Hi everyone,
We're working with STiROT and TrustZone on an STM32H5 (NUCLEO-H533RE), and during the provisioning process we generate the STiRoT_Config.obk file from the STiRoT_Config.xml using the Trusted Package Creator (TPC).
Our question is whether the .obk file itself is encrypted or signed during generation, and if so, which keys are used for that purpose?
We're trying to determine if we need to protect any additional private keys used during .obk creation, beyond those already defined for firmware encryption and authentication.
Any insight on whether the .obk file is cryptographically protected (encrypted or signed), or if it's simply a binary container holding the public and private keys for secure boot, would be greatly appreciated.
Thanks in advance!
