Showing results for 
Search instead for 
Did you mean: 

How can I know which key shall I use in pair with DHUK to encrypt my software in flash of STM32U5?

Associate III

As I understand OTFDEC will be used to on-fly decryption, while execution (am I correct)?

After debug is fused (RDP set to level 2) all DHUK keys are individual for each device, while during debug phase all keys are common. How can I make test run of the software in production environment with production keys?

ST Employee

Hello @VTver.1​ ,

Welcome on the Community!

In fact, the embedded OTFDEC decrypts in real-time the encrypted content.

Actually, DHUK has its production value when RDP>0. So, I believe you can run test in RDP1 if you need production keys. The SAES peripheral can wrap (encrypt) and unwrap (decrypt) application keys using these hardware-secret keys DHUK, XOR-ed or not with the application key BHK. You 'll find more details here.

Note that the SAES IP will behave exactly the same whatever the RDP level.

Does that help ? If yes, you can mentioned "best answer" for this comment.



To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.