Skip to main content
VNara.1
VNara.1
Associate II
March 3, 2021
Solved

Maximum size of encrypted code that can be kept for OTFDEC ?! STM32L562QE

  • March 3, 2021
  • 2 replies
  • 1358 views

I have external flash of size 1MB. I want to explore the possibility of having encrypted code of size 500kb in external memory and run it through OTFDEC feature of STM32L562QE.

From the reference manual I saw that provision of 4 different OTFDEC regions is given ( 4 different portions in external flash with 4 different crypto keys if required). My use case is I just want a single key to encrypt whole of my code thus defining a OTFDEC region of size 500kb (is it feasible ?? )

The following was also provided in the manual :

Granularity for the region determination is 4096 bytes.

 

Note:Although OTFDEC does not prevent region overlapping it is not a valid programming and it should be avoided by application software.

 

OTFDEC can decrypt incremental or wrap bursts only if they do not cross the 4096-byte aligned address boundaries.

Does above statements have any impact in my use case ? how should I handle this ? Can some one guide please

This topic has been closed for replies.
Best answer by Patrice LF

​Hello

The 4096-byte aligned address boundary rule is related to the end of a region (ie. the boundary) so that not to attempt to decrypt a word that overlaps over two regions, of course any decryption inside the region whatever the size is possible.

In your case, you may define a single region as long as access properties are identical for all your object files.

Patrice

2 replies

I
Imen.D
Technical Moderator
March 9, 2021

Hello @VNara.1​ ,

As defined in the STM32L5 RM0351, the maximum size of an OTFDEC region is 2^28 = 256 Mbytes (28-bits significant (4 MSB are ignored)), so either you create a single region covering this 256Mbytes to put 500KB code or you create a region limited to 500KB (ie. size of 0x7D000) such as

OTFDEC_R0STARTADDR=external memory start address  / OTFDEC_R0ENDADDR= external memory start address + 0x7CFFF

Note that if 4 regions may be declared, they may all use the same key .. so only access properties may differ between regions

Overlap is to be avoided at user application level when defining region start/end address. However in case of overlap, the OTFDEC peripheral applies the following rule : access properties associated with region X will take over the properties of region X+1 for the overlapping memory part.

I hope that my answer brings some help to you.

Please mark my answer as best by clicking on the "Select as Best" button if it fully answered your question. This will help other users find this solution more quickly.

Imen

"When your question is answered, please close this topic by clicking ""Accept as Solution"".ThanksImen"
VNara.1
VNara.1Author
Associate II
March 10, 2021

Hello @Imen DAHMEN​ 

Thanks for the prompt response. I now get clear with one part of my question , that I can have the OTFDEC region as big as 256Mb which is more than my use case (of 500 kb).

The other part which I have asked in the question is , should I also make sure that the overlapping should not happen across 4kb boundaries ?

Meaning, if I have 5 object files A.o with size 3.9 kb , B.o with size 1 kb , C.o with size 7 kb , D.o with size 8kb and E.o with size 500 bytes.

I now have allocated 25 Kb in my OTFDEC region 1

I place the object files one after the other -> A.o followed by B.o followed by c.o followed by D.o and then the E.o

In the reference manual it has been specified that

OTFDEC can decrypt incremental or wrap bursts only if they do not cross the 4096-byte aligned address boundaries.

My question now is,

Should I place A.o in the 1st 4kb and B.o in the 2nd 4kb address ?? because placing B.o right at the end of A.o will cause overlapping across the 4kb region ??

If that is the case, how can I place files that are more than 4kb, like that of C.o ??

Or am I confusion with 4kb stuff ?? Kindly clarify.. !!

Patrice LF
Patrice LFBest answer
Technical Moderator
March 19, 2021

​Hello

The 4096-byte aligned address boundary rule is related to the end of a region (ie. the boundary) so that not to attempt to decrypt a word that overlaps over two regions, of course any decryption inside the region whatever the size is possible.

In your case, you may define a single region as long as access properties are identical for all your object files.

Patrice

VNara.1
VNara.1Author
Associate II
March 22, 2021

@Patrice LF​  and @Imen DAHMEN​  Many thanks both. Couldn't select best for both the answers. Best is absolute !

Terms & ConditionsAccessibility statement