cancel
Showing results for 
Search instead for 
Did you mean: 

How to generate SFI file?

PHu.1
Associate

Hi,

I am doing security project by STM32L562QE and have some questions.

1. I am trying to generate SFI file, but I didn't find the document talking about how to generate these files(encryption key file, Nonce file, and option bytes file). Can you provide related documents? (I don't have IAR only use the free tool from ST: STM32CubeProgrammer, Trusted Package Creator...)

0693W000006HM1nQAG.png 

2. I use the STM32MP_KeyGen_CLI tool to generate public hush key, but it seems to have some issue(the file is 32 bytes). How can I solve it?

0693W000006HM1sQAG.png 

3. I have download en.stm32cubel5_v1-3-0 but I don't find the .bin file which can as the input of Trusted Package Creator. If I use the “OEM_KEY_COMPANY1_key_AES_CBC.bin�? from en.x-cube-sbsfu\STM32CubeExpansion_SBSFU_V2.4.0\Projects\NUCLEO-G071RB as the input of my STM32L562QE board, does it make sense?

Thank you very much.

2 REPLIES 2
Chloe Meunier
ST Employee

Hello,

1 : Dis you already programm your HSM or not yet?

You have to use the same Nonce and Encryption key file for HSM programming and SFI generation.

You don't need IAR to generate Encryption key file, Nonce file and Option bytes file.

Chloe Meunier
ST Employee

Encryption key file

  • Create a new text file
  • Paste the following text (for example)

AES_KEY_TEST_001

The corresponding hex values are: 41 45 53 5F 4B 45 59 5F 54 45 53 54 5F 30 30 31

  • Save it as aeskey.bin

AES Nonce file

  • Create a new text file
  • Paste the following text

NONCE_TEST01

The corresponding hex values are: 4E 4F 4E 43 45 5F 54 45 53 54 30 31

  • Save it as nonce.bin

For OB file, you can find an example of OB file for each serie in C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\SFI_OB_CSV_FILES

BR

Chloé