...
Preparation of files and Hardware Secure Module (HSM) using the source code and the toolkit provided by STMicroelectronics. Three elements are necessary to perform an SSP sequence using Elprotronic Gangflasher-ST:
Signed file with secret data (*.ssp)
Signed TF-A SSP file (tf-a_ssp<custom board>.stm32)
Programming of the OTP using Elprotronic Gangflasher and the files prepared in the first step.
...
Preparation of the keys (private_key.pem, public_key.pem and public_key_hash) using KeyGen Tool STM32MP_KeyGen_CLI
Preparation of Device Tree files (.dts) for the custom board using STM32CubeMX or STM32CubeIDE.
TFA-SSP compilation (tf-a_ssp<custom board>.bin) using Developers Package with SDK and Device Tree files from previous step.
Signing of the TF-A SSP (tf-a_ssp<custom board>.stm32) using STM32MP_SigningTool_CLI
Preparation of a secret data file (*.ssp) using STM32TrustedPackageCreator (SSP tab) or STM32TrustedPackageCreator_CLI (-ssp option)
Programming HSM modules with a limited number of licenses using STM32TrustedPackageCreator (HSM tab) or STM32TrustedPackageCreator_CLI (-hsm option)
2. Programming secrets in OTP using Elprotronic Gangflasher-ST on Windows
Open Gangflasher-ST
Check connection with the board or scan “Setup->USB Location“
Check connection with HSM “View->HSM“
Load TF-A SSP and *.ssp files in the setup window “Setup->SSP/SFI“
Check “Enable” box in SSP/SFI area.
Click “Write“ Button in SSP/SFI area.
Confirm the operation in the pop-up window.
View report for target in Reports area.
Info |
---|
SSP operation is also capable using .dll and Gangflasher_CLI |
Gangflasher_CLI
Performing SSP operation requires specifying *.cfg configuration file and *.ssp and tfa-ssp files according to the command below
Code Block |
---|
./GangFlasher-CLI -target_cfg <path to config file *.cfg> -ssp <path to secrets file *.ssp> -tfa_ssp <path to signed tf-a ssp file *.stm32> |
Example:
Code Block |
---|
./GangFlasher-CLI -target_cfg "setup.cfg" -ssp ssp.out -tfa_ssp tf-a-ssp-Signed.stm32 |
DLL
In order to customize the use of the SSP procedure, it is possible to use the Gangflasher API DLL. The SSP procedure requires the use of the following set of functions:
HSM card status check:
Code Block |
---|
int F_Read_HSM(int slot); |
uploading *.ssp file:
Code Block |
---|
int F_LoadSSPFile(const char * FileName); |
TF-A SSP file loading:
Code Block |
---|
int F_LoadTFASSPFile(const char * FileName); |
Start of the SSP procedure:
Code Block |
---|
int F_TrustedWrite(); |
Possible Errors
Expand | ||
---|---|---|
| ||
|
Related articles
Filter by label (Content by label) | ||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Page Properties | ||
---|---|---|
| ||
|
Useful links
STMicroelectronics application notes and user manuals:
...