...
Preparation of files and Hardware Secure Module (HSM) using the source code and the toolkit provided by STMicroelectronics. Three elements are necessary to perform an SSP sequence using Elprotronic Gangflasher-ST:
Programming of the OTP using Elprotronic Gangflasher and the files prepared in the first step.
...
Preparation of the keys (private_key.pem, public_key.pem and public_key_hash) using KeyGen Tool STM32MP_KeyGen_CLI
Preparation of Device Tree files (.dts) for the custom board using STM32CubeMX or STM32CubeIDE.
TFA-SSP compilation (tf-a_ssp<custom board>.bin) using Developers Package with SDK and Device Tree files from previous step.
Signing of the TF-A SSP (tf-a_ssp<custom board>.stm32) using STM32MP_SigningTool_CLI
Preparation of a secret data file (*.ssp) using STM32TrustedPackageCreator (SSP tab) or STM32TrustedPackageCreator_CLI (-ssp option)
Programming HSM modules with a limited number of licenses using STM32TrustedPackageCreator (HSM tab) or STM32TrustedPackageCreator_CLI (-hsm option)
...
| Code Block |
|---|
./GangFlasher-CLI -target_cfg "setup.cfg" -ssp ssp.out -tfa_ssp tf-a-ssp-Signed.stm32 |
DLL
In order to customize the use of the SSP procedure, it is possible to use the Gangflasher API DLL. The SSP procedure requires the use of the following set of functions:
HSM card status check:
| Code Block |
|---|
int F_Read_HSM(int slot); |
uploading *.ssp file:
| Code Block |
|---|
int F_LoadSSPFile(const char * FileName); |
TF-A SSP file loading:
| Code Block |
|---|
int F_LoadTFASSPFile(const char * FileName); |
Start of the SSP procedure:
| Code Block |
|---|
int F_TrustedWrite(); |
Possible Errors
| Expand |
|---|
| title | The SSP procedure consists of multiple steps and the result is returned in a report. An example of the correct execution of the entire SSP procedure generates the following report: |
|---|
|
| Code Block |
|---|
======== Date: 27-JUL-2021 Time: 13:57:58 ========
******** Target 1 Starting process: ..... Trusted Programming ..... ********
SECRET SECURE PROVISIONING
Operation enabled by user
STEP 1: FILES VERIFICATION
1. TF-A SSP File ready
2. *.ssp File ready
3. TF-A SSP file and *.out files are compliant
STEP 2: TARGET COMMUNICATION
Communication Initialization.......... OK
Reading USB-1 descriptors... OK
STMicroelectronics
DFU in HS Mode @Device ID /0x500, @Revision ID /0x0000
SN: 002E00453139510B38313636
Loading TF-A SSP files.......
Loading file: tf-a-ssp-stm32mp157c-ev1_Signed.stm32 (56.56 kB)... OK
2.1. TF-A SSP loaded
2.2. TF-A SSP detach and reset
Communication Initialization.......... OK
Reading USB-1 descriptors... OK
STMicroelectronics
DFU in HS Mode @Device ID /0x500, @Revision ID /0x0000
SN: 002E00453139510B38313636
Loading TF-A SSP files.......
Loading file: tf-a-ssp-stm32mp157c-ev1_Signed.stm32 (56.56 kB)... OK
2.3. TF-A SSP reloaded
STEP 3: REQUESTING CHIP CERTIFICATE
3.1. Chip certificate request done
3.2. Chip certificate is valid - 5000200A
STEP 4. GENERATING A LICENCE
4.1 HSM Smard Card Reader communication results:
Requesting license for the current STM32 device
Init communication with HSM
P11 lib initialization Success!
Opening session with slot ID 1...
Succeed to Open session with HSM
License Counter = 244
Succeed to generate license for current STM32 device
Closing session with reader slot ID 1...
Session closed with reader slot ID 1
Communication closed with HSM
4.2 License have been obtained
4.3 The license complies with the SSP
STEP 5: DOWNLOAD LICENCE TO MPU
5.1 Licence downloaded
5.2 DFU Detach
... done
-------- D O N E --- ( run time = 4.9 sec.) |
|
Related articles
| Filter by label (Content by label) |
|---|
| showLabels | false |
|---|
| max | 5 |
|---|
| spaces | com.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@992316da |
|---|
| sort | modified |
|---|
| showSpace | false |
|---|
| reverse | true |
|---|
| type | page |
|---|
| cql | label in ( "pkh" , "ssp" , "stm32mp1" ) and type = "page" and space = "~499168579" |
|---|
| labels | SSP PKH STM32MP1 |
|---|
|
Useful links
STMicroelectronics application notes and user manuals:
...