SFU with 256-bit AES key

Forum|Forum|1 year ago
March 18, 2025
2 replies
632 views

Hello,

I am having some trouble understanding what bootloader (if any) is installed by ST from the factory for the STM32U5x and what AES key sizes that bootloader supports for secure firmware update. UM2851 only lists AES-CTR-128 (I interpret 128 to be the key size) but mcuboot docs lists support for 256-bit keys.

Ultimately, I need to be able to encrypt my software using a 256-bit AES key. Is this possible with STM32U5A5 and the ST provided tooling? If so, is there documentation describing how to achieve this configuration?

Thank you

Best answer by Jocelyn RICARD

Hello @aerosysdev ,

There is no secure boot pre-installed in factory on STM32U5.

You need to implement your secure boot in the user flash.

You can use SBSFU example here based on mcuboot.

This implementation is provided as example. You can adapt it to your needs

It can be adapted easily to STM32U5A5 because mapping file support it.

Regarding AES 256, this seems to be supported by mcuboot from documentation but actual size is hardcoded as 16 bytes. This may be changed easily in the code but never tried.

Best regards

Jocelyn

A

aerosysdevAuthor

Associate

Any thoughts or references? Thanks!

Jocelyn RICARDBest answer

ST Employee

Hello @aerosysdev ,

There is no secure boot pre-installed in factory on STM32U5.

You need to implement your secure boot in the user flash.

You can use SBSFU example here based on mcuboot.

This implementation is provided as example. You can adapt it to your needs

It can be adapted easily to STM32U5A5 because mapping file support it.

Regarding AES 256, this seems to be supported by mcuboot from documentation but actual size is hardcoded as 16 bytes. This may be changed easily in the code but never tried.

Best regards

Jocelyn

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded