Skip to main content
AndreyK
AndreyK
Associate
April 20, 2022
Solved

Need mass programming PKH in stm32mp157x OTP. How to automate this step?

  • April 20, 2022
  • 2 replies
  • 1389 views

I was generate key-pair (privateKey.pem, publicKey.pem) by STM32MP_KeyGen_CLI and also got publicKeyhash.bin. After this i was sign FSBL TF-A bootloader and then make FIP (OP-TEE, U-Boot, configs) with "TRUSTED_BOARD_BOOT=1" option, kernel, rootfs. At now i have a question: is any easy way to put publicKeyhash.bin on device OTP (about hundred devices)?

Usage "STM32_Programmer_CLI -c port=usb1 -otp program wordID=0xNNNN value=0xMMMM" command is not easy way, because absent command to read OPT. How to check programmed value after write, before lock device? And also need some script to convert "publicKeyhash.bin" to STM32_Programmer_CLI commands.

How was solved this case on mass production?

This topic has been closed for replies.
Best answer by OlivierK

Hi AndreyK (Community Member) 

STM32CubeProgrammer is not intended to be a mass production tool.

However here is the procedure to easy read OTPs with CubeProgrammer, you need only the first 2 partitions of a TSV file.

https://wiki.st.com/stm32mpu/wiki/STM32CubeProgrammer#How_to_fuse_STM32MP15x_OTP

For example in CLI : FlashLayout_sdcard_stm32mp1-forOTP.tsv

#Opt  Id   Name  Type  IP   Offset Binary

-    0x01  fsbl1-boot   Binary none  0x0   tf-a-stm32mp157f-dk-usb.stm32

-    0x03  fip-boot    Binary none  0x0   fip-stm32mp157f-dk-optee.bin

To read OTP values:

STM32_Programmer_CLI -c port=usb1 -w ./FlashLayout_sdcard_stm32mp1-forOTP.tsv

STM32_Programmer_CLI -c port=usb1 -otp displ

For the PKH fuse.

STM32_Programmer_CLI -c port=usb1 -otp fwrite lock publicKeyHash.bin word=24

Regards,

Olivier

2 replies

OlivierK
OlivierKBest answer
Technical Moderator
May 6, 2022

Hi AndreyK (Community Member) 

STM32CubeProgrammer is not intended to be a mass production tool.

However here is the procedure to easy read OTPs with CubeProgrammer, you need only the first 2 partitions of a TSV file.

https://wiki.st.com/stm32mpu/wiki/STM32CubeProgrammer#How_to_fuse_STM32MP15x_OTP

For example in CLI : FlashLayout_sdcard_stm32mp1-forOTP.tsv

#Opt  Id   Name  Type  IP   Offset Binary

-    0x01  fsbl1-boot   Binary none  0x0   tf-a-stm32mp157f-dk-usb.stm32

-    0x03  fip-boot    Binary none  0x0   fip-stm32mp157f-dk-optee.bin

To read OTP values:

STM32_Programmer_CLI -c port=usb1 -w ./FlashLayout_sdcard_stm32mp1-forOTP.tsv

STM32_Programmer_CLI -c port=usb1 -otp displ

For the PKH fuse.

STM32_Programmer_CLI -c port=usb1 -otp fwrite lock publicKeyHash.bin word=24

Regards,

Olivier

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
AndreyK
AndreyKAuthor
Associate
May 13, 2022

As i see, OT-TEE version not able to read OTP partition, because STM32_SIP_SVC_SMC_READ_ALL function is not implemented at now. But trusted version - can do this. So, i can use she for OTP reading. And after PKH write - use OP-TEE version.

Thanks for your help

Terms & ConditionsAccessibility statement