Page Comparison

Secure Secret Provisioning SSP is the final step in production programming and is designed to protect the MPU from unwanted access to registers or running unauthorized software. The SSP procedure is to write secret data and keys to the OTP using files properly prepared by the OEM. Elprotronic Gangflasher-ST -Gangflasher software offers the possibility to write OTP according to the SSP procedure developed by STMicroelectronics on many MPUs simultaneously (Gang programming) which is beneficial for the production of a large number of devices.

...

The procedure consists of two main steps:

Preparation of files and Hardware Secure Module (HSM) using the source code and the toolkit provided by STMicroelectronics. Three elements are necessary to perform an SSP sequence using Elprotronic Gangflasher-ST:
- Signed file with secret data (*.ssp)
- Signed TF-A SSP file (tf-a_ssp<custom board>.stm32)
- HSM programmed module
Programming of the OTP using Elprotronic Gangflasher and the files prepared in the first step.

...

1. Preparing files using the STMicroelectronics toolkit:

Preparation of the keys (private_key.pem, public_key.pem and public_key_hash) using KeyGen Tool STM32MP_KeyGen_CLI
Preparation of Device Tree files (.dts) for the custom board using STM32CubeMX or STM32CubeIDE.
TFA-SSP compilation (tf-a_ssp<custom board>.bin) using Developers Package with SDK and Device Tree files from previous step.
Signing of the TF-A SSP (tf-a_ssp<custom board>.stm32) using STM32MP_SigningTool_CLI
Preparation of a secret data file (*.ssp) using STM32TrustedPackageCreator (SSP tab) or STM32TrustedPackageCreator_CLI (-ssp option)
Programming HSM modules with a limited number of licenses using STM32TrustedPackageCreator (HSM tab) or STM32TrustedPackageCreator_CLI (-hsm option)