabling
5		ID0	ID0 for Engineering purposes
6		ID1	ID1 for Engineering purposes
7		ID2	ID2 for Engineering purposes
8		Reserved
9		RPN_CODING	STM32MP23 or STM32MP25 Reference Manuals
10 BOOTROM_CONFIG_1	0-0 (1 bit)	Reserved
	1-1 (1 bit)	stkeyprov ecies ok	Status of ECIES ST key provisionning when it was attempted. 0: ECIES ST key provisionning last attempt was failed 1: ECIES ST key provisionning last attempt was successfull
	2-2 (1 bit)	stkeyprov hwkey done	ST HW key provisionning done 0: HWKEY not provisionned 1: HWKEY was provisioned
	6-3 (4 bits)	Reserved
	14-7 (8 bits)	Security counter	Security counter involved in productID for chip certificate verification by HSM-OEM in RSSe_prov context
	18-15 (4 bits)	st pub key id	ST ECDSA Public Key ID (ST Key Instance fuse part) involved in productID for chip certificate verification by HSM-OEM in RSSe_prov context
	26-19 (8 bits)	rssefw active signing key	Eight possible ST public keys (ST key revocation feature for RSSe_FW authentication) [1-0xFF] -> [1-8]: Value of monotonic counter is X where X is position of the most significant bit at 1.
	31-27 (5 bits)	Reserved
11 BOOTROM_CONFIG_2	4-0 (5 bits)	Reserved
	5-5 (1 bit)	no cpu pll	CPU PLL usage 0: PLLs for CPU/AXI are enable for cold boot. 1: PLLs for CPU/AXI are not enable for cold boot
	9-6 (4 bits)	Reserved
	14-10 (5 bits)	Disable uart	Disable UART instances 0b00001: disable USART2 0b00010: disable UART5 0b00100: disable UART6 0b01000: disable UART8 0b10000: disable UART9
	15-15 (1 bit)	No data cache	Data cache usage 0: Data cache is used by bootrom. 1: Data cache is not used by bootrom.
	23-16 (8 bits)	Boot source disable	Each bit disable a boot source. Default to UART if all disabled. 0b00000001: disable FMC boot source. 0b00000010: disable QSPI NOR boot source. 0b00000100: disable eMMC boot source. 0b00001000: disable SD boot source. 0b00010000: disable UART boot source. 0b00100000: disable USB boot source. 0b01000000: disable QSPI NAND boot source. 0b10000000: disable QSPI HyperFlash boot source.
	25-24 (2 bits)	Bootpins layout sel	Bootpins layout selection [0-3]: Select one among the four possible bootpins layout
	29-26 (4 bits)	Boot source sel	Boot source selection [0-15]: Select one among the 16 possible boot source of the selected bootpins layout
	31-30 (2 bits)	Reserved
12 BOOTROM_CONFIG_3	31-0 (32 bits)	oem fsbla monotonic counter	OEM FSBL-A image version monotonic counter [1-0xFFFFFFFF] -> [1-32]: Value of monotonic counter is X where X is position of the most significant bit at 1.
13 BOOTROM_CONFIG_4	31-0 (32 bits)	Reserved
14 BOOTROM_CONFIG_5	31-0 (32 bits)	Reserved
15 BOOTROM_CONFIG_6	31-0 (32 bits)	Reserved
16 BOOTROM_CONFIG_7	0-0 (1 bit)	Disable traces	Disable bootROM traces 0: bootROM traces are enabled 1: bootROM traces are disabled
	1-1 (1 bit)	Disable hse freq detect	Disable HSE frequency autodetection 0: HSE frequency autodetection is enabled 1: HSE frequency autodetection is disabled
	2-2 (1 bit)	Disable hse bypass detect	Disable HSE bypass detection 0: HSE bypass detection is enabled 1: HSE bypass detection is disabled
	3-3 (1 bit)	Disable blocking failure traces	Disable traces done by blocking failure process 0: blocking failure traces are enabled 1: blocking failure traces are disabled
	4-4 (1 bit)	a35 mode	Select a35 architecture mode 0: FSBL-A is AArch64 1: FSBL-A is AArch32
	5-5 (1 bit)	fmc force sw reset	FMC is used by CA35 to connect a NAND and by CM33 to connect a NOR or PSRAM 0: Use RCC to reset FMC 1: Use sw procedure to reset FMC witout impacting CM33
	6-6 (1 bit)	Emergency debug req	Emergency debug request 0: emergency debug is not requested 1: emergency debug is requested
	7-7 (1 bit)	emmc 128k boot partition	Support eMMC with 128Kb boot partition 0: bootROM does not support eMMC with 128Kb boot partition. 1: bootROM supports eMMC with 128Kb boot partition.
	8-8 (1 bit)	fsbl decrypt prio	FSBL decryption priority (speed or security) 0: use CRYP (fast but no DPA protection) 1: use SAES (slow but DPA protection))
	9-9 (1 bit)	iomgr port	IO manager port selection 0: select IOM port1 1: select IOM port2
	10-10 (1 bit)	iomgr muxen	IO manager port muxing enable 0: IOM muxing disabled 1: IOM muxing enabled
	13-11 (3 bits)	HSE value	HSE value 0b000: HSE value is autodetected among 16, 20, 24, 28, 32, 36, 40, 48MHz 0b001: HSE = 24MHz 0b010: HSE = 25MHz 0b011: HSE = 26MHz 0b100 (19_2 Mhz): HSE = 19.2MHz 0b101: HSE = 40MHz 0b110: HSE = 48MHz 0b111: Reserved
	14-14 (1 bit)	snand need plane select 1	NAND parameters bank1 - Serial NAND plane selection 0: Serial NAND plane select is not needed. 1: Serial NAND plane select is need
	17-15 (3 bits)	pnand number of ecc bits 1	NAND parameters bank1 - Number of Error Correction Code (ECC) bits 0: ECC unset. 1: ECC 1bit (Hamming). 2: ECC 4bit (BCH4). 3: ECC 8bit (BCH8). 4: on-die ECC.
	18-18 (1 bit)	pnand bus width 1	NAND parameters bank1 - Parallel NAND data witdh 0: data width is 8 bits 1: data width is 16 bits
	26-19 (8 bits)	nand nb of blocks 1	NAND parameters bank1 - Number of blocks in unit of 256 blocks [1-256]: Number of block = 256 * value
	28-27 (2 bits)	nand block size 1	NAND parameters bank1 - Block size in number of pages 0: 64 pages per block. 1: 128 pages per block. 2: 256 pages per block
	30-29 (2 bits)	nand page size 1	NAND parameters bank1 - Page size 0: 2Kbytes. 1: 4Kbytes. 2: 8Kbytes
	31-31 (1 bit)	pnand param stored in otp	Parallel NAND parameters stored in OTP bank1 or bank2 0: BootROM uses ONFI parameter table to get parallel nand parameters. 1: parallel nand parameters are defined in bank1 or bank2, depending on nand_config_distribution value.
17 BOOTROM_CONFIG_8	7-0 (8 bits)	oem active signing key1	Eight possible OEM public keys (OEM key revocation feature for OEM-FSBL authentication) [1-256] -> [1-8]: Value of monotonic counter is X where X is position of the most significant bit at 1.
	8-8 (1 bit)	oem keys2 enable	Enable second ECDSA OEM key set for FSBL-M authentication and decryption^{[fsblm-keys 1]} 0: keys2 are not used; keys1 are used for both FSBLA and FSBLM 1: keys2 are enabled; keys1 are used for FSBLA; keys2 are used for FSBLM
	31-16 (16 bits)	Reserved
18 BOOTROM_CONFIG_9	3-0 (4 bits)	secure boot	Enable enforced secure boot 0: Chip is in CLOSED_UNLOCKED state. Secure boot is not enforced (FSBL authentication is not mandatory). [1-15]: Chip is in CLOSED_LOCKED state. Secure boot is enforced (FSBL authentication is mandatory)
	7-4 (4 bits)	prov done	RSSE provisioning done 0: RSSE provisioning is not done [1-15]: RSSE provisioning is done
	11-8 (4 bits)	debug lock	Lock debug enabling until next reset when chip is CLOSED-LOCKED 0: Don't lock debug enabling [1-15]: Lock debug enabling
	15-12 (4 bits)	otp prov done	RSSe OTP provisioning done 0: RSSe OTP provisioning is not done [1-15]: RSSe OTP provisioning part done, used to manage RSSe extension issue
	21-16 (6 bits)	nb added stsecrets	nb of OTP words located in upper area [360-nb_added_stsecrets..359] that were provisionned (in encrypted mode) with ST secrets. Those will be decoded and used by RSSE fw. Coding up to 64 ST secrets to provision in EWS (with DEV_BOOT).
	25-22 (4 bits)	rsse nb attempts	Monotonic counter to check the number of RSSe retry when an issue occurred during the provisioning process. The number is limited to four retries.
	31-26 (6 bits)	Reserved
19 BOOTROM_CONFIG_10	31-0 (32 bits)	oem_fsblm_monotonic_counter	Monotonic version number of OEM-FSBL [1-0xFFFFFFFF] -> [1-32]: Value of monotonic counter is X where X is position of the most significant bit at 1.
20 BOOTROM_CONFIG_11	0-0 (1 bit)	nand config distribution	NAND configurations distribution 0: pNAND config in nand_2 fields / sNAND config in nand_1 fields 1: pNAND config in nand_1 fields / sNAND config in nand_2 fields
	1-1 (1 bit)	snand need plane select 2	idem BOOTROM_CONFIG_7.snand_need_plane_select_1
	4-2 (3 bits)	pnand number of ecc bits 2	idem BOOTROM_CONFIG_7.pnand_number_of_ecc_bits_1
	5-5 (1 bit)	pnand bus width 2	idem BOOTROM_CONFIG_7.pnand_bus_width_1
	13-6 (8 bits)	nand nb of blocks 2	idem BOOTROM_CONFIG_7.nand_nb_of_blocks_1
	15-14 (2 bits)	nand block size 2	idem BOOTROM_CONFIG_7.nand_block_size_1
	17-16 (2 bits)	nand page size 2	idem BOOTROM_CONFIG_7.nand_page_size_1
	18-18 (1 bit)	hyperflash 3V3 device	Is HyperFlash a 3.3 V device 0: No 1: Yes
	21-19 (3 bits)	rng htcr value	RNG HTCR value 0: default value, RNG HTCR not modified 1: 0xA2B3 2: 0xAA74 3: 0xA6BA 4: 0x9AAE 5: 0x72AC 6: 0xAAC7 other: default value, RNG HTCR not modified
	22-22 (1 bit)	ospi io speed ovrw	OSPI IO speed overwrite enable 0: OSPI io speed is not overwritten by otp configuration 1: OSPI io speed is overwritten by otp configuration
	24-23 (2 bits)	ospi io speed clk nclk	OSPI IO speed of clk nclk IO 0b00: low speed. 0b01: medium speed. 0b10: high speed 0b11: very high speed
	26-25 (2 bits)	ospi io speed data cs	OSPI IO speed of CS IO 0b00: low speed. 0b01: medium speed. 0b10: high speed 0b11: very high speed
	31-27 (5 bits)	Reserved
21 BOOTROM_CONFIG_12	31-0 (32 bits)	rssefw version monotonic counter	Monotonic version number of RSSe FW [1-0xFFFF] -> [1-32]: Value of monotonic counter is X where X is position of the most significant bit at 1.
22 BOOTROM_CONFIG_13	7-0 (8 bits)	oem active signing key2	Eight possible OEM public keys (OEM key revocation feature for OEM-FSBL authentication) [1-256] -> [1-8]: Value of monotonic counter is X where X is position of the most significant bit at 1.
22 BOOTROM_CONFIG_13	31-8 (24 bits)	Reserved
23 to 101		Available for customer
102		ID	STM32MP23 or STM32MP25 Reference Manuals
103		CRC_HSM	STM32MP23 or STM32MP25 Reference Manuals
104		CAL1	STM32MP23 or STM32MP25 Reference Manuals
105		CAL2	STM32MP23 or STM32MP25 Reference Manuals
106		CAL3	STM32MP23 or STM32MP25 Reference Manuals
107		CAL4	STM32MP23 or STM32MP25 Reference Manuals
108		CAL5	STM32MP23 or STM32MP25 Reference Manuals
109		CAL6	STM32MP23 or STM32MP25 Reference Manuals
110		CAL7	STM32MP23 or STM32MP25 Reference Manuals
111		CAL8	STM32MP23 or STM32MP25 Reference Manuals
112		ENGI1	STM32MP23 or STM32MP25 Reference Manuals
113		ENGI2	STM32MP23 or STM32MP25 Reference Manuals
114		ENGI3	STM32MP23 or STM32MP25 Reference Manuals
115		ENGI4	STM32MP23 or STM32MP25 Reference Manuals
116		ENGI5	STM32MP23 or STM32MP25 Reference Manuals
117		ENGI6	STM32MP23 or STM32MP25 Reference Manuals
118		ENGI7	STM32MP23 or STM32MP25 Reference Manuals
119		ENGI8	STM32MP23 or STM32MP25 Reference Manuals
120		ATRIM1	STM32MP23 or STM32MP25 Reference Manuals
121		ATRIM2	STM32MP23 or STM32MP25 Reference Manuals
122		ATRIM3	STM32MP23 or STM32MP25 Reference Manuals
123		ATRIM4	STM32MP23 or STM32MP25 Reference Manuals
124		HCONF1	STM32MP23 or STM32MP25 Reference Manuals
125		MREPAIR1	STM32MP23 or STM32MP25 Reference Manuals
126		MREPAIR2	STM32MP23 or STM32MP25 Reference Manuals
127		MREPAIR3	STM32MP23 or STM32MP25 Reference Manuals

1.2. Middle OTP region[edit | edit source]

	For both TD flavor (A35-TD or M33-TD)
OTP word	Name	Description
128	STM32CERTIF0	STM32 chip certificate (public key)^{[key-formats 1]}
129	STM32CERTIF1	STM32 chip certificate (public key)^{[key-formats 1]}
130	STM32CERTIF2	STM32 chip certificate (public key)^{[key-formats 1]}
131	STM32CERTIF3	STM32 chip certificate (public key)^{[key-formats 1]}
132	STM32CERTIF4	STM32 chip certificate (public key)^{[key-formats 1]}
133	STM32CERTIF5	STM32 chip certificate (public key)^{[key-formats 1]}
134	STM32CERTIF6	STM32 chip certificate (public key)^{[key-formats 1]}
135	STM32CERTIF7	STM32 chip certificate (public key)^{[key-formats 1]}
136	STM32CERTIF8	STM32 chip certificate (public key)^{[key-formats 1]}
137	STM32CERTIF9	STM32 chip certificate (public key)^{[key-formats 1]}
138	STM32CERTIF10	STM32 chip certificate (public key)^{[key-formats 1]}
139	STM32CERTIF11	STM32 chip certificate (public key)^{[key-formats 1]}
140	STM32CERTIF12	STM32 chip certificate (public key)^{[key-formats 1]}
141	STM32CERTIF13	STM32 chip certificate (public key)^{[key-formats 1]}
142	STM32CERTIF14	STM32 chip certificate (public key)^{[key-formats 1]}
143	STM32CERTIF15	STM32 chip certificate (public key)^{[key-formats 1]}
144	OEM_KEY1_ROT0	OEM Key1 Root of Trust Hash^{[key-formats 1]}
145	OEM_KEY1_ROT1	OEM Key1 Root of Trust Hash^{[key-formats 1]}
146	OEM_KEY1_ROT2	OEM Key1 Root of Trust Hash^{[key-formats 1]}
147	OEM_KEY1_ROT3	OEM Key1 Root of Trust Hash^{[key-formats 1]}
148	OEM_KEY1_ROT4	OEM Key1 Root of Trust Hash^{[key-formats 1]}
149	OEM_KEY1_ROT5	OEM Key1 Root of Trust Hash^{[key-formats 1]}
150	OEM_KEY1_ROT6	OEM Key1 Root of Trust Hash^{[key-formats 1]}
151	OEM_KEY1_ROT7	OEM Key1 Root of Trust Hash^{[key-formats 1]}
152	OEM_KEY2_ROT0	OEM Key2 Root of Trust Hash^{[key-formats 1]}^{[fsblm-keys 1]}
153	OEM_KEY2_ROT1	OEM Key2 Root of Trust Hash^{[key-formats 1]}^{[fsblm-keys 1]}
154	OEM_KEY2_ROT2	OEM Key2 Root of Trust Hash^{[key-formats 1]}^{[fsblm-keys 1]}
155	OEM_KEY2_ROT3	OEM Key2 Root of Trust Hash^{[key-formats 1]}^{[fsblm-keys 1]}
156	OEM_KEY2_ROT4	OEM Key2 Root of Trust Hash^{[key-formats 1]}^{[fsblm-keys 1]}
157	OEM_KEY2_ROT5	OEM Key2 Root of Trust Hash^{[key-formats 1]}^{[fsblm-keys 1]}
158	OEM_KEY2_ROT6	OEM Key2 Root of Trust Hash^{[key-formats 1]}^{[fsblm-keys 1]}
159	OEM_KEY2_ROT7	OEM Key2 Root of Trust Hash^{[key-formats 1]}^{[fsblm-keys 1]}
160	STM32PUBKEY0	STM32 chip public key^{[key-formats 1]}
161	STM32PUBKEY1	STM32 chip public key^{[key-formats 1]}
162	STM32PUBKEY2	STM32 chip public key^{[key-formats 1]}
163	STM32PUBKEY3	STM32 chip public key^{[key-formats 1]}
164	STM32PUBKEY4	STM32 chip public key^{[key-formats 1]}
165	STM32PUBKEY5	STM32 chip public key^{[key-formats 1]}
166	STM32PUBKEY6	STM32 chip public key^{[key-formats 1]}
167	STM32PUBKEY7	STM32 chip public key^{[key-formats 1]}
168	STM32PUBKEY8	STM32 chip public key^{[key-formats 1]}
169	STM32PUBKEY9	STM32 chip public key^{[key-formats 1]}
170	STM32PUBKEY10	STM32 chip public key^{[key-formats 1]}
171	STM32PUBKEY11	STM32 chip public key^{[key-formats 1]}
172	STM32PUBKEY12	STM32 chip public key^{[key-formats 1]}
173	STM32PUBKEY13	STM32 chip public key^{[key-formats 1]}
174	STM32PUBKEY14	STM32 chip public key^{[key-formats 1]}
175	STM32PUBKEY15	STM32 chip public key^{[key-formats 1]}

	A35-TD flavor		M33-TD flavor
OTP word	Name	Description	Name	Description
176^*	RPROC-FW-PKH0	Hash of the Public Key for remote processor firmware^{[key-formats 2]}
177^*	RPROC-FW-PKH1	Hash of the Public Key for remote processor firmware^{[key-formats 2]}
178^*	RPROC-FW-PKH2	Hash of the Public Key for remote processor firmware^{[key-formats 2]}
179^*	RPROC-FW-PKH3	Hash of the Public Key for remote processor firmware^{[key-formats 2]}
180^*	RPROC-FW-PKH4	Hash of the Public Key for remote processor firmware^{[key-formats 2]}
181^*	RPROC-FW-PKH5	Hash of the Public Key for remote processor firmware^{[key-formats 2]}
182^*	RPROC-FW-PKH6	Hash of the Public Key for remote processor firmware^{[key-formats 2]}
183^*	RPROC-FW-PKH7	Hash of the Public Key for remote processor firmware^{[key-formats 2]}
184^*			FSBLM-M33-FW-PKH0	Hash of the Public Key for M33TDCID M33 Firmware^{[key-formats 2]}
185^*			FSBLM-M33-FW-PKH1	Hash of the Public Key for M33TDCID M33 Firmware^{[key-formats 2]}
186^*			FSBLM-M33-FW-PKH2	Hash of the Public Key for M33TDCID M33 Firmware^{[key-formats 2]}
187^*			FSBLM-M33-FW-PKH3	Hash of the Public Key for M33TDCID M33 Firmware^{[key-formats 2]}
188^*			FSBLM-M33-FW-PKH4	Hash of the Public Key for M33TDCID M33 Firmware^{[key-formats 2]}
189^*			FSBLM-M33-FW-PKH5	Hash of the Public Key for M33TDCID M33 Firmware^{[key-formats 2]}
190^*			FSBLM-M33-FW-PKH6	Hash of the Public Key for M33TDCID M33 Firmware^{[key-formats 2]}
191^*			FSBLM-M33-FW-PKH7	Hash of the Public Key for M33TDCID M33 Firmware^{[key-formats 2]}
192^*			FSBLM-DDR-FW-PKH0	Hash of the Public Key for M33TDCID DDR Firmware^{[key-formats 2]}
193^*			FSBLM-DDR-FW-PKH1	Hash of the Public Key for M33TDCID DDR Firmware^{[key-formats 2]}
194^*			FSBLM-DDR-FW-PKH2	Hash of the Public Key for M33TDCID DDR Firmware^{[key-formats 2]}
195^*			FSBLM-DDR-FW-PKH3	Hash of the Public Key for M33TDCID DDR Firmware^{[key-formats 2]}
196^*			FSBLM-DDR-FW-PKH4	Hash of the Public Key for M33TDCID DDR Firmware^{[key-formats 2]}
197^*			FSBLM-DDR-FW-PKH5	Hash of the Public Key for M33TDCID DDR Firmware^{[key-formats 2]}
198^*			FSBLM-DDR-FW-PKH6	Hash of the Public Key for M33TDCID DDR Firmware^{[key-formats 2]}
199^*			FSBLM-DDR-FW-PKH7	Hash of the Public Key for M33TDCID DDR Firmware^{[key-formats 2]}
200^*			FSBLM-A35-FW-PKH0	Hash of the Public Key for M33TDCID A35 bare metal Firmware^{[key-formats 2]}
201^*			FSBLM-A35-FW-PKH1	Hash of the Public Key for M33TDCID A35 bare metal Firmware^{[key-formats 2]}
202^*			FSBLM-A35-FW-PKH2	Hash of the Public Key for M33TDCID A35 bare metal Firmware^{[key-formats 2]}
203^*			FSBLM-A35-FW-PKH3	Hash of the Public Key for M33TDCID A35 bare metal Firmware^{[key-formats 2]}
204^*			FSBLM-A35-FW-PKH4	Hash of the Public Key for M33TDCID A35 bare metal Firmware^{[key-formats 2]}
205^*			FSBLM-A35-FW-PKH5	Hash of the Public Key for M33TDCID A35 bare metal Firmware^{[key-formats 2]}
206^*			FSBLM-A35-FW-PKH6	Hash of the Public Key for M33TDCID A35 bare metal Firmware^{[key-formats 2]}
207^*			FSBLM-A35-FW-PKH7	Hash of the Public Key for M33TDCID A35 bare metal Firmware^{[key-formats 2]}
208 to 245	Available for customer

*For OTP word from 176 to 207 : In Reference manual, those OTP words are available for customer but they have been used in OpenSTLinux distribution.

	For both TD flavor (A35-TD or M33-TD)
OTP word	Name	Description
246^*	ST_BOARD_ID	Identifier for ST boards (or available to customer for their own board)
247^*	MAC_ADDR_0	Mac address ^{[coding 1]}
248^*	MAC_ADDR_1	Mac address ^{[coding 1]}
249^*	MAC_ADDR_2	Mac address ^{[coding 1]}
250^*	MAC_ADDR_3	Mac address ^{[coding 1]}
251^*	MAC_ADDR_4	Mac address ^{[coding 1]}
252^*	MAC_ADDR_5	Mac address ^{[coding 1]}
253^*	MAC_ADDR_6	Mac address ^{[coding 1]}
254^*	MAC_ADDR_7	Mac address ^{[coding 1]}
255	ST_RSSE_EDMK_DERIV_CSTE_FUSE (SoC dependent)	STM32MP23 or STM32MP25 Reference Manuals

*For OTP word from 246 to 254 : In Reference manual, those OTP words are available for customer but they have been used in OpenSTLinux distribution.

1.3. Upper OTP region[edit | edit source]

	For both TD flavor (A35-TD or M33-TD)
OTP word	Name	Description
256^*	OTP_RMA_LOCK_PSWD0	RMA lock password (128 bit)
257^*	OTP_RMA_LOCK_PSWD1	RMA lock password (128 bit)
258^*	OTP_RMA_LOCK_PSWD2	RMA lock password (128 bit)
259^*	OTP_RMA_LOCK_PSWD3	RMA lock password (128 bit)
260^**	FIP-EDMK0	FIP encryption decryption master key (256-bit)^{[key-formats 1]}
261^**	FIP-EDMK1	FIP encryption decryption master key (256-bit)^{[key-formats 1]}
262^**	FIP-EDMK2	FIP encryption decryption master key (256-bit)^{[key-formats 1]}
263^**	FIP-EDMK3	FIP encryption decryption master key (256-bit)^{[key-formats 1]}
264^**	FIP-EDMK4	FIP encryption decryption master key (256-bit)^{[key-formats 1]}
265^**	FIP-EDMK5	FIP encryption decryption master key (256-bit)^{[key-formats 1]}
266^**	FIP-EDMK6	FIP encryption decryption master key (256-bit)^{[key-formats 1]}
267^**	FIP-EDMK7	FIP encryption decryption master key (256-bit)^{[key-formats 1]}
268 to 335	OEM Secrets available for customer

* For OTP word from 256 to 259 : SoC dependent, to be filled by customer.
**For OTP word from 260 to 267 : In Reference manual, those OTP words are available for customer but they have been used in OpenSTLinux distribution.

	A35-TD flavor		M33-TD flavor
OTP word	Name	Description	Name	Description
336^*	RPROC-FW-ENC-KEY0	Encryption/Decryption Key for remote processor firmware^{[key-formats 2]}
337^*	RPROC-FW-ENC-KEY1	Encryption/Decryption Key for remote processor firmware^{[key-formats 2]}
338^*	RPROC-FW-ENC-KEY2	Encryption/Decryption Key for remote processor firmware^{[key-formats 2]}
339^*	RPROC-FW-ENC-KEY3	Encryption/Decryption Key for remote processor firmware^{[key-formats 2]}
340^*	RPROC-FW-ENC-KEY4	Encryption/Decryption Key for remote processor firmware^{[key-formats 2]}
341^*	RPROC-FW-ENC-KEY5	Encryption/Decryption Key for remote processor firmware^{[key-formats 2]}
342^*	RPROC-FW-ENC-KEY6	Encryption/Decryption Key for remote processor firmware^{[key-formats 2]}
343	RPROC-FW-ENC-KEY7	Encryption/Decryption Key for remote processor firmware^{[key-formats 2]}
344^*	COPRO_MAINKEY0	Coprocessor main key
345^*	COPRO_MAINKEY1	Coprocessor main key
346^*	COPRO_MAINKEY2	Coprocessor main key
347^*	COPRO_MAINKEY3	Coprocessor main key
348^*	COPRO_MAINKEY4	Coprocessor main key
349^*	COPRO_MAINKEY5	Coprocessor main key
350^*	COPRO_MAINKEY6	Coprocessor main key
351^*	COPRO_MAINKEY7	Coprocessor main key

*For OTP word from 336 to 351 : In Reference manual, those OTP words are available for customer but they have been used in OpenSTLinux distribution.

	For both TD flavor (A35-TD or M33-TD)
OTP word	Name	Description
352^*	TF-M IAK0	Initial attestation 256-bit key (Symmetric or Asymmetric key)^{[key-formats 2]}
353^*	TF-M IAK1	Initial attestation 256-bit key (Symmetric or Asymmetric key)^{[key-formats 2]}
354^*	TF-M IAK2	Initial attestation 256-bit key (Symmetric or Asymmetric key)^{[key-formats 2]}
355^*	TF-M IAK3	Initial attestation 256-bit key (Symmetric or Asymmetric key)^{[key-formats 2]}
356^*	TF-M IAK4	Initial attestation 256-bit key (Symmetric or Asymmetric key)^{[key-formats 2]}
357^*	TF-M IAK5	Initial attestation 256-bit key (Symmetric or Asymmetric key)^{[key-formats 2]}
358^*	TF-M IAK6	Initial attestation 256-bit key (Symmetric or Asymmetric key)^{[key-formats 2]}
359^*	TF-M IAK7	Initial attestation 256-bit key (Symmetric or Asymmetric key)^{[key-formats 2]}
360^**	OEM_KEY2_EDMK0	OEM master key used to derive FSBLM decryption key (Optional)^{[key-formats 1]}^{[fsblm-keys 1]}
361^**	OEM_KEY2_EDMK1	OEM master key used to derive FSBLM decryption key (Optional)^{[key-formats 1]}^{[fsblm-keys 1]}
362^**	OEM_KEY2_EDMK2	OEM master key used to derive FSBLM decryption key (Optional)^{[key-formats 1]}^{[fsblm-keys 1]}
363^**	OEM_KEY2_EDMK3	OEM master key used to derive FSBLM decryption key (Optional)^{[key-formats 1]}^{[fsblm-keys 1]}
364^**	OEM_KEY1_EDMK0	OEM master key used to derive FSBLA or M decryption key^{[key-formats 1]}
365^**	OEM_KEY1_EDMK1	OEM master key used to derive FSBLA or M decryption key^{[key-formats 1]}
366^**	OEM_KEY1_EDMK2	OEM master key used to derive FSBLA or M decryption key^{[key-formats 1]}
367^**	OEM_KEY1_EDMK3	OEM master key used to derive FSBLA or M decryption key^{[key-formats 1]}
368	STM32PRVKEY0	STM32 chip private key (ST)
369	STM32PRVKEY1	STM32 chip private key (ST)
370	STM32PRVKEY2	STM32 chip private key (ST)
371	STM32PRVKEY3	STM32 chip private key (ST)
372	STM32PRVKEY4	STM32 chip private key (ST)
373	STM32PRVKEY5	STM32 chip private key (ST)
374	STM32PRVKEY6	STM32 chip private key (ST)
375	STM32PRVKEY7	STM32 chip private key (ST)
376	HWKEY0	Secret hardware unique key
377	HWKEY1	Secret hardware unique key
378	HWKEY2	Secret hardware unique key
379	HWKEY3	Secret hardware unique key
380	HWKEY4	Secret hardware unique key
381	HWKEY5	Secret hardware unique key
382	HWKEY6	Secret hardware unique key
383	HWKEY7	Secret hardware unique key

*For OTP word from 352 to 359 : In Reference manual, those OTP words are available for customer but they have been used in OpenSTLinux distribution.
**For OTP word from 360 to 367 : reserved for BootRom, to be filled by customer

2. References[edit | edit source]

2.1. Key storage in OTP[edit | edit source]

Keys are represented as a string of byte to be stored in consecutive OTP words.

For example, a 64-bit key (0xAABBCCDDEEFF5566) is stored into two consecutive OTP words KEY0 and KEY1.

A key is stored in OTP words using one of the following formats:

↑ ^1.00 ^1.01 ^1.02 ^1.03 ^1.04 ^1.05 ^1.06 ^1.07 ^1.08 ^1.09 ^1.10 ^1.11 ^1.12 ^1.13 ^1.14 ^1.15 ^1.16 ^1.17 ^1.18 ^1.19 ^1.20 ^1.21 ^1.22 ^1.23 ^1.24 ^1.25 ^1.26 ^1.27 ^1.28 ^1.29 ^1.30 ^1.31 ^1.32 ^1.33 ^1.34 ^1.35 ^1.36 ^1.37 ^1.38 ^1.39 ^1.40 ^1.41 ^1.42 ^1.43 ^1.44 ^1.45 ^1.46 ^1.47 ^1.48 ^1.49 ^1.50 ^1.51 ^1.52 ^1.53 ^1.54 ^1.55 ^1.56 ^1.57 ^1.58 ^1.59 ^1.60 ^1.61 ^1.62 ^1.63
KEY0 = 0xAABBCCDD, KEY1 = 0xEEFF5566
↑ ^2.00 ^2.01 ^2.02 ^2.03 ^2.04 ^2.05 ^2.06 ^2.07 ^2.08 ^2.09 ^2.10 ^2.11 ^2.12 ^2.13 ^2.14 ^2.15 ^2.16 ^2.17 ^2.18 ^2.19 ^2.20 ^2.21 ^2.22 ^2.23 ^2.24 ^2.25 ^2.26 ^2.27 ^2.28 ^2.29 ^2.30 ^2.31 ^2.32 ^2.33 ^2.34 ^2.35 ^2.36 ^2.37 ^2.38 ^2.39 ^2.40 ^2.41 ^2.42 ^2.43 ^2.44 ^2.45 ^2.46 ^2.47
KEY0 = 0xDDCCBBAA, KEY1 = 0x6655FFEE

2.2. MAC address[edit | edit source]

↑ ^1.0 ^1.1 ^1.2 ^1.3 ^1.4 ^1.5 ^1.6 ^1.7
Mac addresses are stored as octets list using the following coding convention:
- OTP 247: mac_addr_1[4 first octets]
- OTP 248: mac_addr_2[2 first octets] | mac_addr_1[2 last octets]
- OTP 249: mac_addr_2[4 last octets]
- OTP 250: mac_addr_3[4 first octets]
- ...
Example: 247 = 0xE37AE710 / 248 = 0xE710F495 / 249 = 0xF595E37A
- mac_addr1 : 10:E7:7A:E3:95:F4
- mac_addr2 : 10:E7:7A:E3:95:F5
- ...
Each MAC address is associated in U-Boot to an ethernet device with alias in device tree: ethernet0, ethernet1, ...
On STM32MP257F-EV1 Evaluation board the ETH2 use the first mac address (ethernet0 = &eth2), ETH1 use the second mac address (ethernet1 = &eth1).
On STM32MP257F-DK Discovery kit the ETH1 use the first mac address (ethernet0 = &eth1).
On the default mapping the MAC 3, 4 and 5 are assigned to TSN switch (depending on product version).
A unused MAC address (for example when TSN is not used) should be set to FF:FF:FF:FF:FF:FF, to avoids the trace "invalid MAC address" in U-Boot.

2.3. FSBL-M keys[edit | edit source]

↑ ^1.00 ^1.01 ^1.02 ^1.03 ^1.04 ^1.05 ^1.06 ^1.07 ^1.08 ^1.09 ^1.10 ^1.11 ^1.12
By default STM32MP23x lines and STM32MP25x lines use OEM_KEY1_ROT and OEM_KEY1_EDMK for FSBLA and FSBLM. To use the dedicated FSBLM keys (OEM_KEY2_ROT and OEM_KEY2_EDMK) you must program bit 8 from OTP17.

[key-format1-2] 1.00 ^1.01 ^1.02 ^1.03 ^1.04 ^1.05 ^1.06 ^1.07 ^1.08 ^1.09 ^1.10 ^1.11 ^1.12 ^1.13 ^1.14 ^1.15 ^1.16 ^1.17 ^1.18 ^1.19 ^1.20 ^1.21 ^1.22 ^1.23 ^1.24 ^1.25 ^1.26 ^1.27 ^1.28 ^1.29 ^1.30 ^1.31 ^1.32 ^1.33 ^1.34 ^1.35 ^1.36 ^1.37 ^1.38 ^1.39 ^1.40 ^1.41 ^1.42 ^1.43 ^1.44 ^1.45 ^1.46 ^1.47 ^1.48 ^1.49 ^1.50 ^1.51 ^1.52 ^1.53 ^1.54 ^1.55 ^1.56 ^1.57 ^1.58 ^1.59 ^1.60 ^1.61 ^1.62 ^1.63
KEY0 = 0xAABBCCDD, KEY1 = 0xEEFF5566

[key-format2-3] 2.00 ^2.01 ^2.02 ^2.03 ^2.04 ^2.05 ^2.06 ^2.07 ^2.08 ^2.09 ^2.10 ^2.11 ^2.12 ^2.13 ^2.14 ^2.15 ^2.16 ^2.17 ^2.18 ^2.19 ^2.20 ^2.21 ^2.22 ^2.23 ^2.24 ^2.25 ^2.26 ^2.27 ^2.28 ^2.29 ^2.30 ^2.31 ^2.32 ^2.33 ^2.34 ^2.35 ^2.36 ^2.37 ^2.38 ^2.39 ^2.40 ^2.41 ^2.42 ^2.43 ^2.44 ^2.45 ^2.46 ^2.47
KEY0 = 0xDDCCBBAA, KEY1 = 0x6655FFEE

[macaddr-4] 1.0 ^1.1 ^1.2 ^1.3 ^1.4 ^1.5 ^1.6 ^1.7
Mac addresses are stored as octets list using the following coding convention:
OTP 247: mac_addr_1[4 first octets]

OTP 248: mac_addr_2[2 first octets] | mac_addr_1[2 last octets]

OTP 249: mac_addr_2[4 last octets]

OTP 250: mac_addr_3[4 first octets]

...
Example: 247 = 0xE37AE710 / 248 = 0xE710F495 / 249 = 0xF595E37A
mac_addr1 : 10:E7:7A:E3:95:F4

mac_addr2 : 10:E7:7A:E3:95:F5

...
Each MAC address is associated in U-Boot to an ethernet device with alias in device tree: ethernet0, ethernet1, ...
On STM32MP257F-EV1 Evaluation board the ETH2 use the first mac address (ethernet0 = &eth2), ETH1 use the second mac address (ethernet1 = &eth1).
On STM32MP257F-DK Discovery kit the ETH1 use the first mac address (ethernet0 = &eth1).
On the default mapping the MAC 3, 4 and 5 are assigned to TSN switch (depending on product version).
A unused MAC address (for example when TSN is not used) should be set to FF:FF:FF:FF:FF:FF, to avoids the trace "invalid MAC address" in U-Boot.

[4] OTP 247: mac_addr_1[4 first octets]

[5] OTP 248: mac_addr_2[2 first octets] | mac_addr_1[2 last octets]

[6] OTP 249: mac_addr_2[4 last octets]

[7] OTP 250: mac_addr_3[4 first octets]

[8] ...

[9] _addr1 : 10:E7:7A:E3:95:F4

[10] _addr2 : 10:E7:7A:E3:95:F5

[11] ...

[fsblm-key-enable-1] 1.00 ^1.01 ^1.02 ^1.03 ^1.04 ^1.05 ^1.06 ^1.07 ^1.08 ^1.09 ^1.10 ^1.11 ^1.12
By default STM32MP23x lines and STM32MP25x lines use OEM_KEY1_ROT and OEM_KEY1_EDMK for FSBLA and FSBLM. To use the dedicated FSBLM keys (OEM_KEY2_ROT and OEM_KEY2_EDMK) you must program bit 8 from OTP17.

[fsblm-keys 1]

[key-formats 1]

[key-formats 2]

[coding 1]