Skip to main content
axel101
axel101
Associate II
March 11, 2024
Solved

STM32MP153C SSP workflow

  • March 11, 2024
  • 1 reply
  • 810 views

I am developing a device with the STM23MP153C and plan to implement secure boot, but I don't fully understand the SSP workflow and have a few questions.
1. The STM32CubeProgrammer documentation says that the -ssp command can be executed both with HSM and with a generated license. Do I understand correctly that this is the license that must be generated by the -hsmgetlicense command of STM32CubeProgrammer? If so, the license is valid only for the current device?
2. Is it mandatory to have HSM in production? Is it possible to generate a license for production so that production is not dependent on the presence of HSM? STM32CubeProgrammer program has a command -hsmgetlicensefromcertifbin. Is this command not what I want? If so, it requires "Input certificate file path" as an argument. How can I generate it?
3. HSM has a certain licenses count. Is this license per flash process or per device? Can I flash the same device multiple times with one license?

This topic has been closed for replies.
Best answer by Olivier GALLIEN

Hi @axel101 ,

 

Did you already refer to Overview of the secure secret provisioning (SSP) on STM32MP1 series - Application note

I guess it might answer to some of your questions. 

 

Olivier 

 

 

1 reply

Olivier GALLIEN
Olivier GALLIENBest answer
Technical Moderator
March 11, 2024

Hi @axel101 ,

 

Did you already refer to Overview of the secure secret provisioning (SSP) on STM32MP1 series - Application note

I guess it might answer to some of your questions. 

 

Olivier 

 

 

Olivier GALLIEN In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
Terms & ConditionsAccessibility statement