Last edited 16 hours ago

STM32MP23-25 OTP mapping

Applicable for STM32MP23x lines  STM32MP25x lines


1. Memory mapping[edit | edit source]

The table below gives an overview of the BSEC OTP memory mapping with useful information in the context of this Wiki reading. It gives the global mapping view including the SoC restricted layout (immutable) and the additional ecosystem choice that is used with OpenSTLinux ecosystem.
OTP words 0 to 127 are called lower OTP and are bit wise programmable.
OTP words 128 to 255 are called middle OTP and are bulk programmable.
OTP words 256 to 383 are called upper OTP and are bulk programmable. These OTP are the one where sensitive information (such as password or private keys) must be stored.

Further information for the words and fields that are not explicitly described here can be found in the reference manual.

OTP word Bit field (size) Name Description
Lower OTP region
0 OTP_HW_WORD0 OTP check word (virgin -> non virgin)
1 OTP_HW_WORD1 OTP Security word to close security state
2 OTP_HW_WORD2 OTP word for re-opening (CLOSE->OPEN) via RMA password : RMA bits
3 OTP_HW_WORD3 OTP word for re-opening (CLOSE->OPEN) via RMA password : RMA tries bits
4 OTP_HW_WORD4 OTP word for TK retries (ECIES) and retention cell disabling
5 ID0 ID0 for Engineering purposes
6 ID1 ID1 for Engineering purposes
7 ID2 ID2 for Engineering purposes
8 Reserved -
9 RPN_CODING STM32MP23 or STM32MP25 Reference Manuals
10 BOOTROM_CONFIG_1 0-0 (1 bit) reserved not used yet
1-1 (1 bit) stkeyprov ecies ok Status of ECIES ST key provisionning when it was attempted.
  • 0 : ECIES ST key provisionning last attempt was failed
  • 1 : ECIES ST key provisionning last attempt was successfull
2-2 (1 bit) stkeyprov hwkey done ST HW Key provisionning done
  • 0 : HWKEY not provisionned
  • 1 : HWKEY was provisioned
6-3 (4 bits) reserved not used yet
14-7 (8 bits) security counter security counter involved in productID for chip certificate verification by HSM-OEM in RSSe_prov context
18-15 (4 bits) st pub key id ST ECDSA Public Key ID (ST Key Instance fuse part) involved in productID for chip certificate verification by HSM-OEM in RSSe_prov context
26-19 (8 bits) rssefw active signing key 8 possible ST public keys (ST key revocation feature for RSSe_FW authentication)
  • [1-0xFF] -> [1-8] : Value of monotonic counter is X where X is position of the most significant bit at 1.
31-27 (5 bits) reserved not used yet
11 BOOTROM_CONFIG_2 4-0 (5 bits) reserved reserved
5-5 (1 bit) no cpu pll CPU PLL usage
  • 0 : PLLs for CPU/AXI are enable for cold boot.
  • 1 : PLLs for CPU/AXI are not enable for cold boot
9-6 (4 bits) unused
14-10 (5 bits) disable uart Disable UART instances
  • 0b00001 : disable USART2
  • 0b00010 : disable UART5
  • 0b00100 : disable UART6
  • 0b01000 : disable UART8
  • 0b10000 : disable UART9
15-15 (1 bit) no data cache Data cache usage
  • 0 : Data cache is used by bootrom.
  • 1 : Data cache is not used by bootrom.
23-16 (8 bits) boot source disable Each bit disable a boot source.

Default to UART if all disabled.

  • 0b00001 : disable FMC boot source.
  • 0b00010 : disable QSPI NOR boot source.
  • 0b00100 : disable eMMC boot source.
  • 0b01000 : disable SD boot source.
  • 0b10000 : disable UART boot source.
25-24 (2 bits) bootpins layout sel Bootpins layout selection
  • [0-3] : Select one among the three possible bootpins layout
29-26 (4 bits) boot source sel Boot source selection
  • [0-15] : Select one among the 16 possible boot source of the selected bootpins layout
31-30 (2 bits) reserved reserved
12 BOOTROM_CONFIG_3 31-0 (32 bits) oem fsbla monotonic counter OEM FSBL-A image version monotonic counter
  • [1-0xFFFFFFFF] -> [1-32] : Value of monotonic counter is X where X is position of the most significant bit at 1.
13 BOOTROM_CONFIG_4 31-0 (32 bits) reserved reserved
14 BOOTROM_CONFIG_5 31-0 (32 bits) reserved reserved
15 BOOTROM_CONFIG_6 31-0 (32 bits) reserved reserved
16 BOOTROM_CONFIG_7 0-0 (1 bit) disable traces Disable bootROM traces
  • 0 : bootROM traces are enabled
  • 1 : bootROM traces are disabled
1-1 (1 bit) disable hse freq detect Disable HSE frequency autodetection
  • 0 : HSE frequency autodetection is enabled
  • 1 : HSE frequency autodetection is disabled
2-2 (1 bit) disable hse bypass detect Disable HSE bypass detection
  • 0 : HSE bypass detection is enabled
  • 1 : HSE bypass detection is disabled
3-3 (1 bit) disable blocking failure traces Disable traces done by blocking failure process
  • 0 : blocking failure traces are enabled
  • 1 : blocking failure traces are disabled
4-4 (1 bit) a35 mode Select a35 architecture mode
  • 0 : FSBL-A is AArch64
  • 1 : FSBL-A is AArch32
5-5 (1 bit) fmc force sw reset FMC is used by CA35 to connect a NAND and by CM33 to connect a NOR or PSRAM
  • 0 : Use RCC to reset FMC
  • 1 : Use sw procedure to reset FMC witout impacting CM33
6-6 (1 bit) emergency debug req Emergency debug request
  • 0 : emergency debug is not requested
  • 1 : emergency debug is requested
7-7 (1 bit) emmc 128k boot partition Support eMMC with 128Kb boot partition
  • 0 : bootROM does not support eMMC with 128Kb boot partition.
  • 1 : bootROM supports eMMC with 128Kb boot partition.
8-8 (1 bit) fsbl decrypt prio FSBL decryption priority (speed or security)
  • 0 : use CRYP (fast but no DPA protection)
  • 1 : use SAES (slow but DPA protection))
9-9 (1 bit) iomgr port IO manager port selection
  • 0 : select IOM port1
  • 1 : select IOM port2
10-10 (1 bit) iomgr muxen IO manager port muxing enable
  • 0 : IOM muxing disabled
  • 1 : IOM muxing enabled
13-11 (3 bits) HSE value HSE value
  • 0b000 : HSE value is autodetected among 16, 20, 24, 28, 32, 36, 40, 48MHz
  • 0b001 : HSE = 24MHz
  • 0b010 : HSE = 25MHz
  • 0b011 : HSE = 26MHz
  • 0b100 (19_2 Mhz)  : HSE = 19.2MHz
  • 0b101 : HSE = 40MHz
  • 0b110 : HSE = 48MHz
  • 0b111 : Reserved
14-14 (1 bit) snand need plane select 1 NAND parameters bank1 - Serial NAND plane selection
  • 0 : Serial NAND plane select is not needed.
  • 1 : Serial NAND plane select is need
17-15 (3 bits) pnand number of ecc bits 1 NAND parameters bank1 - Number of Error Correction Code (ECC) bits
  • 0 : ECC unset.
  • 1 : ECC 1bit (Hamming).
  • 2 : ECC 4bit (BCH4).
  • 3 : ECC 8bit (BCH8).
  • 4 : on-die ECC.
18-18 (1 bit) pnand bus width 1 NAND parameters bank1 - Parallel NAND data witdh
  • 0 : data width is 8 bits
  • 1 : data width is 16 bits
26-19 (8 bits) nand nb of blocks 1 NAND parameters bank1 - Number of blocks in unit of 256 blocks
  • [1-256] : Number of block = 256 * value
28-27 (2 bits) nand block size 1 NAND parameters bank1 - Block size
  • [1-4] : Block size in number of pages
30-29 (2 bits) nand page size 1 NAND parameters bank1 - Number of pages
  • 0 : 64 pages per block.
  • 1 : 128 pages per block.
  • 2 : 256 pages per block
31-31 (1 bit) pnand param stored in otp Parallel NAND parameters stored in OTP bank1 or bank2
  • 0 : BootROM uses ONFI parameter table to get parallel nand parameters.
  • 1 : parallel nand parameters are defined in bank1 or bank2, depending on nand_config_distribution value.
17 BOOTROM_CONFIG_8 7-0 (8 bits) oem active signing key1 8 possible OEM public keys (OEM key revocation feature for OEM-FSBL authentication)
  • [1-256] -> [1-8] : Value of monotonic counter is X where X is position of the most significant bit at 1.
8-8 (1 bit) oem keys2 enable Enable second ECDSA OEM key set for FSBL-M authentication and decryption[fsblm-keys 1]
  • 0 : keys2 are not used ; keys1 are used for both FSBLA and FSBLM
  • 1 : keys2 are enabled ; keys1 are used for FSBLA ; keys2 are used for FSBLM
31-16 (16 bits) reserved reserved
18 BOOTROM_CONFIG_9 3-0 (4 bits) secure boot Enable enforced secure boot
  • 0 : chip is in CLOSED_UNLOCKED state. Secure boot is not enforced (FSBL authentication is not mandatory).
  • [1-15] : chip is in CLOSED_LOCKED state. Secure boot is enforced (FSBL authentication is mandatory)
7-4 (4 bits) prov done RSSE provisioning done
  • 0 : RSSE provisioning is not done
  • [1-15] : RSSE provisioning is done
11-8 (4 bits) debug lock Lock debug enabling until next reset when chip is CLOSED-LOCKED
  • 0 : don't lock debug enabling
  • [1-15] : lock debug enabling
15-12 (4 bits) otp prov done RSSe OTP provisioning done
  • 0 : RSSe OTP provisioning is not done
  • [1-15] : RSSe OTP provisioning part done, used to manage RSSe extension issue
21-16 (6 bits) nb added stsecrets nb of OTP words located in upper area [360-nb_added_stsecrets..359] that were provisionned (in encrypted mode) with ST secrets. Those will be decoded and used by RSSE fw. Coding up to 64 ST secrets to provision in EWS (with DEV_BOOT)
25-22 (4 bits) rsse nb attempts Monotonic counter to check the number of RSSe retry when an issue occurred during the provisioning process. The number is limited to 4 retries.
31-26 (6 bits) reserved reserved
19 BOOTROM_CONFIG_10 31-0 (32 bits) oem keys2 enable monotonic version number of OEM-FSBL
  • [1-0xFFFFFFFF] -> [1-32] : Value of monotonic counter is X where X is position of the most significant bit at 1.
20 BOOTROM_CONFIG_11 0-0 (1 bit) nand config distribution NAND configurations distribution
  • 0 : pNAND config in nand*_2 fields / sNAND config in nand*_1 fields
  • 1 : pNAND config in nand*_1 fields / sNAND config in nand*_2 fields
1-1 (1 bit) snand need plane select 2 idem BOOTROM_CONFIG_7.snand_need_plane_select_1
4-2 (3 bits) pnand number of ecc bits 2 idem BOOTROM_CONFIG_7.pnand_number_of_ecc_bits_1
5-5 (1 bit) pnand bus width 2 idem BOOTROM_CONFIG_7.pnand_bus_width_1
13-6 (8 bits) nand nb of blocks 2 idem BOOTROM_CONFIG_7.nand_nb_of_blocks_1
15-14 (2 bits) nand block size 2 idem BOOTROM_CONFIG_7.nand_block_size_1
17-16 (2 bits) nand page size 2 idem BOOTROM_CONFIG_7.nand_page_size_1
18-18 (1 bit) hyperflash 3V3 device is HyperFlash a 3.3V device
  • 0 : no
  • 1 : yes
21-19 (3 bits) rng htcr value RNG HTCR value
  • 0 : default value, RNG HTCR not modified
  • 1 : 0xA2B3
  • 2 : 0xAA74
  • 3 : 0xA6BA
  • 4 : 0x9AAE
  • 5 : 0x72AC
  • 6 : 0xAAC7
  • other : default value, RNG HTCR not modified
22-22 (1 bit) ospi io speed ovrw OSPI IO speed overwrite enable
  • 0 : OSPI io speed is not overwritten by otp configuration
  • 1 : OSPI io speed is overwritten by otp configuration
24-23 (2 bits) ospi io speed clk nclk OSPI IO speed of clk nclk IO
  • 0b00 : low speed.
  • 0b01 : medium speed.
  • 0b10 : high speed
  • 0b11 : very high speed
26-25 (2 bits) ospi io speed data cs OSPI IO speed of CS IO
  • 0b00 : low speed.
  • 0b01 : medium speed.
  • 0b10 : high speed
  • 0b11 : very high speed
31-27 (5 bits) reserved reserved
21 BOOTROM_CONFIG_12 31-0 (32 bits) rssefw version monotonic counter monotonic version number of RSSe FW
  • [1-0xFFFF] -> [1-32] : Value of monotonic counter is X where X is position of the most significant bit at 1.
22 BOOTROM_CONFIG_13 7-0 (8 bits) oem active signing key2 8 possible OEM public keys (OEM key revocation feature for OEM-FSBL authentication)
  • [1-256] -> [1-8] : Value of monotonic counter is X where X is position of the most significant bit at 1.
31-8 (24 bits) reserved reserved
23 Reserved -
24 Reserved -
25 Reserved -
26 Reserved -
27 Reserved -
28 Reserved -
29 Reserved -
30 Reserved -
31 Reserved -
32 Reserved -
33 Reserved -
34 Reserved -
35 Reserved -
36 Reserved -
37 Reserved -
38 Reserved -
39 Reserved -
40 Reserved -
41 Reserved -
42 Reserved -
43 Reserved -
44 Reserved -
45 Reserved -
46 Reserved -
47 Reserved -
48 Reserved -
49 Reserved -
50 Reserved -
51 Reserved -
52 Reserved -
53 Reserved -
54 Reserved -
55 Reserved -
56 Reserved -
57 Reserved -
58 Reserved -
59 Reserved -
60 Reserved -
61 Reserved -
62 Reserved -
63 Reserved -
64 Reserved -
65 Reserved -
66 Reserved -
67 Reserved -
68 Reserved -
69 Reserved -
70 Reserved -
71 Reserved -
72 Reserved -
73 Reserved -
74 Reserved -
75 Reserved -
76 Reserved -
77 Reserved -
78 Reserved -
79 Reserved -
80 Reserved -
81 Reserved -
82 Reserved -
83 Reserved -
84 Reserved -
85 Reserved -
86 Reserved -
87 Reserved -
88 Reserved -
89 Reserved -
90 Reserved -
91 Reserved -
92 Reserved -
93 Reserved -
94 Reserved -
95 Reserved -
96 Reserved -
97 Reserved -
98 Reserved -
99 Reserved -
100 Reserved -
101 Reserved -
102 Reserved -
103 CRC_HSM STM32MP23 or STM32MP25 Reference Manuals
104 CAL1 STM32MP23 or STM32MP25 Reference Manuals
105 CAL2 STM32MP23 or STM32MP25 Reference Manuals
106 CAL3 STM32MP23 or STM32MP25 Reference Manuals
107 CAL4 STM32MP23 or STM32MP25 Reference Manuals
108 CAL5 STM32MP23 or STM32MP25 Reference Manuals
109 CAL6 STM32MP23 or STM32MP25 Reference Manuals
110 CAL7 STM32MP23 or STM32MP25 Reference Manuals
111 CAL8 STM32MP23 or STM32MP25 Reference Manuals
112 ENGI1 STM32MP23 or STM32MP25 Reference Manuals
113 ENGI2 STM32MP23 or STM32MP25 Reference Manuals
114 ENGI3 STM32MP23 or STM32MP25 Reference Manuals
115 ENGI4 STM32MP23 or STM32MP25 Reference Manuals
116 ENGI5 STM32MP23 or STM32MP25 Reference Manuals
117 ENGI6 STM32MP23 or STM32MP25 Reference Manuals
118 ENGI7 STM32MP23 or STM32MP25 Reference Manuals
119 ENGI8 STM32MP23 or STM32MP25 Reference Manuals
120 ATRIM1 STM32MP23 or STM32MP25 Reference Manuals
121 ATRIM2 STM32MP23 or STM32MP25 Reference Manuals
122 ATRIM3 STM32MP23 or STM32MP25 Reference Manuals
123 ATRIM4 STM32MP23 or STM32MP25 Reference Manuals
124 HCONF1 STM32MP23 or STM32MP25 Reference Manuals
125 MREPAIR1 STM32MP23 or STM32MP25 Reference Manuals
126 MREPAIR2 STM32MP23 or STM32MP25 Reference Manuals
127 MREPAIR3 STM32MP23 or STM32MP25 Reference Manuals
Middle OTP region
128 STM32CERTIF0 STM32 chip certificate (public key)
129 STM32CERTIF1 STM32 chip certificate (public key)
130 STM32CERTIF2 STM32 chip certificate (public key)
131 STM32CERTIF3 STM32 chip certificate (public key)
132 STM32CERTIF4 STM32 chip certificate (public key)
133 STM32CERTIF5 STM32 chip certificate (public key)
134 STM32CERTIF6 STM32 chip certificate (public key)
135 STM32CERTIF7 STM32 chip certificate (public key)
136 STM32CERTIF8 STM32 chip certificate (public key)
137 STM32CERTIF9 STM32 chip certificate (public key)
138 STM32CERTIF10 STM32 chip certificate (public key)
139 STM32CERTIF11 STM32 chip certificate (public key)
140 STM32CERTIF12 STM32 chip certificate (public key)
141 STM32CERTIF13 STM32 chip certificate (public key)
142 STM32CERTIF14 STM32 chip certificate (public key)
143 STM32CERTIF15 STM32 chip certificate (public key)
144 OEM_KEY1_ROT0 OEM Key1 Root of Trust Hash
145 OEM_KEY1_ROT1 OEM Key1 Root of Trust Hash
146 OEM_KEY1_ROT2 OEM Key1 Root of Trust Hash
147 OEM_KEY1_ROT3 OEM Key1 Root of Trust Hash
148 OEM_KEY1_ROT4 OEM Key1 Root of Trust Hash
149 OEM_KEY1_ROT5 OEM Key1 Root of Trust Hash
150 OEM_KEY1_ROT6 OEM Key1 Root of Trust Hash
151 OEM_KEY1_ROT7 OEM Key1 Root of Trust Hash
152 OEM_KEY2_ROT0 OEM Key2 Root of Trust Hash[fsblm-keys 1]
153 OEM_KEY2_ROT1 OEM Key2 Root of Trust Hash[fsblm-keys 1]
154 OEM_KEY2_ROT2 OEM Key2 Root of Trust Hash[fsblm-keys 1]
155 OEM_KEY2_ROT3 OEM Key2 Root of Trust Hash[fsblm-keys 1]
156 OEM_KEY2_ROT4 OEM Key2 Root of Trust Hash[fsblm-keys 1]
157 OEM_KEY2_ROT5 OEM Key2 Root of Trust Hash[fsblm-keys 1]
158 OEM_KEY2_ROT6 OEM Key2 Root of Trust Hash[fsblm-keys 1]
159 OEM_KEY2_ROT7 OEM Key2 Root of Trust Hash[fsblm-keys 1]
160 STM32PUBKEY0 STM32 chip public key
161 STM32PUBKEY1 STM32 chip public key
162 STM32PUBKEY2 STM32 chip public key
163 STM32PUBKEY3 STM32 chip public key
164 STM32PUBKEY4 STM32 chip public key
165 STM32PUBKEY5 STM32 chip public key
166 STM32PUBKEY6 STM32 chip public key
167 STM32PUBKEY7 STM32 chip public key
168 STM32PUBKEY8 STM32 chip public key
169 STM32PUBKEY9 STM32 chip public key
170 STM32PUBKEY10 STM32 chip public key
171 STM32PUBKEY11 STM32 chip public key
172 STM32PUBKEY12 STM32 chip public key
173 STM32PUBKEY13 STM32 chip public key
174 STM32PUBKEY14 STM32 chip public key
175 STM32PUBKEY15 STM32 chip public key
176 available to customer
177 available to customer
178 available to customer
179 available to customer
180 available to customer
181 available to customer
182 available to customer
183 available to customer
184 available to customer
185 available to customer
186 available to customer
187 available to customer
188 available to customer
189 available to customer
190 available to customer
191 available to customer
192 available to customer
193 available to customer
194 available to customer
195 available to customer
196 available to customer
197 available to customer
198 available to customer
199 available to customer
200 available to customer
201 available to customer
202 available to customer
203 available to customer
204 available to customer
205 available to customer
206 available to customer
207 available to customer
208 available to customer
209 available to customer
210 available to customer
211 available to customer
212 available to customer
213 available to customer
214 available to customer
215 available to customer
216 available to customer
217 available to customer
218 available to customer
219 available to customer
220 available to customer
221 available to customer
222 available to customer
223 available to customer
224 available to customer
225 available to customer
226 available to customer
227 available to customer
228 available to customer
229 available to customer
230 available to customer
231 available to customer
232 available to customer
233 available to customer
234 available to customer
235 available to customer
236 available to customer
237 available to customer
238 available to customer
239 available to customer
240 available to customer
241 available to customer
242 available to customer
243 available to customer
244 available to customer
245 available to customer
246 ST_BOARD_ID Identifier for ST boards (available to customer on chip)
247 MAC_ADDR_0 Mac address [coding 1]
248 MAC_ADDR_1 Mac address [coding 1]
249 MAC_ADDR_2 Mac address [coding 1]
250 MAC_ADDR_3 Mac address [coding 1]
251 MAC_ADDR_4 Mac address [coding 1]
252 MAC_ADDR_5 Mac address [coding 1]
253 MAC_ADDR_6 Mac address [coding 1]
254 MAC_ADDR_7 Mac address [coding 1]
255 ST_RSSE_EDMK_DERIV_CSTE_FUSE STM32MP23 or STM32MP25 Reference Manuals
Upper OTP region
256 OTP_RMA_LOCK_PSWD0 RMA lock password (128 bit)
257 OTP_RMA_LOCK_PSWD1 RMA lock password (128 bit)
258 OTP_RMA_LOCK_PSWD2 RMA lock password (128 bit)
259 OTP_RMA_LOCK_PSWD3 RMA lock password (128 bit)
260 FIP-EDMK0 FIP encryption decryption master key (256-bit)
261 FIP-EDMK1 FIP encryption decryption master key (256-bit)
262 FIP-EDMK2 FIP encryption decryption master key (256-bit)
263 FIP-EDMK3 FIP encryption decryption master key (256-bit)
264 FIP-EDMK4 FIP encryption decryption master key (256-bit)
265 FIP-EDMK5 FIP encryption decryption master key (256-bit)
266 FIP-EDMK6 FIP encryption decryption master key (256-bit)
267 FIP-EDMK7 FIP encryption decryption master key (256-bit)
268 OEM Secrets available to customer
269 OEM Secrets available to customer
270 OEM Secrets available to customer
271 OEM Secrets available to customer
272 OEM Secrets available to customer
273 OEM Secrets available to customer
274 OEM Secrets available to customer
275 OEM Secrets available to customer
276 OEM Secrets available to customer
277 OEM Secrets available to customer
278 OEM Secrets available to customer
279 OEM Secrets available to customer
280 OEM Secrets available to customer
281 OEM Secrets available to customer
282 OEM Secrets available to customer
283 OEM Secrets available to customer
284 OEM Secrets available to customer
285 OEM Secrets available to customer
286 OEM Secrets available to customer
287 OEM Secrets available to customer
288 OEM Secrets available to customer
289 OEM Secrets available to customer
290 OEM Secrets available to customer
291 OEM Secrets available to customer
292 OEM Secrets available to customer
293 OEM Secrets available to customer
294 OEM Secrets available to customer
295 OEM Secrets available to customer
296 OEM Secrets available to customer
297 OEM Secrets available to customer
298 OEM Secrets available to customer
299 OEM Secrets available to customer
300 OEM Secrets available to customer
301 OEM Secrets available to customer
302 OEM Secrets available to customer
303 OEM Secrets available to customer
304 OEM Secrets available to customer
305 OEM Secrets available to customer
306 OEM Secrets available to customer
307 OEM Secrets available to customer
308 OEM Secrets available to customer
309 OEM Secrets available to customer
310 OEM Secrets available to customer
311 OEM Secrets available to customer
312 OEM Secrets available to customer
313 OEM Secrets available to customer
314 OEM Secrets available to customer
315 OEM Secrets available to customer
316 OEM Secrets available to customer
317 OEM Secrets available to customer
318 OEM Secrets available to customer
319 OEM Secrets available to customer
320 OEM Secrets available to customer
321 OEM Secrets available to customer
322 OEM Secrets available to customer
323 OEM Secrets available to customer
324 OEM Secrets available to customer
325 OEM Secrets available to customer
326 OEM Secrets available to customer
327 OEM Secrets available to customer
328 OEM Secrets available to customer
329 OEM Secrets available to customer
330 OEM Secrets available to customer
331 OEM Secrets available to customer
332 OEM Secrets available to customer
333 OEM Secrets available to customer
334 OEM Secrets available to customer
335 OEM Secrets available to customer
336 OEM Secrets available to customer
337 OEM Secrets available to customer
338 OEM Secrets available to customer
339 OEM Secrets available to customer
340 OEM Secrets available to customer
341 OEM Secrets available to customer
342 OEM Secrets available to customer
343 OEM Secrets available to customer
344 COPRO_MAINKEY0 Coprocessor main key
345 COPRO_MAINKEY1 Coprocessor main key
346 COPRO_MAINKEY2 Coprocessor main key
347 COPRO_MAINKEY3 Coprocessor main key
348 COPRO_MAINKEY4 Coprocessor main key
349 COPRO_MAINKEY5 Coprocessor main key
350 COPRO_MAINKEY6 Coprocessor main key
351 COPRO_MAINKEY7 Coprocessor main key
352 TF-M IAK0 Initial attestation 256-bit key (Symmetric or Asymmetric key)
353 TF-M IAK1 Initial attestation 256-bit key (Symmetric or Asymmetric key)
354 TF-M IAK2 Initial attestation 256-bit key (Symmetric or Asymmetric key)
355 TF-M IAK3 Initial attestation 256-bit key (Symmetric or Asymmetric key)
356 TF-M IAK4 Initial attestation 256-bit key (Symmetric or Asymmetric key)
357 TF-M IAK5 Initial attestation 256-bit key (Symmetric or Asymmetric key)
358 TF-M IAK6 Initial attestation 256-bit key (Symmetric or Asymmetric key)
359 TF-M IAK7 Initial attestation 256-bit key (Symmetric or Asymmetric key)
360 OEM_KEY2_EDMK0 OEM master key used to derive FSBLM decryption key (Optional)[fsblm-keys 1]
361 OEM_KEY2_EDMK1 OEM master key used to derive FSBLM decryption key (Optional)[fsblm-keys 1]
362 OEM_KEY2_EDMK2 OEM master key used to derive FSBLM decryption key (Optional)[fsblm-keys 1]
363 OEM_KEY2_EDMK3 OEM master key used to derive FSBLM decryption key (Optional)[fsblm-keys 1]
364 OEM_KEY1_EDMK0 OEM master key used to derive FSBLA or M decryption key
365 OEM_KEY1_EDMK1 OEM master key used to derive FSBLA or M decryption key
366 OEM_KEY1_EDMK2 OEM master key used to derive FSBLA or M decryption key
367 OEM_KEY1_EDMK3 OEM master key used to derive FSBLA or M decryption key
368 STM32PRVKEY0 STM32 chip private key (ST)
369 STM32PRVKEY1 STM32 chip private key (ST)
370 STM32PRVKEY2 STM32 chip private key (ST)
371 STM32PRVKEY3 STM32 chip private key (ST)
372 STM32PRVKEY4 STM32 chip private key (ST)
373 STM32PRVKEY5 STM32 chip private key (ST)
374 STM32PRVKEY6 STM32 chip private key (ST)
375 STM32PRVKEY7 STM32 chip private key (ST)
376 HWKEY0 Secret hardware unique key
377 HWKEY1 Secret hardware unique key
378 HWKEY2 Secret hardware unique key
379 HWKEY3 Secret hardware unique key
380 HWKEY4 Secret hardware unique key
381 HWKEY5 Secret hardware unique key
382 HWKEY6 Secret hardware unique key
383 HWKEY7 Secret hardware unique key
  1. 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 Mac addresses are stored as octets list using the following coding convention:
    • OTP 247: mac_addr_1[4 first octets]
    • OTP 248: mac_addr_2[2 first octets] | mac_addr_1[2 last octets]
    • OTP 249: mac_addr_2[4 last octets]
    • OTP 250: mac_addr_3[4 first octets]
    • ...
    Example: 247 = 0xE37AE710 / 248 = 0xE710F495 / 249 = 0xF595E37A
    • mac_addr1 : 10:E7:7A:E3:95:F4
    • mac_addr2 : 10:E7:7A:E3:95:F5
    • ...
    Each MAC address is associated in U-Boot to an ethernet device with alias in device tree: ethernet0, ethernet1, ...
    On STM32MP257F-EV1 Evaluation board More info green.png the ETH2 use the first mac address (ethernet0 = &eth2), ETH1 use the second mac address (ethernet1 = &eth1).
    On STM32MP257F-DK Discovery kit More info green.png the ETH1 use the first mac address (ethernet0 = &eth1).
    On the default mapping the MAC 3, 4 and 5 are assigned to TSN switch (depending on product version).
  1. 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 1.12 By default STM32MP25 and STM32MP23 SoCs use OEM_KEY1_ROT and OEM_KEY1_EDMK for FSBLA and FSBLM. To use the dedicated FSBLM keys (OEM_KEY2_ROT and OEM_KEY2_EDMK) you must program bit 8 from OTP17.