The HSM (hardware secure modules) is a license generation tool necessary during the SFI programming procedure.
1. Preparing necessary files:
Preparation of the keys (AES128Key.bin and Nonce.bin), these files can by generated by STM32 Trusted Package Creator tool, they must be the same as when they were used during SFI binary file generation.
Select Correct personalization data file from STM32CubeProgrammer install folder.
2. How to pick correct personalization data file:
To choose the right personalization data file we need to know the first digits from the chip certificate for the MCU family which we want to program. You can read the chip certificate using the GangFlasher-ST:
Open window “STM32 Trusted Programming setup”(Setup ->SSP/SFI)
Check “SFI Enable” box
Select the target from which you want to read the certificate
Click Read button and select folder where want to save certificate
Open file in notepad - first eight digits in the certificate are the same as the correct personalization data file prefix (this will be useful in the steps below).
Example certificate from STM32U5 MCU. Note the 4820200B digits.
3. HSM generation
To validate the HSM programming request, the user has to:
Set firmware identifier, used to identifies the correct HSM
Select files prepared in the first step
Select “Personalization data file” which can be found in the STM32CubeProgrammer tool install folder. Note the “Personalization data file” STM32U5_4820200B… prefix, the STM32U5 indicates the family, whereas the identification digits can be read from the target MCU.
STMicroelectronics application notes and user manuals: