FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Implement Key replacement package for Image signing Key ECCKEY1

Go to solution
Grogu
Associate III

‎2023-01-05 04:37 PM

The SBSFU framework allows users to employ multiple image signing keys, ECCKEY1, ECCKEY2, and ECCKEY3.

Is there a method to blacklist ECCKEY1 and replace it with ECCKEY4, which may be transmitted via a key replacement update package if the private key for ECCKEY1 is leaked/compromised?

Keys are compiled into code and stored in the SE Key region ROM, which is secured by MPU-RX + WRP + PCROP.

Please advise what options I have to replace the key which is compromised?

Assuming bootloader enhanced to differentiate between .sfb and key replacement package.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Jocelyn RICARD
ST Employee

‎2023-01-06 09:25 AM

Hello @Community member​ 

There is no mechanism to implement such behaviour.

Robustness of SBSFU is relying on the immutability of the code and public key.

So, I have no solution to propose here.

Best regards

Jocelyn

View solution in original post

0 Kudos
2 REPLIES 2
Go to solution
Jocelyn RICARD
ST Employee

‎2023-01-06 09:25 AM

Hello @Community member​ 

There is no mechanism to implement such behaviour.

Robustness of SBSFU is relying on the immutability of the code and public key.

So, I have no solution to propose here.

Best regards

Jocelyn

0 Kudos
Go to solution
Grogu
Associate III
In response to Jocelyn RICARD

‎2023-01-08 07:44 PM

Thanks @Jocelyn RICARD​ 

0 Kudos
Top