FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Issue with reading OBK payload plaintext on STM32H573 using SAES and DHUK

ZhangZhonghao
Associate

‎2025-11-03 4:56 AM

I am trying to use the DA function of the STM32H573. I can successfully write the OBK file (with TrustZone disabled) and regression via STM32_Programmer_CLI.exe. However, I encountered an issue when trying to read the plaintext of the OBK payload in my code. I am unable to obtain the correct plaintext through SAES and DHUK.

Here is part of my code:

int32_t OBK_Flash_ReadEncrypted( void *pData)
{
  uint32_t Offset =0x0100;
  uint32_t Length = 0x60;
  uint32_t i = 0U;
  CRYP_HandleTypeDef hcryp = { 0U };
  uint32_t SaesTimeout = 100U;
  uint8_t DataEncrypted[MAX_SIZE] = {0U};
  uint8_t *p_source = (uint8_t *) (FLASH_OBK_BASE_S + Offset);
  uint8_t *p_destination = (uint8_t *) DataEncrypted;
  uint32_t a_aes_iv[4] = {0x8001D1CEU, 0xD1CED1CEU, 0xD1CE8001U, 0xCED1CED1U};


  for (i = 0U; (i < Length); i++, p_destination++, p_source++)
  {
    *p_destination = *p_source;
  }

  __HAL_RCC_SBS_CLK_ENABLE();
  __HAL_RCC_SAES_CLK_ENABLE();

  /* Force use of EPOCH_S value for DHUK */
  //WRITE_REG(SBS_S->EPOCHSELCR, SBS_EXT_EPOCHSELCR_EPOCH_SEL_S_EPOCH);

  /* Configure SAES parameters */
  hcryp.Instance = SAES_S;
  if (HAL_CRYP_DeInit(&hcryp) != HAL_OK)
  {
    return ARM_DRIVER_ERROR_SPECIFIC;
  }
  hcryp.Init.DataType  = CRYP_NO_SWAP;
  hcryp.Init.KeySelect = CRYP_KEYSEL_HW;  /* Hardware unique key (256-bits) */
  hcryp.Init.Algorithm = CRYP_AES_CBC;
  hcryp.Init.KeyMode = CRYP_KEYMODE_NORMAL ;
  hcryp.Init.KeySize = CRYP_KEYSIZE_128B; /* 128 bits AES Key*/
  hcryp.Init.pInitVect = a_aes_iv;

  if (HAL_CRYP_Init(&hcryp) != HAL_OK)
  {
    return ARM_DRIVER_ERROR_SPECIFIC;
  }

  /*Size is n words*/
  if (HAL_CRYP_Decrypt(&hcryp, (uint32_t *)&DataEncrypted[0U], Length / 4U, (uint32_t *)pData, SaesTimeout) != HAL_OK)
  {
    return ARM_DRIVER_ERROR_SPECIFIC;
  }
  if (HAL_CRYP_DeInit(&hcryp) != HAL_OK)
  {
    return ARM_DRIVER_ERROR_SPECIFIC;
  }
  __HAL_RCC_SAES_CLK_DISABLE();

  return ARM_DRIVER_OK;
}
 


I understand that the generation of DHUK is related to many factors, such as SBS_OBK_HDPL, SBS_EPOCH_OUT, and SBS_SEC_NSEC. How should I configure the relevant registers? Or is the DHUK used by RSSLIB not available in user code?

Has anyone done the same thing or encountered the same issue? I would greatly appreciate any answers.

Labels:
0 Kudos
0 REPLIES 0
Top