How can I know which key shall I use in pair with DHUK to encrypt my software in flash of STM32U5?

Forum|Forum|3 years ago
March 20, 2023
1 reply
1543 views

As I understand OTFDEC will be used to on-fly decryption, while execution (am I correct)?

After debug is fused (RDP set to level 2) all DHUK keys are individual for each device, while during debug phase all keys are common. How can I make test run of the software in production environment with production keys?

This topic has been closed for replies.

Pierre_Paris

ST Employee

Hello @VTver.1 ,

Welcome on the Community!

In fact, the embedded OTFDEC decrypts in real-time the encrypted content.

Actually, DHUK has its production value when RDP>0. So, I believe you can run test in RDP1 if you need production keys. The SAES peripheral can wrap (encrypt) and unwrap (decrypt) application keys using these hardware-secret keys DHUK, XOR-ed or not with the application key BHK. You 'll find more details here.

Note that the SAES IP will behave exactly the same whatever the RDP level.

Does that help ? If yes, you can mentioned "best answer" for this comment.

Regards

Pierre

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded