STM32MP153C SSP workflow

Question

I am developing a device with the STM23MP153C and plan to implement secure boot, but I don't fully understand the SSP workflow and have a few questions.
1. The STM32CubeProgrammer documentation says that the -ssp command can be executed both with HSM and with a generated license. Do I understand correctly that this is the license that must be generated by the -hsmgetlicense command of STM32CubeProgrammer? If so, the license is valid only for the current device?
2. Is it mandatory to have HSM in production? Is it possible to generate a license for production so that production is not dependent on the presence of HSM? STM32CubeProgrammer program has a command -hsmgetlicensefromcertifbin. Is this command not what I want? If so, it requires "Input certificate file path" as an argument. How can I generate it?
3. HSM has a certain licenses count. Is this license per flash process or per device? Can I flash the same device multiple times with one license?

Olivier GALLIEN · Accepted Answer

Hi @axel101 , Did you already refer to Overview of the secure secret provisioning (SSP) on STM32MP1 series - Application note ? I guess it might answer to some of your questions.  Olivier

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded