Skip to main content
G
GChin.1
Visitor II
November 27, 2022
Question

How to validate keys and certiicates without fusing hash key to OTP area in secure boot?

  • November 27, 2022
  • 1 reply
  • 991 views

I am using STM32MP157F-DK2 for secure boot. I am using ecosystem release v3.1.1​ which has TFA v2.4-stm32mp-r2.1. As per steps given by ST need to fuse publicKeyhash.bin to OTP from u-boot console using "stm32key fuse 0xc00000000".

As OTP area can not be used for multiple hash. How test multiple key hash with keys and certificate or with secure boot chain​? As developer how to verify different hash keys without fusing to actual otp register (24 to 31).?

Thank you. ​

    This topic has been closed for replies.

    1 reply

    O
    OlivierK
    Technical Moderator
    December 8, 2022

    Hi GChin.1 (Community Member) 

    There is no such verification tool available right now. To test the signature authentication you need to fuse the OTP PKH. The only thing possible is to use "KeyGen" / "SigningTool" part of STM32MPCubeProgrammer install, to generate public, private, and Hash public key. The Hash public key is then ready to be fused in OTP PKH. The same generated keys will be used in SigninTool to sign the TF-A binary.

    Regards,

    Olivier

    Terms & ConditionsAccessibility statement