I am testing this with a set of STM32F573 boards, the example taken straight from CubeMX example selector for the STM32H573I-DK board without any changes. I am running it until after the call to HAL_CRYPEx_WrapKey() and before the call to HAL_CRYPEx_UnwrapKey():
/* USER CODE BEGIN 2 */
/* User key AESKey256 encryption*/
if (HAL_CRYPEx_WrapKey(&hcryp, AESKey256, Encryptedkey, TIMEOUT_VALUE) != HAL_OK)
{
/* Processing Error */
Error_Handler();
}
/* we could not compare results, key is not known and unique for each device */
/* User key AESKey256 decryption*/
if (HAL_CRYPEx_UnwrapKey(&hcryp, Encryptedkey, TIMEOUT_VALUE) != HAL_OK)
{
/* Processing Error */
Error_Handler();
}
Where it says "we could not compare results, key is not known and unique for each device".
However, I am comparing results because I am expecting Encryptedkey[] to be different for each chip. But it is always the same!
When the chip has TrustZone disabled, it is (in hex):
CB3E195F 345C0D8C FAEF2E79 BD4EC0AE 78D20874 37696FBE BF1228E3 475588B5
When the chip has TrustZone enabled, it is:
FEBBE229 36B5DE56 31C1935A 28B2F8AF C2C97BE6 778413D2 EAB4AE1C F3B061A3
I've tried it with four different boards/chips, always the same result. This is clearly not working and I can't rely on the individual on-chip encryption. Please advise, thanks.
Regards,
Chris
