FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Where can I find algorithm to generate license file for SFI upload to STM32U585?

Go to solution
SBalo.1
Associate II

‎2023-04-03 04:09 AM

I'd like to use my own server instead of HSM card. I can't find any information how the license file is generated except the fact that it is possible as mentioned in AN5054.

Slawek

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
SBalo.1
Associate II

‎2023-04-04 06:00 AM

Thank you Chloe.

I guess there is a private key in HSM card provided by ST, which is used to sign generated licence file which is then used to allow secure bootloader to receive SFI. ST wrote in AN5054 "There is no STMicroelectronics secret involved in license generation, so each firmware provider is free to choose their preferred method.", except the must for buying a limited HSM card - am I right?

Best Regards

Slawek

View solution in original post

0 Kudos
7 REPLIES 7
Go to solution
Chloe Meunier
ST Employee

‎2023-04-03 06:52 AM

Hello Slawek,

Did you try the CLI STM32CubeProgrammer commands :

0693W00000bhPlaQAE.pngBR

Chloé

0 Kudos
Go to solution
SBalo.1
Associate II

‎2023-04-04 03:07 AM

Hello Chloe,

thank you for the answer. I understand these CLI commands as getting the license from attached Smart Card Reader with HSM card inserted - or am I wrong? Both have description "...if counter is not null".

0 Kudos
Go to solution
SBalo.1
Associate II

‎2023-04-04 03:11 AM

My goal is to prepare software/server to create this file by myself - of course getting ID from programmed microcontroller and using my own nonce/AES key which were used to encrypt firmware (SFI).

0 Kudos
Go to solution
Chloe Meunier
ST Employee

‎2023-04-04 05:27 AM

Hello Slawek,

" I understand these CLI commands as getting the license from attached Smart Card Reader with HSM card inserted - or am I wrong?" : In fact you need an HSM to do that.

You can't perform all these operations without any HSM.

Best Regards

Chloé

0 Kudos
Go to solution
SBalo.1
Associate II

‎2023-04-04 06:00 AM

Thank you Chloe.

I guess there is a private key in HSM card provided by ST, which is used to sign generated licence file which is then used to allow secure bootloader to receive SFI. ST wrote in AN5054 "There is no STMicroelectronics secret involved in license generation, so each firmware provider is free to choose their preferred method.", except the must for buying a limited HSM card - am I right?

Best Regards

Slawek

0 Kudos
Go to solution
Chloe Meunier
ST Employee

‎2023-04-04 06:12 AM

Yes your are right.

Best Regards

Chloé

0 Kudos
Go to solution
SBalo.1
Associate II

‎2023-04-04 06:41 AM

Thank you Chloe, now it's clear.

Best Regards

Slawek

0 Kudos
Top