B-L4S5I-IOT01A STSAFE Provisioning: STSAFEA_KEY_BLOCKED error

HYung.1 · ‎2021-10-27

Hi,

I'm using X-CUBE-AWS 2.2.0 with a B-L4S5I-IOT01A dev board. While trying to provision and save the keys, the erase function HAL_Erase_Data_Zone() is returning the error STSAFEA_KEY_BLOCKED. I have made sure that DBANK is 0. I enabled PRINTF_ON and here is the output:

Launching STSAFE-A pairing

Check if Pairing Host keys available

use default keys and meanwhile set buf = NULL

Check_host_keys STSAFEA_OK

Set access condition to host for Zone 2 & 3 & 4

Pairing OK

Size of data's to be send exceed max size of STSAFE-Axx buffer

We have to split data's in blocks

ERROR: StatusCode StSafeA_Update=0xb

Size of data to copy 9

ERROR: StatusCode StSafeA_Update=0xb

Size of data to copy 9

ERROR: StatusCode UpdateZone=0xb

ERROR: StatusCode =0xb

Erase data NOK, to understand source of the error please enable log

using #define PRINTF_ON, End of Provisioning !!!!

Any idea what might be causing this error? Is there another option byte I have to change?

Thanks in advance.

Hank

Benjamin BARATTE · ‎2021-12-03

Hi Hank,

Actually, you have blocked the Pairing keys of your STSAFE-A due to too many invalid C-MAC operation in row (more than 50).

You can no longer use the Host Keys on this STSAFE-A, you need to change it.

Did you make modification in the B-L4S5I-IOT01A STSAFE Provisioning ?

For your next trial with a new STSAFE-A, you can run the STSAFE Provisioning a first time without issue as long as the pairing is not done on the STSAFE-A.

If you want to reload the STSAFE Provisioning after a mass erase of the flash (due to RDP regression for instance) then you need to set the #define FORCE_PAIRING in order to make sure that the flash has been updated.

Alternative solution is to change the #define USE_PRE_LOADED_HOST_KEYS to 0 in the stsafea_interface_conf.h

Best Regards,

Benjamin BARATTE