Hi,
The authentication between the MCU and STSAFEA is handle by the STSAFE-A software wrapper.
At the command level you will activate the authentication by updating the InMac parameter.
if you set it to STSAFEA_MAC_HOST_CMAC, then only the command MAC will be generated.
if you set if to STSAFEA_MAC_HOST_RMAC, the command MAC will be generated and a response MAC as well which will be verified by the wrapper.
In order to properly use the authentication, you need to have the stsafea_crypto_interface.c properly configured to map the need crypto interface on your crypto stack (you have 2 types of examples in the X-CUBE-SAFEA1 package, one set using MBedTLS and the second one using X-CUBE-Cryptolib)
Once you have checked these 2 points and you are able to properly use authentication, you can have a look at the STSAFE-A memory permission setting.
By default, all regions except region 0 have open Read and Write permission.
On evaluation samples, you can update the write permission to restrict memory region writing to authenticated command only.
For the Read permission, this is not possible on evaluation samples only (if you move on dedicated profile, then this will be possible. for such profile please contact your local ST support)
To update a memory region permission, you need to use the InChangeACIndicator, InNewReadACRight, InNewReadAC parameters.
You need to use the following parameters :
- InChangeACIndicator = STSAFEA_FLAG_TRUE (if you want to be able to update the permission in the future)
- InNewReadACRight = STSAFEA_FLAG_TRUE
- InNewReadAC = STSAFEA_AC_HOST (you can only reduce the permission and you have 3 levels : STSAFEA_AC_ALWAYS, STSAFEA_AC_HOST, STSAFEA_AC_NEVER all other define are equivalent to STSAFEA_AC_NEVER in practice)
Best Regards,
Benjamin
