Skip to end of banner
Go to start of banner

STM32MP1 Secure Secret Provisioning (SSP)

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Current »

Secure Secret Provisioning SSP is the final step in production programming and is designed to protect the MPU from unwanted access to registers or running unauthorized software. The SSP procedure is to write secret data and keys to the OTP using files properly prepared by the OEM. Elprotronic Gangflasher-ST software offers the possibility to write OTP according to the SSP procedure developed by STMicroelectronics on many MPUs simultaneously (Gang programming) which is beneficial for the production of a large number of devices.

Instructions

The procedure consists of two main steps:

  • Preparation of files and Hardware Secure Module (HSM) using the source code and the toolkit provided by STMicroelectronics. Three elements are necessary to perform an SSP sequence using Elprotronic Gangflasher-ST:

  • Programming of the OTP using Elprotronic Gangflasher and the files prepared in the first step.

1. Preparing files using the STMicroelectronics toolkit:

  1. Preparation of the keys (private_key.pem, public_key.pem and public_key_hash) using KeyGen Tool STM32MP_KeyGen_CLI

  2. Preparation of Device Tree files (.dts) for the custom board using STM32CubeMX or STM32CubeIDE.

  3. TFA-SSP compilation (tf-a_ssp<custom board>.bin) using Developers Package with SDK and Device Tree files from previous step.

  4. Signing of the TF-A SSP (tf-a_ssp<custom board>.stm32) using STM32MP_SigningTool_CLI

  5. Preparation of a secret data file (*.ssp) using STM32TrustedPackageCreator (SSP tab) or STM32TrustedPackageCreator_CLI (-ssp option)

  6. Programming HSM modules with a limited number of licenses using STM32TrustedPackageCreator (HSM tab) or STM32TrustedPackageCreator_CLI (-hsm option)

2. Programming secrets in OTP using Elprotronic Gangflasher-ST on Windows

  1. Open Gangflasher-ST

  2. Check connection with the board or scan “Setup->USB Location“

  3. Check connection with HSM “View->HSM“

  4. Load TF-A SSP and *.ssp files in the setup window “Setup->SSP/SFI“

  5. Check “Enable” box in SSP/SFI area.

  6. Click “Write“ Button in SSP/SFI area.

  7. Confirm the operation in the pop-up window.

  8. View report for target in Reports area.

SSP operation is also capable using .dll and Gangflasher_CLI

Gangflasher_CLI

Performing SSP operation requires specifying *.cfg configuration file and *.ssp and tfa-ssp files according to the command below

./GangFlasher-CLI -target_cfg <path to config file *.cfg> -ssp <path to secrets file *.ssp> -tfa_ssp <path to signed tf-a ssp file *.stm32>

Example:

./GangFlasher-CLI -target_cfg "setup.cfg" -ssp ssp.out -tfa_ssp tf-a-ssp-Signed.stm32

DLL

In order to customize the use of the SSP procedure, it is possible to use the Gangflasher API DLL. The SSP procedure requires the use of the following set of functions:

HSM card status check:

int F_Read_HSM(int slot);

uploading *.ssp file:

int F_LoadSSPFile(const char * FileName);

TF-A SSP file loading:

int F_LoadTFASSPFile(const char * FileName);

Start of the SSP procedure:

int F_TrustedWrite();

Possible Errors

 The SSP procedure consists of multiple steps and the result is returned in a report. An example of the correct execution of the entire SSP procedure generates the following report:

    ======== Date:  27-JUL-2021      Time:  13:57:58 ========
******** Target 1   Starting process: ..... Trusted Programming .....  ********

SECRET SECURE PROVISIONING

Operation enabled by user

STEP 1: FILES VERIFICATION

	1. TF-A SSP File ready
	2. *.ssp File ready
	3. TF-A SSP file and *.out files are compliant

STEP 2: TARGET COMMUNICATION

Communication Initialization..........	 OK
Reading USB-1 descriptors...	 OK
   STMicroelectronics
   DFU in HS Mode @Device ID /0x500, @Revision ID /0x0000
   SN: 002E00453139510B38313636
Loading TF-A SSP files.......
   Loading file:  tf-a-ssp-stm32mp157c-ev1_Signed.stm32   (56.56 kB)...	 OK

	 2.1. TF-A SSP loaded
	 2.2. TF-A SSP detach and reset

Communication Initialization..........	 OK
Reading USB-1 descriptors...	 OK
   STMicroelectronics
   DFU in HS Mode @Device ID /0x500, @Revision ID /0x0000
   SN: 002E00453139510B38313636
Loading TF-A SSP files.......
   Loading file:  tf-a-ssp-stm32mp157c-ev1_Signed.stm32   (56.56 kB)...	 OK

	 2.3. TF-A SSP reloaded

STEP 3: REQUESTING CHIP CERTIFICATE

	3.1. Chip certificate request done
	3.2. Chip certificate is valid - 5000200A

 STEP 4. GENERATING A LICENCE

	 4.1 HSM Smard Card Reader communication results:

Requesting license for the current STM32 device 
Init communication with HSM 
P11 lib initialization Success! 
Opening session with slot ID 1... 
Succeed to Open session with HSM 
License Counter = 244
Succeed to generate license for current STM32 device 
Closing session with reader slot ID 1... 
Session closed with reader slot ID 1
Communication closed with HSM

	 4.2 License have been obtained
	 4.3 The license complies with the SSP

STEP 5: DOWNLOAD LICENCE TO MPU

	5.1 Licence downloaded
	5.2 DFU Detach
...	 done
 -------- D O N E --- ( run time =   4.9 sec.)

Filter by label

There are no items with the selected labels at this time.

STMicroelectronics application notes and user manuals:

[1] AN5054 - Secure programming using STM32CubeProgrammer

[2] AN5510 - Overview of the secure secret provisioning (SSP) on STM32MP1 Series

[3] AN5156 - Introduction to STM32 microcontrollers security

[4] AN5275 - USB DFU/USART protocols used in STM32MP1 Series bootloaders

[5] AN5510 - Overview of the secure secret provisioning (SSP) on STM32MP1 Series

[6] UM2238 - STM32 Trusted Package Creator tool software description

[7] UM2543 - STM32MP1 Series Signing Tool software description

STMicroelectronics sites:

[8] STM32Trust

[9] Security Overview

[10] STM32MP1 resources

[11] KeyGen tool

  • No labels