Skip to main content
Associate III
September 22, 2025
Question

STM32H7Sx - Use HDPL_x DHUK within HDPL_y where x > y

  • September 22, 2025
  • 1 reply
  • 578 views

Dear,

Is it possible for execution within HDPL_x to use SAES (Secure AES) with a DHUK (Derived Hardware Unique Key) from HDPL_y where x > y?

For example:

  1. Execution within HDPL2 makes use of SAES to encrypt plaintext p using its DHUK, this results in ciphertext c
  2. Afterwards, upon reset, execution within HDPL1 needs to be able to read plaintext p (e.g., by decrypting the stored ciphertext using HDPL2's DHUK) without changing the HDPL.
    Is this possible with SAES, and if yes, how?

Thanks a lot!

1 reply

EliasvanAuthor
Associate III
June 24, 2026

Is there nobody that has an answer to this, also not from @ ST?

Onizuka09
ST Employee
June 24, 2026

Hello ​@Eliasvan

Yes, it is possible to use DHUK keys of HDPL n+1  when you are in HDPL n.

For the example you provided, it is possible to use the DHUK of HDPL2 when you are in HDPL1. However, you cannot use the DHUK keys of HDPL3 or HDPL0.

The DHUKs are stored in OBKeys storage.

An HDPL level can access its current OBKEY area and the next level (N and N+1).

Please refer to the STM32H7RS Security Architecture Overview, section “Temporal isolation and Secure data storage”, for better understanding (pages 43 to 58).

For the second part of your question, please refer to the Reference Manual RM0477, section “Embedded Flash Memory: Option byte key loading” (page 225), which describes how to load keys from OBKeys storage.

Best regards,
 

EliasvanAuthor
Associate III
June 25, 2026

Dear ​@Onizuka09,

Thank you for your reply.

I read both sources you posted, but I have to conclude that you’re confusing DHUK (Derived Hardware Unique Key) with AHK (Application Hardware Key). AHKs are stored in OBKeys, DHUKs are not. A DHUK is generated/derived based on {RHUK (Root Hardware Unique Key), SOID (Static Operating ID)} as shown in the SAES block diagram of the Reference Manual RM0477 at page 1443 where SOID presumably depends on {EPOCH, HDPL, privilege-level}.

Slide 41 at page 56 in STM32H7RS Security Architecture Overview describes some uses of DHUK, but they seem to imply that for using a DHUK of a different HDPL you need to change the current HDPL (reflected by SBS_HDPLSR) first, but I explicitly mentioned without changing the HDPL in my original question.

There are several reasons why one doesn’t want to change the current HDPL:

  • realtime process / RTOS application running in HDPL1 that needs read access to DHUK2-encrypted data cannot afford context switch to different application in HDPL2 because of tight realtime constraints (going back from HDPL2 to HDPL1 would involve many transitions: HDPL1 → HDPL2 → reset → HDPL0 (RSS: several milliseconds) → HDPL1)
  • HDPL1-private data needs to be encrypted with DHUK2 without ever exposing the HDPL1-private data to HDPL2
  • ...

So, my question still stands, is there anyone that can give me an answer to my question?