Implement Key replacement package for Image signing Key ECCKEY1

Forum|Forum|3 years ago
January 6, 2023
1 reply
1008 views

The SBSFU framework allows users to employ multiple image signing keys, ECCKEY1, ECCKEY2, and ECCKEY3.

Is there a method to blacklist ECCKEY1 and replace it with ECCKEY4, which may be transmitted via a key replacement update package if the private key for ECCKEY1 is leaked/compromised?

Keys are compiled into code and stored in the SE Key region ROM, which is secured by MPU-RX + WRP + PCROP.

Please advise what options I have to replace the key which is compromised?

Assuming bootloader enhanced to differentiate between .sfb and key replacement package.

This topic has been closed for replies.

Best answer by Jocelyn RICARD

Hello @Community member

There is no mechanism to implement such behaviour.

Robustness of SBSFU is relying on the immutability of the code and public key.

So, I have no solution to propose here.

Best regards

Jocelyn

Jocelyn RICARDBest answer

ST Employee

Hello @Community member

There is no mechanism to implement such behaviour.

Robustness of SBSFU is relying on the immutability of the code and public key.

So, I have no solution to propose here.

Best regards

Jocelyn

GroguAuthor

Associate III

Thanks @Jocelyn RICARD

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded