Last edited 3 days ago

STM32MP23-25 OTP mapping

(Redirected from STM32MP25 OTP mapping)

1. OTP memory mapping[edit | edit source]

The table below gives an overview of the BSEC OTP memory mapping with useful information in the context of this Wiki reading. It gives the global mapping view including the SoC restricted layout (immutable) and the additional ecosystem choice that is used with OpenSTLinux ecosystem.
OTP words 0 to 127 are called lower OTP and are bit wise programmable.
OTP words 128 to 255 are called middle OTP and are bulk programmable.
OTP words 256 to 383 are called upper OTP and are bulk programmable. These OTP are the one where sensitive information (such as password or private keys) must be stored.

Further information for the words and fields that are not explicitly described here can be found in the reference manual.

OTP word Bit field (size) Name Description
Lower OTP region
0 OTP_HW_WORD0 OTP Check Word (virgin -> non virgin)
1 OTP_HW_WORD1 OTP Security word to close security state BSECXW
2 OTP_HW_WORD2 OTP Word for re-opening via RMA password : RMA bits
3 OTP_HW_WORD3 OTP Word for re-opening via RMA password : RMA tries bits
4 OTP_HW_WORD4 OTP word for TK retries (ECIES) and retention cell disabling
5 ID0 ID0 for Engineering purposes
6 ID1 ID1 for Engineering purposes
7 ID2 ID2 for Engineering purposes
8 Reserved
9 RPN_CODING STM32MP23 or STM32MP25 Reference Manuals
10 BOOTROM_CONFIG_1 0-0 (1 bit) Reserved



1-1 (1 bit) stkeyprov ecies ok Status of ECIES ST key provisionning when it was attempted.
2-2 (1 bit) stkeyprov hwkey done ST HW key provisionning done
6-3 (4 bits) Reserved
14-7 (8 bits) Security counter Security counter involved in productID for chip certificate verification by HSM-OEM in RSSe_prov context
18-15 (4 bits) st pub key id ST ECDSA Public Key ID (ST Key Instance fuse part) involved in productID for chip certificate verification by HSM-OEM in RSSe_prov context


26-19 (8 bits) rssefw active signing key Eight possible ST public keys (ST key revocation feature for RSSe_FW authentication)
31-27 (5 bits)


Reserved
11 BOOTROM_CONFIG_2 4-0 (5 bits) Reserved






5-5 (1 bit) no cpu pll CPU PLL usage
9-6 (4 bits) Reserved
14-10 (5 bits) Disable uart Disable UART instances
15-15 (1 bit) No data cache Data cache usage
23-16 (8 bits) Boot source disable Each bit disable a boot source.

Default to UART if all disabled.

25-24 (2 bits) Bootpins layout sel Bootpins layout selection
29-26 (4 bits) Boot source sel Boot source selection
31-30 (2 bits) Reserved
12 BOOTROM_CONFIG_3 31-0 (32 bits) oem fsbla monotonic counter OEM FSBL-A image version monotonic counter
13 BOOTROM_CONFIG_4 31-0 (32 bits) Reserved






14 BOOTROM_CONFIG_5 31-0 (32 bits) Reserved
15 BOOTROM_CONFIG_6 31-0 (32 bits) Reserved
16 BOOTROM_CONFIG_7 0-0 (1 bit) Disable traces Disable bootROM traces
1-1 (1 bit) Disable hse freq detect Disable HSE frequency autodetection
2-2 (1 bit) Disable hse bypass detect Disable HSE bypass detection
3-3 (1 bit) Disable blocking failure traces Disable traces done by blocking failure process
4-4 (1 bit) a35 mode Select a35 architecture mode
5-5 (1 bit) fmc force sw reset FMC is used by CA35 to connect a NAND and by CM33 to connect a NOR or PSRAM
6-6 (1 bit) Emergency debug req Emergency debug request
7-7 (1 bit) emmc 128k boot partition Support eMMC with 128Kb boot partition
8-8 (1 bit) fsbl decrypt prio FSBL decryption priority (speed or security)
9-9 (1 bit) iomgr port IO manager port selection
10-10 (1 bit) iomgr muxen IO manager port muxing enable
13-11 (3 bits) HSE value HSE value
14-14 (1 bit) snand need plane select 1 NAND parameters bank1 - Serial NAND plane selection
17-15 (3 bits) pnand number of ecc bits 1 NAND parameters bank1 - Number of Error Correction Code (ECC) bits
18-18 (1 bit) pnand bus width 1 NAND parameters bank1 - Parallel NAND data witdh
26-19 (8 bits) nand nb of blocks 1 NAND parameters bank1 - Number of blocks in unit of 256 blocks
28-27 (2 bits) nand block size 1 NAND parameters bank1 - Block size in number of pages
30-29 (2 bits) nand page size 1 NAND parameters bank1 - Page size
31-31 (1 bit) pnand param stored in otp Parallel NAND parameters stored in OTP bank1 or bank2
17 BOOTROM_CONFIG_8 7-0 (8 bits) oem active signing key1 Eight possible OEM public keys (OEM key revocation feature for OEM-FSBL authentication)
8-8 (1 bit) oem keys2 enable Enable second ECDSA OEM key set for FSBL-M authentication and decryption[fsblm-keys 1]
31-16 (16 bits) Reserved
18 BOOTROM_CONFIG_9 3-0 (4 bits) secure boot Enable enforced secure boot
7-4 (4 bits) prov done RSSE provisioning done
11-8 (4 bits) debug lock Lock debug enabling until next reset when chip is CLOSED-LOCKED
15-12 (4 bits) otp prov done RSSe OTP provisioning done
21-16 (6 bits) nb added stsecrets nb of OTP words located in upper area [360-nb_added_stsecrets..359] that were provisionned (in encrypted mode) with ST secrets. Those will be decoded and used by RSSE fw. Coding up to 64 ST secrets to provision in EWS (with DEV_BOOT).
25-22 (4 bits) rsse nb attempts Monotonic counter to check the number of RSSe retry when an issue occurred during the provisioning process. The number is limited to four retries.



31-26 (6 bits) Reserved
19 BOOTROM_CONFIG_10 31-0 (32 bits) oem_fsblm_monotonic_counter Monotonic version number of OEM-FSBL
20 BOOTROM_CONFIG_11 0-0 (1 bit) nand config distribution NAND configurations distribution
1-1 (1 bit) snand need plane select 2 idem BOOTROM_CONFIG_7.snand_need_plane_select_1
4-2 (3 bits) pnand number of ecc bits 2 idem BOOTROM_CONFIG_7.pnand_number_of_ecc_bits_1
5-5 (1 bit) pnand bus width 2 idem BOOTROM_CONFIG_7.pnand_bus_width_1
13-6 (8 bits) nand nb of blocks 2 idem BOOTROM_CONFIG_7.nand_nb_of_blocks_1
15-14 (2 bits) nand block size 2 idem BOOTROM_CONFIG_7.nand_block_size_1
17-16 (2 bits) nand page size 2 idem BOOTROM_CONFIG_7.nand_page_size_1
18-18 (1 bit) hyperflash 3V3 device Is HyperFlash a 3.3 V device
21-19 (3 bits) rng htcr value RNG HTCR value
22-22 (1 bit) ospi io speed ovrw OSPI IO speed overwrite enable
24-23 (2 bits) ospi io speed clk nclk OSPI IO speed of clk nclk IO
26-25 (2 bits) ospi io speed data cs OSPI IO speed of CS IO
31-27 (5 bits) Reserved
21 BOOTROM_CONFIG_12 31-0 (32 bits) rssefw version monotonic counter Monotonic version number of RSSe FW
22 BOOTROM_CONFIG_13 7-0 (8 bits) oem active signing key2 Eight possible OEM public keys (OEM key revocation feature for OEM-FSBL authentication)
31-8 (24 bits) Reserved
23 Available for customer
24 Available for customer
25 Available for customer
26 Available for customer
27 Available for customer
28 Available for customer
29 Available for customer
30 Available for customer
31 Available for customer
32 Available for customer
33 Available for customer
34 Available for customer
35 Available for customer
36 Available for customer
37 Available for customer
38 Available for customer
39 Available for customer
40 Available for customer
41 Available for customer
42 Available for customer
43 Available for customer
44 Available for customer
45 Available for customer
46 Available for customer
47 Available for customer
48 Available for customer
49 Available for customer
50 Available for customer
51 Available for customer
52 Available for customer
53 Available for customer
54 Available for customer
55 Available for customer
56 Available for customer
57 Available for customer
58 Available for customer
59 Available for customer
60 Available for customer
61 Available for customer
62 Available for customer
63 Available for customer
64 Available for customer
65 Available for customer
66 Available for customer
67 Available for customer
68 Available for customer
69 Available for customer
70 Available for customer
71 Available for customer
72 Available for customer
73 Available for customer
74 Available for customer
75 Available for customer
76 Available for customer
77 Available for customer
78 Available for customer
79 Available for customer
80 Available for customer
81 Available for customer
82 Available for customer
83 Available for customer
84 Available for customer
85 Available for customer
86 Available for customer
87 Available for customer
88 Available for customer
89 Available for customer
90 Available for customer
91 Available for customer
92 Available for customer
93 Available for customer
94 Available for customer
95 Available for customer
96 Available for customer
97 Available for customer
98 Available for customer
99 Available for customer
100 Available for customer
101 Available for customer
102 ID STM32MP23 or STM32MP25 Reference Manuals
103


CRC_HSM STM32MP23 or STM32MP25 Reference Manuals
104 CAL1 STM32MP23 or STM32MP25 Reference Manuals
105 CAL2 STM32MP23 or STM32MP25 Reference Manuals
106 CAL3 STM32MP23 or STM32MP25 Reference Manuals
107 CAL4 STM32MP23 or STM32MP25 Reference Manuals
108 CAL5 STM32MP23 or STM32MP25 Reference Manuals
109 CAL6 STM32MP23 or STM32MP25 Reference Manuals
110 CAL7 STM32MP23 or STM32MP25 Reference Manuals
111 CAL8 STM32MP23 or STM32MP25 Reference Manuals
112 ENGI1 STM32MP23 or STM32MP25 Reference Manuals
113 ENGI2 STM32MP23 or STM32MP25 Reference Manuals
114 ENGI3 STM32MP23 or STM32MP25 Reference Manuals
115 ENGI4 STM32MP23 or STM32MP25 Reference Manuals
116 ENGI5 STM32MP23 or STM32MP25 Reference Manuals
117 ENGI6 STM32MP23 or STM32MP25 Reference Manuals
118 ENGI7 STM32MP23 or STM32MP25 Reference Manuals
119 ENGI8 STM32MP23 or STM32MP25 Reference Manuals
120 ATRIM1 STM32MP23 or STM32MP25 Reference Manuals
121 ATRIM2 STM32MP23 or STM32MP25 Reference Manuals
122 ATRIM3 STM32MP23 or STM32MP25 Reference Manuals
123 ATRIM4 STM32MP23 or STM32MP25 Reference Manuals
124 HCONF1 STM32MP23 or STM32MP25 Reference Manuals
125


MREPAIR1 STM32MP23 or STM32MP25 Reference Manuals
126


MREPAIR2 STM32MP23 or STM32MP25 Reference Manuals
127


MREPAIR3 STM32MP23 or STM32MP25 Reference Manuals
Middle OTP region
128 STM32CERTIF0 STM32 chip certificate (public key)[key-formats 1]
129 STM32CERTIF1 STM32 chip certificate (public key)[key-formats 1]
130 STM32CERTIF2 STM32 chip certificate (public key)[key-formats 1]
131 STM32CERTIF3 STM32 chip certificate (public key)[key-formats 1]
132 STM32CERTIF4 STM32 chip certificate (public key)[key-formats 1]
133 STM32CERTIF5 STM32 chip certificate (public key)[key-formats 1]
134 STM32CERTIF6 STM32 chip certificate (public key)[key-formats 1]
135 STM32CERTIF7 STM32 chip certificate (public key)[key-formats 1]
136 STM32CERTIF8 STM32 chip certificate (public key)[key-formats 1]
137 STM32CERTIF9 STM32 chip certificate (public key)[key-formats 1]
138 STM32CERTIF10 STM32 chip certificate (public key)[key-formats 1]
139 STM32CERTIF11 STM32 chip certificate (public key)[key-formats 1]
140 STM32CERTIF12 STM32 chip certificate (public key)[key-formats 1]
141 STM32CERTIF13 STM32 chip certificate (public key)[key-formats 1]
142 STM32CERTIF14 STM32 chip certificate (public key)[key-formats 1]
143 STM32CERTIF15 STM32 chip certificate (public key)[key-formats 1]
144 OEM_KEY1_ROT0 OEM Key1 Root of Trust Hash[key-formats 1]
145 OEM_KEY1_ROT1 OEM Key1 Root of Trust Hash[key-formats 1]
146 OEM_KEY1_ROT2 OEM Key1 Root of Trust Hash[key-formats 1]
147 OEM_KEY1_ROT3 OEM Key1 Root of Trust Hash[key-formats 1]
148 OEM_KEY1_ROT4 OEM Key1 Root of Trust Hash[key-formats 1]
149 OEM_KEY1_ROT5 OEM Key1 Root of Trust Hash[key-formats 1]
150 OEM_KEY1_ROT6 OEM Key1 Root of Trust Hash[key-formats 1]
151 OEM_KEY1_ROT7 OEM Key1 Root of Trust Hash[key-formats 1]
152 OEM_KEY2_ROT0 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
153 OEM_KEY2_ROT1 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
154 OEM_KEY2_ROT2 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
155 OEM_KEY2_ROT3 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
156 OEM_KEY2_ROT4 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
157 OEM_KEY2_ROT5 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
158 OEM_KEY2_ROT6 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
159 OEM_KEY2_ROT7 OEM Key2 Root of Trust Hash[key-formats 1][fsblm-keys 1]
160 STM32PUBKEY0 STM32 chip public key[key-formats 1]
161 STM32PUBKEY1 STM32 chip public key[key-formats 1]
162 STM32PUBKEY2 STM32 chip public key[key-formats 1]
163 STM32PUBKEY3 STM32 chip public key[key-formats 1]
164 STM32PUBKEY4 STM32 chip public key[key-formats 1]
165 STM32PUBKEY5 STM32 chip public key[key-formats 1]
166 STM32PUBKEY6 STM32 chip public key[key-formats 1]
167 STM32PUBKEY7 STM32 chip public key[key-formats 1]
168 STM32PUBKEY8 STM32 chip public key[key-formats 1]
169 STM32PUBKEY9 STM32 chip public key[key-formats 1]
170 STM32PUBKEY10 STM32 chip public key[key-formats 1]
171 STM32PUBKEY11 STM32 chip public key[key-formats 1]
172 STM32PUBKEY12 STM32 chip public key[key-formats 1]
173 STM32PUBKEY13 STM32 chip public key[key-formats 1]
174 STM32PUBKEY14 STM32 chip public key[key-formats 1]
175 STM32PUBKEY15 STM32 chip public key[key-formats 1]
A35-TD flavor More info green.png M33-TD flavor More info green.png
Name Description Name Description
176 RPROC-FW-PKH0 Hash of the Public Key for remote processor firmware[key-formats 2]
177 RPROC-FW-PKH1 Hash of the Public Key for remote processor firmware[key-formats 2]
178 RPROC-FW-PKH2 Hash of the Public Key for remote processor firmware[key-formats 2]
179 RPROC-FW-PKH3 Hash of the Public Key for remote processor firmware[key-formats 2]





180 RPROC-FW-PKH4 Hash of the Public Key for remote processor firmware[key-formats 2]
181 RPROC-FW-PKH5 Hash of the Public Key for remote processor firmware[key-formats 2]
182 RPROC-FW-PKH6 Hash of the Public Key for remote processor firmware[key-formats 2]
183 RPROC-FW-PKH7 Hash of the Public Key for remote processor firmware[key-formats 2]
184 FSBLM-M33-FW-PKH0 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
185 FSBLM-M33-FW-PKH1 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
186 FSBLM-M33-FW-PKH2 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
187 FSBLM-M33-FW-PKH3 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]






188 FSBLM-M33-FW-PKH4 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
189 FSBLM-M33-FW-PKH5 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
190 FSBLM-M33-FW-PKH6 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
191 FSBLM-M33-FW-PKH7 Hash of the Public Key for M33TDCID M33 Firmware[key-formats 2]
192 FSBLM-DDR-FW-PKH0 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
193 FSBLM-DDR-FW-PKH1 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
194 FSBLM-DDR-FW-PKH2 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
195 FSBLM-DDR-FW-PKH3 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]






196 FSBLM-DDR-FW-PKH4 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
197 FSBLM-DDR-FW-PKH5 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
198 FSBLM-DDR-FW-PKH6 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
199 FSBLM-DDR-FW-PKH7 Hash of the Public Key for M33TDCID DDR Firmware[key-formats 2]
200 FSBLM-A35-FW-PKH0 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
201 FSBLM-A35-FW-PKH1 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
202 FSBLM-A35-FW-PKH2 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
203 FSBLM-A35-FW-PKH3 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
204 FSBLM-A35-FW-PKH4 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
205 FSBLM-A35-FW-PKH5 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
206 FSBLM-A35-FW-PKH6 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
207 FSBLM-A35-FW-PKH7 Hash of the Public Key for M33TDCID A35 bare metal Firmware[key-formats 2]
208 Available for customer
209 Available for customer
210 Available for customer
211 Available for customer
212 Available for customer
213 Available for customer
214 Available for customer
215 Available for customer
216 Available for customer
217 Available for customer
218 Available for customer
219 Available for customer
220 Available for customer
221 Available for customer
222 Available for customer
223 Available for customer
224 Available for customer
225 Available for customer
226 Available for customer
227 Available for customer
228 Available for customer
229 Available for customer
230 Available for customer
231 Available for customer
232 Available for customer
233 Available for customer
234 Available for customer
235 Available for customer
236 Available for customer
237 Available for customer
238 Available for customer
239 Available for customer
240 Available for customer
241 Available for customer
242 Available for customer
243 Available for customer
244 Available for customer
245 Available for customer
246 ST_BOARD_ID Identifier for ST boards (available to customer on chip)
247 MAC_ADDR_0 Mac address [coding 1]
248 MAC_ADDR_1 Mac address [coding 1]
249 MAC_ADDR_2 Mac address [coding 1]
250 MAC_ADDR_3 Mac address [coding 1]
251 MAC_ADDR_4 Mac address [coding 1]
252 MAC_ADDR_5 Mac address [coding 1]
253 MAC_ADDR_6 Mac address [coding 1]
254 MAC_ADDR_7 Mac address [coding 1]
255 ST_RSSE_EDMK_DERIV_CSTE_FUSE STM32MP23 or STM32MP25 Reference Manuals
Upper OTP region
256 OTP_RMA_LOCK_PSWD0 RMA lock password (128 bit)
257 OTP_RMA_LOCK_PSWD1 RMA lock password (128 bit)
258 OTP_RMA_LOCK_PSWD2 RMA lock password (128 bit)
259 OTP_RMA_LOCK_PSWD3 RMA lock password (128 bit)
260 FIP-EDMK0 FIP encryption decryption master key (256-bit)[key-formats 1]
261 FIP-EDMK1 FIP encryption decryption master key (256-bit)[key-formats 1]
262 FIP-EDMK2 FIP encryption decryption master key (256-bit)[key-formats 1]
263 FIP-EDMK3 FIP encryption decryption master key (256-bit)[key-formats 1]
264 FIP-EDMK4 FIP encryption decryption master key (256-bit)[key-formats 1]
265 FIP-EDMK5 FIP encryption decryption master key (256-bit)[key-formats 1]
266 FIP-EDMK6 FIP encryption decryption master key (256-bit)[key-formats 1]
267 FIP-EDMK7 FIP encryption decryption master key (256-bit)[key-formats 1]
268 OEM Secrets available for customer
269 OEM Secrets available for customer
270 OEM Secrets available for customer
271 OEM Secrets available for customer
272 OEM Secrets available for customer
273 OEM Secrets available for customer
274 OEM Secrets available for customer
275 OEM Secrets available for customer
276 OEM Secrets available for customer
277 OEM Secrets available for customer
278 OEM Secrets available for customer
279 OEM Secrets available for customer
280 OEM Secrets available for customer
281 OEM Secrets available for customer
282 OEM Secrets available for customer
283 OEM Secrets available for customer
284 OEM Secrets available for customer
285 OEM Secrets available for customer
286 OEM Secrets available for customer
287 OEM Secrets available for customer
288 OEM Secrets available for customer
289 OEM Secrets available for customer
290 OEM Secrets available for customer
291 OEM Secrets available for customer
292 OEM Secrets available for customer
293 OEM Secrets available for customer
294 OEM Secrets available for customer
295 OEM Secrets available for customer
296 OEM Secrets available for customer
297 OEM Secrets available for customer
298 OEM Secrets available for customer
299 OEM Secrets available for customer
300 OEM Secrets available for customer
301 OEM Secrets available for customer
302 OEM Secrets available for customer
303 OEM Secrets available for customer
304 OEM Secrets available for customer
305 OEM Secrets available for customer
306 OEM Secrets available for customer
307 OEM Secrets available for customer
308 OEM Secrets available for customer
309 OEM Secrets available for customer
310 OEM Secrets available for customer
311 OEM Secrets available for customer
312 OEM Secrets available for customer
313 OEM Secrets available for customer
314 OEM Secrets available for customer
315 OEM Secrets available for customer
316 OEM Secrets available for customer
317 OEM Secrets available for customer
318 OEM Secrets available for customer
319 OEM Secrets available for customer
320 OEM Secrets available for customer
321 OEM Secrets available for customer
322 OEM Secrets available for customer
323 OEM Secrets available for customer
324 OEM Secrets available for customer
325 OEM Secrets available for customer
326 OEM Secrets available for customer
327 OEM Secrets available for customer
328 OEM Secrets available for customer
329 OEM Secrets available for customer
330 OEM Secrets available for customer
331 OEM Secrets available for customer
332 OEM Secrets available for customer
333 OEM Secrets available for customer
334 OEM Secrets available for customer
335 OEM Secrets available for customer
A35-TD flavor More info green.png M33-TD flavor More info green.png
Name Description Name Description
336 RPROC-FW-ENC-KEY0 Encryption/Decryption Key for remote processor firmware[key-formats 2]
337 RPROC-FW-ENC-KEY1 Encryption/Decryption Key for remote processor firmware[key-formats 2]
338 RPROC-FW-ENC-KEY2 Encryption/Decryption Key for remote processor firmware[key-formats 2]
339 RPROC-FW-ENC-KEY3 Encryption/Decryption Key for remote processor firmware[key-formats 2]
340 RPROC-FW-ENC-KEY4 Encryption/Decryption Key for remote processor firmware[key-formats 2]
341 RPROC-FW-ENC-KEY5 Encryption/Decryption Key for remote processor firmware[key-formats 2]
342 RPROC-FW-ENC-KEY6 Encryption/Decryption Key for remote processor firmware[key-formats 2]
343 RPROC-FW-ENC-KEY7 Encryption/Decryption Key for remote processor firmware[key-formats 2]
344 COPRO_MAINKEY0 Coprocessor main key
345 COPRO_MAINKEY1 Coprocessor main key
346 COPRO_MAINKEY2 Coprocessor main key
347 COPRO_MAINKEY3 Coprocessor main key
348 COPRO_MAINKEY4 Coprocessor main key
349 COPRO_MAINKEY5 Coprocessor main key
350 COPRO_MAINKEY6 Coprocessor main key
351 COPRO_MAINKEY7 Coprocessor main key
352 TF-M IAK0 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
353 TF-M IAK1 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
354 TF-M IAK2 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
355 TF-M IAK3 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
356 TF-M IAK4 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
357 TF-M IAK5 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
358 TF-M IAK6 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
359 TF-M IAK7 Initial attestation 256-bit key (Symmetric or Asymmetric key)[key-formats 2]
360 OEM_KEY2_EDMK0 OEM master key used to derive FSBLM decryption key (Optional)[key-formats 1][fsblm-keys 1]
361 OEM_KEY2_EDMK1 OEM master key used to derive FSBLM decryption key (Optional)[key-formats 1][fsblm-keys 1]
362 OEM_KEY2_EDMK2 OEM master key used to derive FSBLM decryption key (Optional)[key-formats 1][fsblm-keys 1]
363 OEM_KEY2_EDMK3 OEM master key used to derive FSBLM decryption key (Optional)[key-formats 1][fsblm-keys 1]
364 OEM_KEY1_EDMK0 OEM master key used to derive FSBLA or M decryption key[key-formats 1]
365 OEM_KEY1_EDMK1 OEM master key used to derive FSBLA or M decryption key[key-formats 1]
366 OEM_KEY1_EDMK2 OEM master key used to derive FSBLA or M decryption key[key-formats 1]
367 OEM_KEY1_EDMK3 OEM master key used to derive FSBLA or M decryption key[key-formats 1]
368 STM32PRVKEY0 STM32 chip private key (ST)
369 STM32PRVKEY1 STM32 chip private key (ST)
370 STM32PRVKEY2 STM32 chip private key (ST)
371 STM32PRVKEY3 STM32 chip private key (ST)
372 STM32PRVKEY4 STM32 chip private key (ST)
373 STM32PRVKEY5 STM32 chip private key (ST)
374 STM32PRVKEY6 STM32 chip private key (ST)
375 STM32PRVKEY7 STM32 chip private key (ST)
376 HWKEY0 Secret hardware unique key
377 HWKEY1 Secret hardware unique key
378 HWKEY2 Secret hardware unique key
379 HWKEY3 Secret hardware unique key
380 HWKEY4 Secret hardware unique key
381 HWKEY5 Secret hardware unique key
382 HWKEY6 Secret hardware unique key
383 HWKEY7 Secret hardware unique key

2. References[edit | edit source]


2.1. Key storage in OTP[edit | edit source]

Keys are represented as a string of byte to be stored in consecutive OTP words.

For example, a 64-bit key (0xAABBCCDDEEFF5566) is stored into two consecutive OTP words KEY0 and KEY1.

A key is stored in OTP words using one of the following formats:

2.2. MAC address[edit | edit source]

  1. Jump up to: 1.0 1.1 1.2 1.3 1.4 1.5 1.6 1.7 Mac addresses are stored as octets list using the following coding convention:
    • OTP 247: mac_addr_1[4 first octets]
    • OTP 248: mac_addr_2[2 first octets] | mac_addr_1[2 last octets]
    • OTP 249: mac_addr_2[4 last octets]
    • OTP 250: mac_addr_3[4 first octets]
    • ...
    Example: 247 = 0xE37AE710 / 248 = 0xE710F495 / 249 = 0xF595E37A
    • mac_addr1 : 10:E7:7A:E3:95:F4
    • mac_addr2 : 10:E7:7A:E3:95:F5
    • ...
    Each MAC address is associated in U-Boot to an ethernet device with alias in device tree: ethernet0, ethernet1, ...
    On STM32MP257F-EV1 Evaluation board More info green.png the ETH2 use the first mac address (ethernet0 = &eth2), ETH1 use the second mac address (ethernet1 = &eth1).
    On STM32MP257F-DK Discovery kit More info green.png the ETH1 use the first mac address (ethernet0 = &eth1).
    On the default mapping the MAC 3, 4 and 5 are assigned to TSN switch (depending on product version).
    A unused MAC address (for example when TSN is not used) should be set to FF:FF:FF:FF:FF:FF, to avoids the trace "invalid MAC address" in U-Boot.

2.3. FSBL-M keys[edit | edit source]

  1. Jump up to: 1.00 1.01 1.02 1.03 1.04 1.05 1.06 1.07 1.08 1.09 1.10 1.11 1.12 By default STM32MP23x lines More info.png and STM32MP25x lines More info.png use OEM_KEY1_ROT and OEM_KEY1_EDMK for FSBLA and FSBLM. To use the dedicated FSBLM keys (OEM_KEY2_ROT and OEM_KEY2_EDMK) you must program bit 8 from OTP17.