FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How do I unload a key that was previously loaded by SHCI_C2_FUS_LoadUsrKey?

Go to solution
KHend.1
Associate II

‎2020-10-23 07:28 PM

I have implemented AES encryption / decryption on a STM32WB55 using keys stored in FUS. However, I'm running into a problem when I try to encrypt or decrypt using a non-FUS key. I get a hardfault when the key is written to the registers. Which I assume is because the FUS user key is still loaded.

AN5185 defines the command FUS_UNLOAD_USR_KEY but there is no corresponding implementation in shci.h/shci.c. I implemented my own version of SHCI_C2_FUS_UnLoadUsrKey using SHCI_C2_FUS_LoadUsrKey as an example. But CPU2 is saying that is an unknown command.

What is the process to unload a key that is stored in FUS and / or use the CRYP peripheral with a non-FUS key after previously loading a key into it from FUS?

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Remi QUINTIN
ST Employee

‎2020-10-26 07:15 AM

You should use the Customer Key Storage (CKS) to load/unload your own key for any encryption/decryption processing. This is especially true for AES.

Please have a look at the CKS project here: STM32Cube_FW_WB_V1.9.0\Projects\P-NUCLEO-WB55.Nucleo\Applications\CKS

It shows how to use CKS feature to store AES crypto keys in secure area.

View solution in original post

0 Kudos
3 REPLIES 3
Go to solution
KHend.1
Associate II

‎2020-10-24 11:06 PM

I've since discovered that I can unload the key if FUS is running. But if the wireless stack (BLE full) is running it reports the unload user key command is unknown. Is it really only possible to unload a user key when FUS is running?

0 Kudos
Go to solution
Remi QUINTIN
ST Employee

‎2020-10-26 07:15 AM

You should use the Customer Key Storage (CKS) to load/unload your own key for any encryption/decryption processing. This is especially true for AES.

Please have a look at the CKS project here: STM32Cube_FW_WB_V1.9.0\Projects\P-NUCLEO-WB55.Nucleo\Applications\CKS

It shows how to use CKS feature to store AES crypto keys in secure area.

0 Kudos
Go to solution
KHend.1
Associate II

‎2020-10-26 07:57 PM

Hi Remi, Thanks for the response. I took a look at the CKS example and it's very close to what I am doing. There are a couple unanswered questions though:

  1. How is a key unloaded? The AN5185 documents a command for unloading keys but the matching function is missing from shci.h/shci.c
  2. Is the unload command supported in the BLE full wireless stack or only when FUS is running?
  3. Is it possible to initialize the CRYP/AES peripheral with a non CKS key (pKey not NULL) after having loaded a key from CKS?
0 Kudos
Top