Last edited one week ago

STM32MP23-25 OTP mapping

Applicable for STM32MP23x lines, STM32MP25x lines

1. OTP memory mapping[edit | edit source]

The table below gives an overview of the BSEC OTP memory mapping with useful information in the context of this Wiki reading. It gives the global mapping view including the SoC restricted layout (immutable) and the additional ecosystem choice that is used with OpenSTLinux ecosystem.

  • OTP words 0 to 127 are called lower OTP and are bit wise programmable.
  • OTP words 128 to 255 are called middle OTP and are bulk programmable.
  • OTP words 256 to 383 are called upper OTP and are bulk programmable. These OTP are the one where sensitive information (such as password or private keys) must be stored.


Further information for the words and fields that are not explicitly described here can be found in the reference manual.

1.1. Lower OTP region[edit | edit source]

For both TD flavor (A35-TD or M33-TD) More info green.png
OTP word Bit field (size) Name Description
0 OTP_HW_WORD0 OTP Check Word (virgin -> non virgin)
1 OTP_HW_WORD1 OTP Security word to close security state BSECXW
2 OTP_HW_WORD2 OTP Word for re-opening via RMA password : RMA bits
3 OTP_HW_WORD3 OTP Word for re-opening via RMA password : RMA tries bits
4 OTP_HW_WORD4 OTP word for TK retries (ECIES) and retention cell disabling
5 ID0 ID0 for Engineering purposes
6 ID1 ID1 for Engineering purposes
7 ID2 ID2 for Engineering purposes
8 Reserved
9 RPN_CODING STM32MP23 or STM32MP25 Reference Manuals
10 BOOTROM_CONFIG_1 0-0 (1 bit) Reserved
1-1 (1 bit) stkeyprov ecies ok Status of ECIES ST key provisionning when it was attempted.
  • 0: ECIES ST key provisionning last attempt was failed
  • 1: ECIES ST key provisionning last attempt was successfull
2-2 (1 bit) stkeyprov hwkey done ST HW key provisionning done
  • 0: HWKEY not provisionned
  • 1: HWKEY was provisioned
6-3 (4 bits) Reserved
14-7 (8 bits) Security counter Security counter involved in productID for chip certificate verification by HSM-OEM in RSSe_prov context
18-15 (4 bits) st pub key id ST ECDSA Public Key ID (ST Key Instance fuse part) involved in productID for chip certificate verification by HSM-OEM in RSSe_prov context
26-19 (8 bits) rssefw active signing key Eight possible ST public keys (ST key revocation feature for RSSe_FW authentication)
  • [1-0xFF] -> [1-8]: Value of monotonic counter is X where X is position of the most significant bit at 1.
31-27 (5 bits) Reserved
11 BOOTROM_CONFIG_2 4-0 (5 bits) Reserved
5-5 (1 bit) no cpu pll CPU PLL usage
  • 0: PLLs for CPU/AXI are enable for cold boot.
  • 1: PLLs for CPU/AXI are not enable for cold boot
9-6 (4 bits) Reserved
14-10 (5 bits) Disable uart Disable UART instances
  • 0b00001: disable USART2
  • 0b00010: disable UART5
  • 0b00100: disable UART6
  • 0b01000: disable UART8
  • 0b10000: disable UART9
15-15 (1 bit) No data cache Data cache usage
  • 0: Data cache is used by bootrom.
  • 1: Data cache is not used by bootrom.
23-16 (8 bits) Boot source disable Each bit disable a boot source.

Default to UART if all disabled.

  • 0b00000001: disable FMC boot source.
  • 0b00000010: disable QSPI NOR boot source.
  • 0b00000100: disable eMMC boot source.
  • 0b00001000: disable SD boot source.
  • 0b00010000: disable UART boot source.
  • 0b00100000: disable USB boot source.
  • 0b01000000: disable QSPI NAND boot source.
  • 0b10000000: disable QSPI HyperFlash boot source.
25-24 (2 bits) Bootpins layout sel Bootpins layout selection
  • [0-3]: Select one among the four possible bootpins layout
29-26 (4 bits) Boot source sel Boot source selection
  • [0-15]: Select one among the 16 possible boot source of the selected bootpins layout
31-30 (2 bits) Reserved
12 BOOTROM_CONFIG_3 31-0 (32 bits) oem fsbla monotonic counter OEM FSBL-A image version monotonic counter
  • [1-0xFFFFFFFF] -> [1-32]: Value of monotonic counter is X where X is position of the most significant bit at 1.
13 BOOTROM_CONFIG_4 31-0 (32 bits) Reserved
14 BOOTROM_CONFIG_5 31-0 (32 bits) Reserved
15 BOOTROM_CONFIG_6 31-0 (32 bits) Reserved
16 BOOTROM_CONFIG_7 0-0 (1 bit) Disable traces Disable bootROM traces
  • 0: bootROM traces are enabled
  • 1: bootROM traces are disabled
1-1 (1 bit) Disable hse freq detect Disable HSE frequency autodetection
  • 0: HSE frequency autodetection is enabled
  • 1: HSE frequency autodetection is disabled
2-2 (1 bit) Disable hse bypass detect Disable HSE bypass detection
  • 0: HSE bypass detection is enabled
  • 1: HSE bypass detection is disabled
3-3 (1 bit) Disable blocking failure traces Disable traces done by blocking failure process
  • 0: blocking failure traces are enabled
  • 1: blocking failure traces are disabled
4-4 (1 bit) a35 mode Select a35 architecture mode
  • 0: FSBL-A is AArch64
  • 1: FSBL-A is AArch32
5-5 (1 bit) fmc force sw reset FMC is used by CA35 to connect a NAND and by CM33 to connect a NOR or PSRAM
  • 0: Use RCC to reset FMC
  • 1: Use sw procedure to reset FMC witout impacting CM33
6-6 (1 bit) Emergency debug req Emergency debug request
  • 0: emergency debug is not requested
  • 1: emergency debug is requested
7-7 (1 bit) emmc 128k boot partition Support eMMC with 128Kb boot partition
  • 0: bootROM does not support eMMC with 128Kb boot partition.
  • 1: bootROM supports eMMC with 128Kb boot partition.
8-8 (1 bit) fsbl decrypt prio FSBL decryption priority (speed or security)
  • 0: use CRYP (fast but no DPA protection)
  • 1: use SAES (slow but DPA protection))
9-9 (1 bit) iomgr port IO manager port selection
  • 0: select IOM port1
  • 1: select IOM port2
10-10 (1 bit) iomgr muxen IO manager port muxing enable
  • 0: IOM muxing disabled
  • 1: IOM muxing enabled
13-11 (3 bits) HSE value HSE value
  • 0b000: HSE value is autodetected among 16, 20, 24, 28, 32, 36, 40, 48MHz
  • 0b001: HSE = 24MHz
  • 0b010: HSE = 25MHz
  • 0b011: HSE = 26MHz
  • 0b100 (19_2 Mhz): HSE = 19.2MHz
  • 0b101: HSE = 40MHz
  • 0b110: HSE = 48MHz
  • 0b111: Reserved
14-14 (1 bit) snand need plane select 1 NAND parameters bank1 - Serial NAND plane selection
  • 0: Serial NAND plane select is not needed.
  • 1: Serial NAND plane select is need
17-15 (3 bits) pnand number of ecc bits 1 NAND parameters bank1 - Number of Error Correction Code (ECC) bits
  • 0: ECC unset.
  • 1: ECC 1bit (Hamming).
  • 2: ECC 4bit (BCH4).
  • 3: ECC 8bit (BCH8).
  • 4: on-die ECC.
18-18 (1 bit) pnand bus width 1 NAND parameters bank1 - Parallel NAND data witdh
  • 0: data width is 8 bits
  • 1: data width is 16 bits
26-19 (8 bits) nand nb of blocks 1 NAND parameters bank1 - Number of blocks in unit of 256 blocks
  • [1-256]: Number of block = 256 * value
28-27 (2 bits) nand block size 1 NAND parameters bank1 - Block size in number of pages
  • 0: 64 pages per block.
  • 1: 128 pages per block.
  • 2: 256 pages per block
30-29 (2 bits) nand page size 1 NAND parameters bank1 - Page size
  • 0: 2Kbytes.
  • 1: 4Kbytes.
  • 2: 8Kbytes
31-31 (1 bit) pnand param stored in otp Parallel NAND parameters stored in OTP bank1 or bank2
  • 0: BootROM uses ONFI parameter table to get parallel nand parameters.
  • 1: parallel nand parameters are defined in bank1 or bank2, depending on nand_config_distribution value.
17 BOOTROM_CONFIG_8 7-0 (8 bits) oem active signing key1 Eight possible OEM public keys (OEM key revocation feature for OEM-FSBL authentication)
  • [1-256] -> [1-8]: Value of monotonic counter is X where X is position of the most significant bit at 1.
8-8 (1 bit) oem keys2 enable Enable second ECDSA OEM key set for FSBL-M authentication and decryption[fsblm-keys 1]
  • 0: keys2 are not used; keys1 are used for both FSBLA and FSBLM
  • 1: keys2 are enabled; keys1 are used for FSBLA; keys2 are used for FSBLM
31-16 (16 bits) Reserved
18 BOOTROM_CONFIG_9 3-0 (4 bits) secure boot Enable enforced secure boot
  • 0: Chip is in CLOSED_UNLOCKED state. Secure boot is not enforced (FSBL authentication is not mandatory).
  • [1-15]: Chip is in CLOSED_LOCKED state. Secure boot is enforced (FSBL authentication is mandatory)
7-4 (4 bits) prov done RSSE provisioning done
  • 0: RSSE provisioning is not done
  • [1-15]: RSSE provisioning is done
11-8 (4 bits) debug lock Lock debug enabling until next reset when chip is CLOSED-LOCKED
  • 0: Don't lock debug enabling
  • [1-15]: Lock debug enabling
15-12 (4 bits) otp prov done RSSe OTP provisioning done
  • 0: RSSe OTP provisioning is not done
  • [1-15]: RSSe OTP provisioning part done, used to manage RSSe extension issue
21-16 (6 bits) nb added stsecrets nb of OTP words located in upper area [360-nb_added_stsecrets..359] that were provisionned (in encrypted mode) with ST secrets. Those will be decoded and used by RSSE fw. Coding up to 64 ST secrets to provision in EWS (with DEV_BOOT).
25-22 (4 bits) rsse nb attempts Monotonic counter to check the number of RSSe retry when an issue occurred during the provisioning process. The number is limited to four retries.
31-26 (6 bits) Reserved
19 BOOTROM_CONFIG_10 31-0 (32 bits) oem_fsblm_monotonic_counter Monotonic version number of OEM-FSBL
  • [1-0xFFFFFFFF] -> [1-32]: Value of monotonic counter is X where X is position of the most significant bit at 1.
20 BOOTROM_CONFIG_11 0-0 (1 bit) nand config distribution NAND configurations distribution
  • 0: pNAND config in nand*_2 fields / sNAND config in nand*_1 fields
  • 1: pNAND config in nand*_1 fields / sNAND config in nand*_2 fields
1-1 (1 bit) snand need plane select 2 idem BOOTROM_CONFIG_7.snand_need_plane_select_1
4-2 (3 bits) pnand number of ecc bits 2 idem BOOTROM_CONFIG_7.pnand_number_of_ecc_bits_1
5-5 (1 bit) pnand bus width 2 idem BOOTROM_CONFIG_7.pnand_bus_width_1
13-6 (8 bits) nand nb of blocks 2 idem BOOTROM_CONFIG_7.nand_nb_of_blocks_1
15-14 (2 bits) nand block size 2 idem BOOTROM_CONFIG_7.nand_block_size_1
17-16 (2 bits) nand page size 2 idem BOOTROM_CONFIG_7.nand_page_size_1
18-18 (1 bit) hyperflash 3V3 device Is HyperFlash a 3.3 V device
  • 0: No
  • 1: Yes
21-19 (3 bits) rng htcr value RNG HTCR value
  • 0: default value, RNG HTCR not modified
  • 1: 0xA2B3
  • 2: 0xAA74
  • 3: 0xA6BA
  • 4: 0x9AAE
  • 5: 0x72AC
  • 6: 0xAAC7
  • other: default value, RNG HTCR not modified
22-22 (1 bit) ospi io speed ovrw OSPI IO speed overwrite enable
  • 0: OSPI io speed is not overwritten by otp configuration
  • 1: OSPI io speed is overwritten by otp configuration
24-23 (2 bits) ospi io speed clk nclk OSPI IO speed of clk nclk IO
  • 0b00: low speed.
  • 0b01: medium speed.
  • 0b10: high speed
  • 0b11: very high speed
26-25 (2 bits) ospi io speed data cs OSPI IO speed of CS IO
  • 0b00: low speed.
  • 0b01: medium speed.
  • 0b10: high speed
  • 0b11: very high speed
31-27 (5 bits) Reserved
21 BOOTROM_CONFIG_12 31-0 (32 bits) rssefw version monotonic counter Monotonic version number of RSSe FW
  • [1-0xFFFF] -> [1-32]: Value of monotonic counter is X where X is position of the most significant bit at 1.
22 BOOTROM_CONFIG_13 7-0 (8 bits) oem active signing key2 Eight possible OEM public keys (OEM key revocation feature for OEM-FSBL authentication)
  • [1-256] -> [1-8]: Value of monotonic counter is X where X is position of the most significant bit at 1.
31-8 (24 bits) Reserved
23 to 101 Available for customer
102 ID STM32MP23 or STM32MP25 Reference Manuals
103 CRC_HSM STM32MP23 or STM32MP25 Reference Manuals
104 CAL1 STM32MP23 or STM32MP25 Reference Manuals
105 CAL2 STM32MP23 or STM32MP25 Reference Manuals
106 CAL3 STM32MP23 or STM32MP25 Reference Manuals
107 CAL4 STM32MP23 or STM32MP25 Reference Manuals
108 CAL5 STM32MP23 or STM32MP25 Reference Manuals
109 CAL6 STM32MP23 or STM32MP25 Reference Manuals
110 CAL7 STM32MP23 or STM32MP25 Reference Manuals
111 CAL8 STM32MP23 or STM32MP25 Reference Manuals
112 ENGI1 STM32MP23 or STM32MP25 Reference Manuals
113 ENGI2 STM32MP23 or STM32MP25 Reference Manuals
114 ENGI3 STM32MP23 or STM32MP25 Reference Manuals
115 ENGI4 STM32MP23 or STM32MP25 Reference Manuals
116 ENGI5 STM32MP23 or STM32MP25 Reference Manuals
117 ENGI6 STM32MP23 or STM32MP25 Reference Manuals
118 ENGI7 STM32MP23 or STM32MP25 Reference Manuals
119 ENGI8 STM32MP23 or STM32MP25 Reference Manuals
120 ATRIM1 STM32MP23 or STM32MP25 Reference Manuals
121 ATRIM2 STM32MP23 or STM32MP25 Reference Manuals
122 ATRIM3 STM32MP23 or STM32MP25 Reference Manuals
123 ATRIM4 STM32MP23 or STM32MP25 Reference Manuals
124 HCONF1 STM32MP23 or STM32MP25 Reference Manuals
125 MREPAIR1 STM32MP23 or STM32MP25 Reference Manuals
126 MREPAIR2 STM32MP23 or STM32MP25 Reference Manuals
127 MREPAIR3 STM32MP23 or STM32MP25 Reference Manuals

1.2. Middle OTP region[edit | edit source]

For both TD flavor (A35-TD or M33-TD) More info green.png
OTP word Name Description
128 STM32CERTIF0 STM32 chip certificate (public key)[key-formats 1]
129 STM32CERTIF1 STM32 chip certificate (public key)[key-formats 1]
130 STM32CERTIF2 STM32 chip certificate (public key)[key-formats 1]
131 STM32CERTIF3 STM32 chip certificate (public key)[key-formats 1]
132 STM32CERTIF4 STM32 chip certificate (public key)[key-formats 1]
133 STM32CERTIF5 STM32 chip certificate (public key)[key-formats 1]
134 STM32CERTIF6 STM32 chip certificate (public key)[key-formats 1]
135 STM32CERTIF7 STM32 chip certificate (public key)[key-formats 1]
136 STM32CERTIF8 STM32 chip certificate (public key)[key-formats 1]
137 STM32CERTIF9 STM32 chip certificate (public key)[key-formats 1]
138 STM32CERTIF10 STM32 chip certificate (public key)[key-formats 1]
139 STM32CERTIF11 STM32 chip certificate (public key)[key-formats 1]
140 STM32CERTIF12 STM32 chip certificate (public key)[key-formats 1]
141 STM32CERTIF13 STM32 chip certificate (public key)[key-formats 1]
142 STM32CERTIF14 STM32 chip certificate (public key)[key-formats 1]
143 STM32CERTIF15 STM32 chip certificate (public key)[key-formats 1]
144 OEM_KEY1_ROT0 OEM Key1 Root of Trust Hash[key-formats 1]
145 OEM_KEY1_ROT1 OEM Key1 Root of Trust Hash[key-formats 1]
146 OEM_KEY1_ROT2 OEM Key1 Root of Trust Hash[key-formats 1]
147 OEM_KEY1_ROT3 OEM Key1 Root of Trust Hash[key-formats 1]
148 OEM_KEY1_ROT4 OEM Key1 Root of Trust Hash[key-formats 1]
149 OEM_KEY1_ROT5 OEM Key1 Root of Trust Hash[key-formats 1]
150 OEM_KEY1_ROT6 OEM Key1 Root of Trust Hash[key-formats 1]
151 OEM_KEY1_ROT7 OEM Key1 Root of Trust Hash[key-formats 1]
152 OEM_KEY2_ROT0 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
153 OEM_KEY2_ROT1 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
154 OEM_KEY2_ROT2 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
155 OEM_KEY2_ROT3 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
156 OEM_KEY2_ROT4 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
157 OEM_KEY2_ROT5 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
158 OEM_KEY2_ROT6 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
159 OEM_KEY2_ROT7 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
160 STM32PUBKEY0 STM32 chip public key[key-formats 1]
161 STM32PUBKEY1 STM32 chip public key[key-formats 1]
162 STM32PUBKEY2 STM32 chip public key[key-formats 1]
163 STM32PUBKEY3 STM32 chip public key[key-formats 1]
164 STM32PUBKEY4 STM32 chip public key[key-formats 1]
165 STM32PUBKEY5 STM32 chip public key[key-formats 1]
166 STM32PUBKEY6 STM32 chip public key[key-formats 1]
167 STM32PUBKEY7 STM32 chip public key[key-formats 1]
168 STM32PUBKEY8 STM32 chip public key[key-formats 1]
169 STM32PUBKEY9 STM32 chip public key[key-formats 1]
170 STM32PUBKEY10 STM32 chip public key[key-formats 1]
171 STM32PUBKEY11 STM32 chip public key[key-formats 1]
172 STM32PUBKEY12 STM32 chip public key[key-formats 1]
173 STM32PUBKEY13 STM32 chip public key[key-formats 1]
174 STM32PUBKEY14 STM32 chip public key[key-formats 1]
175 STM32PUBKEY15 STM32 chip public key[key-formats 1]



A35-TD flavor More info green.png M33-TD flavor More info green.png
OTP word Name Description Name Description
176* RPROC-FW-PKH0 Hash of the Public Key for remote processor firmware[key-formats 2]
177* RPROC-FW-PKH1 Hash of the Public Key for remote processor firmware[key-formats 2]
178* RPROC-FW-PKH2 Hash of the Public Key for remote processor firmware[key-formats 2]
179* RPROC-FW-PKH3 Hash of the Public Key for remote processor firmware[key-formats 2]
180* RPROC-FW-PKH4 Hash of the Public Key for remote processor firmware[key-formats 2]
181* RPROC-FW-PKH5 Hash of the Public Key for remote processor firmware[key-formats 2]
182* RPROC-FW-PKH6 Hash of the Public Key for remote processor firmware[key-formats 2]
183* RPROC-FW-PKH7 Hash of the Public Key for remote processor firmware[key-formats 2]
184* FSBLM-M33-FW-PKH0 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
185* FSBLM-M33-FW-PKH1 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
186* FSBLM-M33-FW-PKH2 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
187* FSBLM-M33-FW-PKH3 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
188* FSBLM-M33-FW-PKH4 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
189* FSBLM-M33-FW-PKH5 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
190* FSBLM-M33-FW-PKH6 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
191* FSBLM-M33-FW-PKH7 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
192* FSBLM-DDR-FW-PKH0 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
193* FSBLM-DDR-FW-PKH1 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
194* FSBLM-DDR-FW-PKH2 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
195* FSBLM-DDR-FW-PKH3 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
196* FSBLM-DDR-FW-PKH4 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
197* FSBLM-DDR-FW-PKH5 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
198* FSBLM-DDR-FW-PKH6 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
199* FSBLM-DDR-FW-PKH7 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
200* FSBLM-A35-FW-PKH0 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
201* FSBLM-A35-FW-PKH1 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
202* FSBLM-A35-FW-PKH2 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
203* FSBLM-A35-FW-PKH3 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
204* FSBLM-A35-FW-PKH4 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
205* FSBLM-A35-FW-PKH5 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
206* FSBLM-A35-FW-PKH6 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
207* FSBLM-A35-FW-PKH7 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
208 to 245 Available for customer

*For OTP word from 176 to 207 : In Reference manual, those OTP words are available for customer but they have been used in OpenSTLinux distribution.


For both TD flavor (A35-TD or M33-TD) More info green.png
OTP word Name Description
246* ST_BOARD_ID Identifier for ST boards (or available to customer for their own board)
247* MAC_ADDR_0 Mac address [coding 1]
248* MAC_ADDR_1 Mac address [coding 1]
249* MAC_ADDR_2 Mac address [coding 1]
250* MAC_ADDR_3 Mac address [coding 1]
251* MAC_ADDR_4 Mac address [coding 1]
252* MAC_ADDR_5 Mac address [coding 1]
253* MAC_ADDR_6 Mac address [coding 1]
254* MAC_ADDR_7 Mac address [coding 1]
255 ST_RSSE_EDMK_DERIV_CSTE_FUSE (SoC dependent) STM32MP23 or STM32MP25 Reference Manuals

*For OTP word from 246 to 254 : In Reference manual, those OTP words are available for customer but they have been used in OpenSTLinux distribution.

1.3. Upper OTP region[edit | edit source]

For both TD flavor (A35-TD or M33-TD) More info green.png
OTP word Name Description
256* OTP_RMA_LOCK_PSWD0 RMA lock password (128 bit)
257* OTP_RMA_LOCK_PSWD1 RMA lock password (128 bit)
258* OTP_RMA_LOCK_PSWD2 RMA lock password (128 bit)
259* OTP_RMA_LOCK_PSWD3 RMA lock password (128 bit)
260** FIP-EDMK0 FIP encryption decryption master key (256-bit)[key-formats 1]
261** FIP-EDMK1 FIP encryption decryption master key (256-bit)[key-formats 1]
262** FIP-EDMK2 FIP encryption decryption master key (256-bit)[key-formats 1]
263** FIP-EDMK3 FIP encryption decryption master key (256-bit)[key-formats 1]
264** FIP-EDMK4 FIP encryption decryption master key (256-bit)[key-formats 1]
265** FIP-EDMK5 FIP encryption decryption master key (256-bit)[key-formats 1]
266** FIP-EDMK6 FIP encryption decryption master key (256-bit)[key-formats 1]
267** FIP-EDMK7 FIP encryption decryption master key (256-bit)[key-formats 1]
268 to 335 OEM Secrets available for customer

* For OTP word from 256 to 259 : SoC dependent, to be filled by customer.
**For OTP word from 260 to 267 : In Reference manual, those OTP words are available for customer but they have been used in OpenSTLinux distribution.


A35-TD flavor More info green.png M33-TD flavor More info green.png
OTP word Name Description Name Description
336* RPROC-FW-ENC-KEY0 Encryption/Decryption Key for remote processor firmware[key-formats 2]
337* RPROC-FW-ENC-KEY1 Encryption/Decryption Key for remote processor firmware[key-formats 2]
338* RPROC-FW-ENC-KEY2 Encryption/Decryption Key for remote processor firmware[key-formats 2]
339* RPROC-FW-ENC-KEY3 Encryption/Decryption Key for remote processor firmware[key-formats 2]
340* RPROC-FW-ENC-KEY4 Encryption/Decryption Key for remote processor firmware[key-formats 2]
341* RPROC-FW-ENC-KEY5 Encryption/Decryption Key for remote processor firmware[key-formats 2]
342* RPROC-FW-ENC-KEY6 Encryption/Decryption Key for remote processor firmware[key-formats 2]
343 RPROC-FW-ENC-KEY7 Encryption/Decryption Key for remote processor firmware[key-formats 2]
344* COPRO_MAINKEY0 Coprocessor main key
345* COPRO_MAINKEY1 Coprocessor main key
346* COPRO_MAINKEY2 Coprocessor main key
347* COPRO_MAINKEY3 Coprocessor main key
348* COPRO_MAINKEY4 Coprocessor main key
349* COPRO_MAINKEY5 Coprocessor main key
350* COPRO_MAINKEY6 Coprocessor main key
351* COPRO_MAINKEY7 Coprocessor main key

*For OTP word from 336 to 351 : In Reference manual, those OTP words are available for customer but they have been used in OpenSTLinux distribution.


For both TD flavor (A35-TD or M33-TD) More info green.png
OTP word Name Description
352* TF-M IAK0 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
353* TF-M IAK1 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
354* TF-M IAK2 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
355* TF-M IAK3 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
356* TF-M IAK4 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
357* TF-M IAK5 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
358* TF-M IAK6 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
359* TF-M IAK7 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
360** OEM_KEY2_EDMK0 OEM master key used to derive FSBLM decryption key (Optional)[key-formats 1][fsblm-keys 1]
361** OEM_KEY2_EDMK1 OEM master key used to derive FSBLM decryption key (Optional)[key-formats 1][fsblm-keys 1]
362** OEM_KEY2_EDMK2 OEM master key used to derive FSBLM decryption key (Optional)[key-formats 1][fsblm-keys 1]
363** OEM_KEY2_EDMK3 OEM master key used to derive FSBLM decryption key (Optional)[key-formats 1][fsblm-keys 1]
364** OEM_KEY1_EDMK0 OEM master key used to derive FSBLA or M decryption key[key-formats 1]
365** OEM_KEY1_EDMK1 OEM master key used to derive FSBLA or M decryption key[key-formats 1]
366** OEM_KEY1_EDMK2 OEM master key used to derive FSBLA or M decryption key[key-formats 1]
367** OEM_KEY1_EDMK3 OEM master key used to derive FSBLA or M decryption key[key-formats 1]
368 STM32PRVKEY0 STM32 chip private key (ST)
369 STM32PRVKEY1 STM32 chip private key (ST)
370 STM32PRVKEY2 STM32 chip private key (ST)
371 STM32PRVKEY3 STM32 chip private key (ST)
372 STM32PRVKEY4 STM32 chip private key (ST)
373 STM32PRVKEY5 STM32 chip private key (ST)
374 STM32PRVKEY6 STM32 chip private key (ST)
375 STM32PRVKEY7 STM32 chip private key (ST)
376 HWKEY0 Secret hardware unique key
377 HWKEY1 Secret hardware unique key
378 HWKEY2 Secret hardware unique key
379 HWKEY3 Secret hardware unique key
380 HWKEY4 Secret hardware unique key
381 HWKEY5 Secret hardware unique key
382 HWKEY6 Secret hardware unique key
383 HWKEY7 Secret hardware unique key

*For OTP word from 352 to 359 : In Reference manual, those OTP words are available for customer but they have been used in OpenSTLinux distribution.
**For OTP word from 360 to 367 : reserved for BootRom, to be filled by customer

2. References[edit | edit source]


2.1. Key storage in OTP[edit | edit source]

Keys are represented as a string of byte to be stored in consecutive OTP words.

For example, a 64-bit key (0xAABBCCDDEEFF5566) is stored into two consecutive OTP words KEY0 and KEY1.

A key is stored in OTP words using one of the following formats:

2.2. MAC address[edit | edit source]

  1. 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7
    Mac addresses are stored as octets list using the following coding convention:
    • OTP 247: mac_addr_1[4 first octets]
    • OTP 248: mac_addr_2[2 first octets] | mac_addr_1[2 last octets]
    • OTP 249: mac_addr_2[4 last octets]
    • OTP 250: mac_addr_3[4 first octets]
    • ...
    Example: 247 = 0xE37AE710 / 248 = 0xE710F495 / 249 = 0xF595E37A
    • mac_addr1 : 10:E7:7A:E3:95:F4
    • mac_addr2 : 10:E7:7A:E3:95:F5
    • ...
    Each MAC address is associated in U-Boot to an ethernet device with alias in device tree: ethernet0, ethernet1, ...
    On STM32MP257F-EV1 Evaluation board More info green.png the ETH2 use the first mac address (ethernet0 = &eth2), ETH1 use the second mac address (ethernet1 = &eth1).
    On STM32MP257F-DK Discovery kit More info green.png the ETH1 use the first mac address (ethernet0 = &eth1).
    On the default mapping the MAC 3, 4 and 5 are assigned to TSN switch (depending on product version).
    A unused MAC address (for example when TSN is not used) should be set to FF:FF:FF:FF:FF:FF, to avoids the trace "invalid MAC address" in U-Boot.

2.3. FSBL-M keys[edit | edit source]

  1. 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 1.12
    By default STM32MP23x lines More info.png and STM32MP25x lines More info.png use OEM_KEY1_ROT and OEM_KEY1_EDMK for FSBLA and FSBLM. To use the dedicated FSBLM keys (OEM_KEY2_ROT and OEM_KEY2_EDMK) you must program bit 8 from OTP17.