Hello ST team,
We are working with the STM32WL5MOC6HTR module for a LoRaWAN end-device design.
We understand that the STM32WL5MOC6HS variant includes an STSAFE-A110 secure element, but our custom module (MOC6HTR) does not include STSAFE.
Our question is about securely storing LoRaWAN keys such as:
AppKey
NwkSKey
AppSKey
We are exploring options like:
Using the LoRaWAN Crypto middleware (Middlewares/Third_Party/LoRaWAN/Crypto) with the internal AES peripheral,
Leveraging SBSFU (Secure Boot and Secure Firmware Update) for Flash protection (RDP/PCROP),
Or possibly using KMS-MW (Key Management Services Middleware).
Could you please confirm:
What is the recommended approach for securely storing LoRaWAN keys in the STM32WL5MOC6HTR, where STSAFE is not present?
Can KMS-MW or SBSFU be used on this device to provide a secure key storage area or API abstraction similar to a secure element?
Are there reference examples or application notes for integrating LoRaWAN key storage with SBSFU or KMS on STM32WL?
Our goal is to ensure that keys are not stored in plaintext and cannot be read even if Flash is accessed externally.
Thank you for your support!
Hardware: STM32WL5MOC6HTR
Tools: STM32CubeIDE
Use case: LoRaWAN end-device without STSAFE
