How to properly regenerate Keys for SM project

Thatseasy · ‎2026-02-18

When creating a new project (for STM32H573) using CubeMX, it generates defaults keys under ROT_Provisioning\SM\Keys:

06/19/2025 03:20 PM 232 ITS_key1.pem
02/17/2026 09:34 PM 16 SFI_Encryption_Key.bin
02/17/2026 09:34 PM 12 SFI_Encryption_Nonce.bin
02/18/2026 12:06 PM 136 SFI_Global_License.bin
06/19/2025 03:20 PM 246 SM_Authentication.pem
06/19/2025 03:20 PM 182 SM_Authentication_pub.pem
06/19/2025 03:20 PM 246 SM_Encryption.pem
06/19/2025 03:20 PM 182 SM_Encryption_pub.pem

Using TPC, those keys (including the SFI_global_license) can be regenerated, but when provisioning, got the following error:
2026-02-18 12:19:23,911 - DEBUG - Processing license...
2026-02-18 12:19:24,072 - DEBUG - Error: Execution of RSS CMD failed, returned value = 0xF6F6F6F6
2026-02-18 12:19:24,072 - DEBUG - Error: Failed to Process License!
2026-02-18 12:19:24,073 - DEBUG - Error: .....ROT_Provisioning\SM\Binary\SecureManagerPackage.sfi SFI file Install Operation Failure! Please, try again.
2026-02-18 12:19:24,073 - DEBUG -
2026-02-18 12:19:24,082 - ERROR - Command '"C:\Program Files\STMicroelectronics\STM32Cube\STM32CubeProgrammer\bin\STM32_Programmer_CLI.exe" -c port=SWD ap=1 mode=HotPlug -vb 1 -sfi C:\projects\TGR_V1\GSV1_SM\ROT_Provisioning\SM\Binary\SecureManagerPackage.sfi ....ROT_Provisioning\SM\Keys\SFI_Global_License.bin -rsse ....ROT_Provisioning\SM\Binary\enc_signed_RSSe_SFI_STM32H5_2M_v2.0.1.0.bin ' returned non-zero exit status 1

My questions, after re--generating the keys, besides running the provisioning.py to re-create the sfi file, what else should be done before flashing the device (assuming it is already in OPEN state)?

Thanks!

Jocelyn RICARD · ‎2026-02-27

Hello @Thatseasy

You don't have any flexibility in the non secure application location.

One you have setup C:\ST\X-CUBE-SEC-M-H5_V2.1.0\Projects\STM32H573I-DK\ROT_Provisioning\SM\Config\Profile_Large\SM_Config_General_Large.xml all mapping is fixed.

Your non secure application linker file will be updated by prebuild.

In your linker file you should have something like:

MEMORY
{
  RAM    (xrw)        : ORIGIN = 0x20000000, LENGTH = 256K - RAM_S_NS_IF_SIZE
  RAM_2  (xrw)        : ORIGIN = RAM_S_END + 1, LENGTH = 0x200A0000 - (RAM_S_END + 1)
  FLASH   (rx)        : ORIGIN = 0x08000000 + CODE_OFFSET + IMAGE_HEADER_SIZE,   LENGTH = (CODE_SIZE - IMAGE_HEADER_SIZE)
  FLASH_RESERVED (rx) : ORIGIN = 0x08000000 + RESERVED_AREA_OFFSET, LENGTH = RESERVED_AREA_SIZE
}

With Secure Manager solution you should only have to care about your non secure application.

Once you have launched provisioning.py --sfi-gen --sfi-flash -a :

Plaform first boots on SMiROT.

SMiROT checks authenticity of SMuROT and jump to this 2nd stage secure boot.

SMuROT checks mainly authenticity of : Secure Manager core that is the secure application and your non secure application.

By default you are in development mode. For secure manager it means product state is TZ-CLOSED.

In this state only non secure part of the flash are accessible to the debugger.

The option bytes you share show that secure manager is not installed.

Here is an option bytes setting you have on an installed secure manager:

OPTSR_PRG,0x2D30C6F8
OPTSR2_PRG,0x2D30C6F8
NSBOOTR_PRG,0x080000C3
SECBOOTR_PRG,0x00000000
SECWM1R_CUR,0x002E0000
SECWM2R_CUR,0x00730065
WRP1R_PRG,0xFFFFFFFF
WRP2R_PRG,0xE7FFFFFF
EDATA1R_PRG,0x00000000
EDATA2R_PRG,0x00000000
HDP1R_PRG,0x0000007F
HDP2R_CUR,0x006C006D

Best regards

Jocelyn

View solution in original post

Jocelyn RICARD · ‎2026-02-24

Hello @Thatseasy

you should generate the new Global license as suggested by the provisioning.py script:

2026-02-24 11:05:56,516 - INFO -        * Choice of the SFI license
2026-02-24 11:05:56,516 - INFO -                In C:\ST\X-CUBE-SEC-M-H5_V2.1.0\Projects\STM32H573I-DK\ROT_Provisioning\SM\Config\sm.ini, You have chosen (global) for license_type.
2026-02-24 11:05:56,516 - INFO -                Is this the desired configuration for your SFI?
2026-02-24 11:05:56,517 - INFO -                [ '1' for Yes | '2' for No]:
1
2026-02-24 11:06:01,593 - INFO -        * SFI with global license configuration:
2026-02-24 11:06:01,594 - INFO -                From TrustedPackageCreator (License Gen tab in Security panel)
2026-02-24 11:06:01,594 - INFO -                Select SFIG in the "License Type" list
2026-02-24 11:06:01,595 - INFO -                Open encryption key file (\ROT_Provisioning\SM\Keys\SFI_Encryption_Key.bin)
2026-02-24 11:06:01,595 - INFO -                and nonce file (\ROT_Provisioning\SM\Keys\SFI_Encryption_Nonce.bin),
2026-02-24 11:06:01,595 - INFO -                then regenerate them (if/as needed) with same name.
2026-02-24 11:06:01,595 - INFO -                Select Output license file (\ROT_Provisioning\SM\Keys\SFI_Global_License.bin)
2026-02-24 11:06:01,596 - INFO -                then Generate License (if/as needed) with same name.

This operation should be done manually using the TPC.

Best regards

Jocelyn

Thatseasy · ‎2026-02-24

Thank you @Jocelyn RICARD.

The SFI_Global_License.bin was regenerated using the new SFI_Encryption_Key.bin and SFI_Encryption_Nonce.bin.

The log files from sfi-gen and sfi-flash are attached.

BTW, I tried RSSe_SFI_H56x_H573_v3.1.0.bin and RSSe_SFI_H56x_H573_v3.0.0.bin as well, they do not work either.

Jocelyn RICARD · ‎2026-02-25

Hello @Thatseasy;,

It seems you are using an old version of secure manager. Also, you seem to use CubeMX to generate non secure application using Secure Manager bootpath. This feature is no more supported in CubeMX.

I wrote a wiki page to still be able to use CubeMX to generate the non secure application here.

Maybe would be worth upgrading your environment to fit with latest versions ?

If not possible, I would try provisioning your target with default configuration to check if it still working.

Best regards

Jocelyn

Thatseasy · ‎2026-02-25

Thank you @Jocelyn RICARD for sharing the upgrade guide, it is very helpful! I followed it to manually upgrade my environment to SM 2.1.0 (from 1.2.0, did not run the new CubeMX). I think the only problem now is that the BOOT_USE is not changed to C3 after sfi-flash, no matter how the Option_Bytes sets it.

What might be still missing?

The new sfi-gen and sfi-flash log files are attached.

BTW: SRAM3_ECC is disabled because the new RSSe requires it.

Thanks!

Thatseasy · ‎2026-02-25

Thank you @Bisharat, I agree that enc_signed_RSSe_SFI_STM32H5_2M_v2.0.1.0.bin might be the problem, but I do not know how to re-generate it as it was from the ST RSSe package. How did you regenerate it after your delete enc_signed_RSSe_*.bin?

Jocelyn RICARD · ‎2026-02-26

Hello @Thatseasy

BOOT_UBE is not set to 0xC3 anymore with this version of secure manager.

Reason is that STiROT is not more used, it was replaced by SMiROT in user flash. You can check this in UM3254.

SRAM3_ECC check is necessary during the provisioning but can be changed in final option bytes settings.

Best regards

Jocelyn

Thatseasy · ‎2026-02-26

Thank you @Jocelyn RICARD, in my project, I only have one NS application, how to configure the SMuRoT to jump to the NS application located at 0x0805E000? Or Do I need to add a secure application to my project, who will be responsible to launch the NS application? Will that then become OEMuRoT? Sorry I might be confused by the terms.

Here is the option_bytes I am using, do you see any problems?
OPTSR_PRG,0x30F0C6F8
OPTSR2_PRG,0xB4000034
NSBOOTR_PRG,0x0805E0C3
SECBOOTR_PRG,0x0C0000B4
SECWM1R_PRG,0x00010000
SECWM2R_PRG,0x00010000
WRP1R_PRG,0xFFFFFFFF
WRP2R_PRG,0xFFFFFFFF
EDATA1R_PRG,0x00000000
EDATA2R_PRG,0x00000000
HDP1R_PRG,0x0000007F
HDP2R_PRG,0x0000007F

Jocelyn RICARD · ‎2026-02-27

Hello @Thatseasy

You don't have any flexibility in the non secure application location.

One you have setup C:\ST\X-CUBE-SEC-M-H5_V2.1.0\Projects\STM32H573I-DK\ROT_Provisioning\SM\Config\Profile_Large\SM_Config_General_Large.xml all mapping is fixed.

Your non secure application linker file will be updated by prebuild.

In your linker file you should have something like:

MEMORY
{
  RAM    (xrw)        : ORIGIN = 0x20000000, LENGTH = 256K - RAM_S_NS_IF_SIZE
  RAM_2  (xrw)        : ORIGIN = RAM_S_END + 1, LENGTH = 0x200A0000 - (RAM_S_END + 1)
  FLASH   (rx)        : ORIGIN = 0x08000000 + CODE_OFFSET + IMAGE_HEADER_SIZE,   LENGTH = (CODE_SIZE - IMAGE_HEADER_SIZE)
  FLASH_RESERVED (rx) : ORIGIN = 0x08000000 + RESERVED_AREA_OFFSET, LENGTH = RESERVED_AREA_SIZE
}

With Secure Manager solution you should only have to care about your non secure application.

Once you have launched provisioning.py --sfi-gen --sfi-flash -a :

Plaform first boots on SMiROT.

SMiROT checks authenticity of SMuROT and jump to this 2nd stage secure boot.

SMuROT checks mainly authenticity of : Secure Manager core that is the secure application and your non secure application.

By default you are in development mode. For secure manager it means product state is TZ-CLOSED.

In this state only non secure part of the flash are accessible to the debugger.

The option bytes you share show that secure manager is not installed.

Here is an option bytes setting you have on an installed secure manager:

OPTSR_PRG,0x2D30C6F8
OPTSR2_PRG,0x2D30C6F8
NSBOOTR_PRG,0x080000C3
SECBOOTR_PRG,0x00000000
SECWM1R_CUR,0x002E0000
SECWM2R_CUR,0x00730065
WRP1R_PRG,0xFFFFFFFF
WRP2R_PRG,0xE7FFFFFF
EDATA1R_PRG,0x00000000
EDATA2R_PRG,0x00000000
HDP1R_PRG,0x0000007F
HDP2R_CUR,0x006C006D

Best regards

Jocelyn

Thatseasy · ‎2026-02-27

Thank you @Jocelyn RICARD! It worked with your option bytes (except OPTSR2_PRG, I changed it back to 0xB4000034), just curious how those option bytes were generated? I tried to load it into TPC (v2-20-0) and got "Invalid CSV file" error.

Another thing I noticed, the product state was set to C6 (TZ-CLOSED) in the option bytes, but after provisioning, the device has "CLOSED" state, is it expected?

discovery: target ID.......................:0x484
discovery: SoC ID..........................:0x00000000_31303433_34345108_00410056
discovery: SDA version.....................:2.4.0
discovery: Vendor ID.......................:STMicroelectronics
discovery: PSA lifecycle...................:ST_LIFECYCLE_CLOSED
discovery: PSA auth version................:1.0
discovery: ST HDPL1 status.................:0x2717
discovery: ST HDPL2 status.................:0x400003bf
discovery: ST HDPL3 status.................:0xffffffff
discovery: Token Formats...................:0x200
discovery: Certificate Formats.............:0x201
discovery: cryptosystems...................:Ecdsa-P256 SHA256
discovery: ST provisioning integrity status:0xeaeaeaea
discovery: permission if authorized...........:(a/14) ==> Full Regression
discovery: permission if authorized...........:(b/12) ==> To TZ Regression
discovery: permission if authorized...........:(c/6) ==> Level 3 Intrusive Debug
discovery: permission if authorized...........:(d/5) ==> Level 2 Intrusive Debug
discovery: permission if authorized...........:(e/4) ==> Level 1 Intrusive Debug
discovery: permission if authorized...........:(f/2) ==> Level 3 Intrusive Non Secure Debug
discovery: permission if authorized...........:(g/1) ==> Level 2 Intrusive Non Secure Debug
discovery: permission if authorized...........:(h/0) ==> Level 1 Intrusive Non Secure Debug
To select multiple permission/actions:
Using numerical values: List the needed bit numbers, separated by commas without spaces.
Using symbolic letters: List the needed letters by concatenating them without separators.

Debug Authentication: Discovery Success
"discovery script success"