The HSM (hardware secure modules) is used as a license generation tool necessering necessary during the SFI programming procedure.
...
Preparation of the keys (AES128Key.bin and Nonce.bin), this these files can by generated by STM32 Trusted Package Creator tool, they must be the same as when they were used during SFI binary file generation.
Select Correct personalization data file from STM32CubeProgrammer install folder.
2. How to pick correct personalization data file:
To choose the right one personalization data file we need to know the first signs of digits from the chip certificate for the MCU family which one You we want programmingto program. You can read the chip certificate via using the GangFlasher-ST:
Open window “STM32 Trusted Programming setup”(Setup ->SSP/SFI)
Check “SFI Enable” box
Select the target from which you want to read the certificate
Click Read button and select folder where want to save certificate
Open file in notepad - first eight sings digits in file the certificate are the same like name as the correct personalization data file prefix (this will be useful in the steps below).
Code Block 4820200B ¶‚ĹŽî"C,×Vš\ˆżĽĚ*ű2ÎłčÇÔC#PFWQŇłÁ–PףśH
Example certificate from STM32U5 MCU. Note the 4820200B digits.
3. HSM generation
To validate the HSM programming request, the user has to:
set Set firmware identifier, used to identifies the correct HSM
indicate Select files prepared in the first step
select personalization data this file Select “Personalization data file” which can be found in the STM32CubeProgrammer tool install folder.
Note the “Personalization data file” STM32U5_4820200B… prefix, the STM32U5 indicates the family, whereas the identification digits can be read from the target MCU.
...
Useful links
STMicroelectronics application notes and user manuals:
...