Skip to main content
L
lautiq
Associate
April 23, 2025
Solved

OBKey config file

  • April 23, 2025
  • 2 replies
  • 486 views

Hi everyone,

We're working with STiROT and TrustZone on an STM32H5 (NUCLEO-H533RE), and during the provisioning process we generate the STiRoT_Config.obk file from the STiRoT_Config.xml using the Trusted Package Creator (TPC).

Our question is whether the .obk file itself is encrypted or signed during generation, and if so, which keys are used for that purpose?
We're trying to determine if we need to protect any additional private keys used during .obk creation, beyond those already defined for firmware encryption and authentication.

Any insight on whether the .obk file is cryptographically protected (encrypted or signed), or if it's simply a binary container holding the public and private keys for secure boot, would be greatly appreciated.

Thanks in advance!


Best answer by Jocelyn RICARD

Hello @lautiq ,

You can find the details of the obk format in AN6007 here

This is in Appendix C

The content is not encrypted. Only protected with a hash for integrity check

Best regards

Jocelyn

2 replies

Jocelyn RICARD
Jocelyn RICARDBest answer
ST Employee
April 23, 2025

Hello @lautiq ,

You can find the details of the obk format in AN6007 here

This is in Appendix C

The content is not encrypted. Only protected with a hash for integrity check

Best regards

Jocelyn

L
lautiqAuthor
Associate
April 24, 2025

Thank you very much @jocelyn,
That answers my question clearly. I appreciate your help!

Terms & ConditionsAccessibility statement