Skip to main content
J
jens-vdb
Associate II
February 29, 2024
Solved

Regenerating OEMiRoT_Data.obk

  • February 29, 2024
  • 1 reply
  • 2904 views

Hi,

While using the STM32Cube_FW_H5_V1.1.1 repository to explore secure boot on the STM32H5, I saw that the configuration file to generate OEMiRoT_Data.obk is missing. As I want to use my own keys and certificates for the OEMiRoT example application, I think I should regenerate the OEMiRoT_Data.obk file, but I can't find how to do this.

Am i missing something, or is the OEMiRoT_Data.xml file missing from the repository?

Best,

Jens

    This topic has been closed for replies.
    Best answer by Frantz LEFRERE

    Hi @jens-vdb 

    in fact we do not provide an xml to generate this OEMiRoT_Data.obk.
    As this one is only initialize data region used by OEM-iRot to 0, you don't need to tune it.

    Basically the obk syntax is 
    Address / Size /  Flag / SHA256 ( content)  / Content
    If you dump the content you will find the sha256 : 
    0x B3 93 97 88 42 A0 FA 3D 3E 14 70 19 6F 09 8F 47 3F 96 78 E7 24 63 CB 65 EC 4A B5 58 18 56 C2 E4

    Data Content 
    0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

    So you can use it as it's.

    Best regards,

    Frantz 

    1 reply

    I
    Imen.D
    Technical Moderator
    February 29, 2024

    Hello @jens-vdb ,

    I advise you follow this wiki page How to start with OEMiRoT on STM32H573 and 563–Arm® TrustZone® enabled - stm32mcu to generate a customized configuration file.

    "When your question is answered, please close this topic by clicking ""Accept as Solution"".ThanksImen"
    J
    jens-vdbAuthor
    Associate II
    February 29, 2024

    Hi @Imen.D ,

    On that page I have found instructions to generate the OEMiRoT_Config.obk file (and generate a OEMiRoT_Config.xml) file using the Trusted Package Creator, but that page does not mention anything about the OEMiRoT_Data.obk file and how to generate that.

    In the repository both the OEMiRoT_Config.obk and OEMiRoT_Config.xml files are present, but only OEMiRoT_Data.obk and *not* OEMiRoT_Data.xml. It is that last xml file that I don't know what to put in there.

    Frantz LEFRERE
    Frantz LEFREREBest answer
    ST Employee
    March 1, 2024

    Hi @jens-vdb 

    in fact we do not provide an xml to generate this OEMiRoT_Data.obk.
    As this one is only initialize data region used by OEM-iRot to 0, you don't need to tune it.

    Basically the obk syntax is 
    Address / Size /  Flag / SHA256 ( content)  / Content
    If you dump the content you will find the sha256 : 
    0x B3 93 97 88 42 A0 FA 3D 3E 14 70 19 6F 09 8F 47 3F 96 78 E7 24 63 CB 65 EC 4A B5 58 18 56 C2 E4

    Data Content 
    0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

    So you can use it as it's.

    Best regards,

    Frantz 

      Terms & ConditionsAccessibility statement