How can I verify Secure Manager Initial Attestation Certificate?

kato · ‎2025-11-24

I have exported X509 certificate from STM32H573I-DK board, and checked how it is organised.

The certificate was issued by "ST CA 01 for STM32 Initial Attestation".

I would like to verify whether it is truely signed by ST's upper-level certificate.

Where can I find the upper-level certificate?

Jocelyn RICARD · ‎2025-12-03

Hello @kato ,

Did you have a look to UM3254 chapter 4.1.2 PSA initial attestation service.

It describes the structure of the token and point to the IAR_Verifier utility.

I guess you should find your way.

The DUA certificate is provided in Utilities/Certificates of the package

Best regards

Jocelyn

View solution in original post

Jocelyn RICARD · ‎2025-12-03

Hello @kato ,

Did you have a look to UM3254 chapter 4.1.2 PSA initial attestation service.

It describes the structure of the token and point to the IAR_Verifier utility.

I guess you should find your way.

The DUA certificate is provided in Utilities/Certificates of the package

Best regards

Jocelyn

kato · ‎2025-12-10

Thank you very much for your reply, @Jocelyn RICARD .

I have reviewed UM3254 and now understand that the upper-level certificate—in this case, the CA DUA Initial Attestation Certificate—is provided by ST to the OEM under license.

Thank you again for your kind support.

Best regards,
Kato