How to generate SFI file?

PHu.1 · ‎2021-01-03

Hi,

I am doing security project by STM32L562QE and have some questions.

1. I am trying to generate SFI file, but I didn't find the document talking about how to generate these files(encryption key file, Nonce file, and option bytes file). Can you provide related documents? (I don't have IAR only use the free tool from ST: STM32CubeProgrammer, Trusted Package Creator...)

2. I use the STM32MP_KeyGen_CLI tool to generate public hush key, but it seems to have some issue(the file is 32 bytes). How can I solve it?

3. I have download en.stm32cubel5_v1-3-0 but I don't find the .bin file which can as the input of Trusted Package Creator. If I use the “OEM_KEY_COMPANY1_key_AES_CBC.bin�? from en.x-cube-sbsfu\STM32CubeExpansion_SBSFU_V2.4.0\Projects\NUCLEO-G071RB as the input of my STM32L562QE board, does it make sense?

Thank you very much.

Chloe Meunier · ‎2022-02-07

Hello,

1 : Dis you already programm your HSM or not yet?

You have to use the same Nonce and Encryption key file for HSM programming and SFI generation.

You don't need IAR to generate Encryption key file, Nonce file and Option bytes file.

Chloe Meunier · ‎2022-02-07

Encryption key file↑

Create a new text file
Paste the following text (for example)

AES_KEY_TEST_001

The corresponding hex values are: 41 45 53 5F 4B 45 59 5F 54 45 53 54 5F 30 30 31

Save it as aeskey.bin

AES Nonce file↑

Create a new text file
Paste the following text

NONCE_TEST01

The corresponding hex values are: 4E 4F 4E 43 45 5F 54 45 53 54 30 31

Save it as nonce.bin

For OB file, you can find an example of OB file for each serie in C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\SFI_OB_CSV_FILES

BR

Chloé