Skip to main content
E
Eliasvan
Associate II
September 23, 2025
Question

STM32H7Sx - Meaning of FLASH_OBKCR.NEXTKL within HDPL_0

  • September 23, 2025
  • 2 replies
  • 799 views

What is the meaning of the FLASH_OBKCR.NEXTKL field while executing within HDPL_0 (e.g., during execution of ST RSS)?

This question might seem irrelevant to me as I'm a user and user code will never execute within HDPL_0, but it might be important from a threat modeling point of view: does ST (by means of its RSS code) have access to HDPL_x user-provisioned AHKs (Application Hardware Keys) where x >= 1?

The reference manual states the following:

5.9.18 FLASH option byte key control register (FLASH_OBKCR)
"NEXTKL[1:0]: Next key level
00: OBKINDEX represents the index of the option byte key stored for the hide protection level
indicated in SBS_HDPLSR.
01: OBKINDEX represents the index of the option byte key stored for the hide protection level
indicated in SBS_HDPLSR plus one (e.g. if HDPL=1 in SBS_HDPLR the key of level 2 is
selected).
10 or 11: reserved"

Does this mean ST RSS (HDPL_0) can access:

  • HDPL_0 AHKs (when NEXTKL=00)
  • HDPL_1 AHKs (when NEXTKL=01)

but not:

  • HDPL_2 AHKs (no applicable NEXTKL value, candidate NEXTKL=10 is reserved)

?

2 replies

KDJEM.1
KDJEM.1
Technical Moderator
October 10, 2025

Hello @Eliasvan ;

 

I will check this internally and I will come back to you as soon as possible.

Internal ticket number: 219312 (This is an internal tracking number and is not accessible or usable by customers

Thank you.

Kaouthar

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
E
EliasvanAuthor
Associate II
October 14, 2025

Dear Kaouthar,

Thank you, I look forward to the answer!

Best regards,
Elias

KDJEM.1
KDJEM.1
Technical Moderator
October 17, 2025

Hello @Eliasvan ;

 

After checking internally, for HDPL levels, secure storage exists only for HDPL0 (reserved for RSS) ,HDPL1(iRoT), and HDPL2 (uRoT).

Therefore, only an HDPL+1 access is required for a user. Secure storage does not exist for HDPL3. HDPL=3 is reserved for code execution.

In RM0477, Figure 14 indicates a key store for the "iRoT" in HDPL1 and for the "uRoT" in HDPL2.

KDJEM1_0-1760695982946.png

 

Therefore, a user will only need the NEXTKL bit to potentially access the HDPL2 secure storage from HDPL1.

For HDPL0 : Only the RSS can provision HDPL1 and HDPL2 keys using the AHK. The RSS is the immutable code that ST has embedded in the device.

In RM (DataProvisioning), the structure’s definition is as follow:

typedef struct { uint32_t *pSource;

uint32_t Destination; => 0xDADAHHII, with HH is HDPL level

uint32_t Size; uint32_t DoEncryption; => 0xF5F5A0AAU: for encryption with AHK.

uint32_t Crc;

} RSSLIB_DataProvisioningConf_t;

 

I hope this answer your request.

Thank you.

Kaouthar

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
E
EliasvanAuthor
Associate II
October 17, 2025

Dear @KDJEM.1,

Thank you for your message.

You wrote:

Therefore, a user will only need the NEXTKL bit to potentially access the HDPL2 secure storage from HDPL1.

but I explicitly mentioned earlier:

This question might seem irrelevant to me as I'm a user and user code will never execute within HDPL_0, but it might be important from a threat modeling point of view

so in this forum topic I'm not interested in user code (even though I am a user).

In your message, you also wrote:

For HDPL0 : Only the RSS can provision HDPL1 and HDPL2 keys using the AHK. The RSS is the immutable code that ST has embedded in the device.

so now my question is:

How does ST's RSS code do this, what NEXTKL bit is used by ST's RSS code (HDPL0) to provision HDPL2 keys?
(I don't have read access to ST's RSS code because I'm not an ST employee, but you are an ST employee, that's why I ask this question to you.)

A related question could be:

Why does ST define the following value for NEXTKL:

https://github.com/STMicroelectronics/stm32h7rsxx-hal-driver/blob/181ba7a7e5f67cd0018dff060969b48cfb610831/Inc/stm32h7rsxx_hal_flash_ex.h#L118

#define FLASH_KEY_LEVEL_PLUS_TWO FLASH_OBKCR_NEXTKL_1 /*!< Key stored for the HDPL indicated in SBS_HDPLSR + 2 */

https://github.com/STMicroelectronics/cmsis-device-h7rs/blob/57ea11f70ebf1850e1048989d665c9070f0bb863/Include/stm32h7s3xx.h#L9483

#define FLASH_OBKCR_NEXTKL_1 (0x2UL << FLASH_OBKCR_NEXTKL_Pos) /*!< 0x00000200 */

 whereas that value (2 = 0b10) is reserved according to the latest version of the reference manual:

5.9.18 FLASH option byte key control register (FLASH_OBKCR)
"NEXTKL[1:0]: Next key level
00: OBKINDEX represents the index of the option byte key stored for the hide protection level
indicated in SBS_HDPLSR.
01: OBKINDEX represents the index of the option byte key stored for the hide protection level
indicated in SBS_HDPLSR plus one (e.g. if HDPL=1 in SBS_HDPLR the key of level 2 is
selected).
10 or 11: reserved"

?

Terms & ConditionsAccessibility statement