Encrypt custom OBKey data provisioned with the HUK on the STM32H573

Vishal58 · ‎2025-02-04

I am looking on how to encrypt my OBKey data using HUK during provisioning.

HUK is device specific then how can we give this HUK Key to Trusted package creator to download the OBKey data?

STea · ‎2025-02-04

You can check this knowledge article How to enable RDP-like product state flash protect... - STMicroelectronics Community which will help you with OBkey provisioning steps if you want to use HUK, you could not access HUK directly but Derived key from RHUK can be used to encrypt keys and data see this wiki page which can help you understand this more clearly :Security:Secure Storage for STM32H5 - stm32mcu.
Regards

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Vishal58 · ‎2025-02-04

Hi @STea ,

I have below queries regarding usage of OBK/secure storage area and how we can use this feature in our product.

1) When you say DHUK can be used to encrypt keys, is this encryption done through software running on the controller ? If that is the case I am not checking encryption using software running on the controller.

I wanted to encrypt my secure data using HUK/DHUK/RHUK and program into the controller during production.

Is it possible and how ?

2) Also If a hacker wants to read the secure data in OBK Area If he can mimic as secure application then he can read the secure data decrypt and read the secure data as he is running the application in secure zone and the same hardware. How can we avoid this situation?

3) In the wiki page Security:Secure Storage for STM32H5 - stm32mcu. it is given that DHUK's are different for every HDPL level and is based on RHUK. I guess using DHUK to encrypt the secure data is also through software running on the controller not during production or provisioning (writing secure data in OBK area by encrypting using HUK/DHUK/RHUK). Please confirm.

Vishal58 · ‎2025-02-10

Hi ,

I was going through the UM2238 User manual for STM32 Trusted Package Creator tool software description and found that the xml file used to config the obk has doencryption parameter based on which DHUK key will be used for encrypting and decrypting the secure data by RSS Lib present in the controller RSS-system boot. Please confirm if my understanding is correct ?

Also using the attached example xml file we can download the authentication secure, non-secure and encryption keys in OBK area.

So if user wants he can edit the xml files to provide data inputs to create his own obk file ?

STea · ‎2025-02-11

Hello @Vishal58 ,

Indeed, you are getting it correctly OBK file can be modified by modifying XML file and this can be done throw Trusted package creator and RSS code is responsible for the encryption decrypting the secure data and this code is not visible and nor can be modified.
Regards

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Vishal58 · ‎2025-02-12

I had another query, can you answer this.

If a hacker wants to read the secure data in OBK Area If he can mimic as secure application then he can read the secure data decrypt and read the secure data as he is running the application in secure zone and the same hardware. How can we avoid this situation?

STea · ‎2025-02-12

Hello @Vishal58 ,

How can a hacker mimic a secure application this shouldn't be possible in the first place also the secure data and storage can be hidden after with HDP levels of protection rendering them invisible until the next reset of your code.

To sum up, this risk is improbable to not say impossible and the security ecosystem and mechanism are very robust and have been tested and are certified in the H5 series.

Regards

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Vishal58 · ‎2025-02-12

I didn't mean an attacker or hacker can mimic the full application.

If an attacker wants to read the secure data. Any one who knows the security architecture of STM32H573 knows the location of secure data area and it uses DHUK to encrypt the data. So an attacker can create his own secure application to read the secure data right.

STea · ‎2025-02-12

Hello @Vishal58 ,

That is also incorrect even if a potential attacker knows all the architecture, he cannot get access to secure storage areas as in case of a tamper detection, the DHUKs are not usable anymore until the next reset. So, if the contents of the secure storages are encrypted, these contents will not be accessible anymore. But the contents of the secure storages are not erased through a tamper event. The wanted actions related to the tamper event needs to be done through the interrupt handler. also, antirollback protection is insured through the EPOCH counters. They help to control that previously encrypted data cannot be reused. It means that new DHUKs are requested after a regression. The data related to the secure and nonsecure applications are protected through two different EPOCH counters.so even he will try to access them he will not find the correct key to decrypt them.
Regards

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.