Skip to main content
SPati.7
SPati.7
Associate III
May 23, 2022
Question

How many Public Keys we can store in Secure Boot. As per understanding from SBSFU examples, we can store only one public key to verify the signature of firmware. Can't we store more than one KEY ??

  • May 23, 2022
  • 4 replies
  • 1075 views

We want to store up to 4 Public Keys as backup, in case of any exploit in one KEY, we can switch to another.

So, Can you provide any solution to store more than one Public KEY in SBSFU solution??

This topic has been closed for replies.

4 replies

Bubbles
Bubbles
ST Employee
May 23, 2022

Hi @SPati.7​ ,

on what product are you developing? Some SBSFU implementations include a KMS to deal with multiple keys in a hierarchy, including key loading and revoking. I believe there is such example with one of the L4 IOT demo boards.

Using 4 keys without means to control the key lifetime would not help your cause, only increase attack surface. The secure boot must be able to distinguish exploited keys for your scheme to work.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
SPati.7
SPati.7Author
Associate III
May 23, 2022

We are using STM32H753 MCU, where we don't have KMS.

For us KEY lifetime doesn't matter, we should able to switch to new KEYS in case of KEY1, exploit.

Fred
Fred
ST Employee
May 23, 2022

This depends on what you define in your linker file.

You can extend the keys area if needed:

/* SE key region protected by MPU isolation */

define exported symbol __ICFEDIT_SE_Key_region_ROM_start__    = __ICFEDIT_SE_CallGate_Region_ROM_End__ + 1;

define exported symbol __ICFEDIT_SE_Key_region_ROM_end__     = __ICFEDIT_SE_Key_region_ROM_start__ + 0x2FF; /* H7: The minimum PCROP area that can be set is 16 Flash words, that is 512 bytes. */

You can refer to AN5056 section 3.2.1.

SPati.7
SPati.7Author
Associate III
May 23, 2022

Sure @Fred​ . Thanks for details.

But with this much size 512 Bytes, How many ECC256 type of Keys can be stored ??

Fred
Fred
ST Employee
May 23, 2022

The 512 bytes are the minimum size you must configure for this section because of PCROP but you can go beyond it.

Your are mentioning ECC256 so I guess you have 256-bit keys so 32 bytes per key.

You can see how several keys can be provisioned via prebuild.bat in SE_CoreBin project:

:ECDSA

set "ecckey=%1\\..\\Binary\\ECCKEY1.txt"

set "command=%python%%prepareimage% trans -k %ecckey% -f SE_ReadKey_1_Pub -v %cortex% >> %asmfile%"

%command%

IF %ERRORLEVEL% NEQ 0 goto error

set "ecckey=%1\\..\\Binary\\ECCKEY2.txt"

IF NOT EXIST %ecckey% goto end

set "command=%python%%prepareimage% trans -k %ecckey% -f SE_ReadKey_2_Pub -v %cortex% >> %asmfile%"

%command%

IF %ERRORLEVEL% NEQ 0 goto error

set "ecckey=%1\\..\\Binary\\ECCKEY3.txt"

IF NOT EXIST %ecckey% goto end

set "command=%python%%prepareimage% trans -k %ecckey% -f SE_ReadKey_3_Pub -v %cortex% >> %asmfile%"

%command%

IF %ERRORLEVEL% NEQ 0 goto error

If you do not use the multi-images feature of X-CUBE-SBSFU then you can probably reuse these "slots".

Terms & ConditionsAccessibility statement