FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

P-Nucleo-WB55 project with SECBOOT_AES128_GCM_AES128_GCM_AES128_GCM crypto option

Go to solution
kaur
Associate III

‎2023-11-07 06:13 PM

Hi, 

I have been trying to use P-Nucleo-WB55 project from SBSFU 2.6.2 with SECBOOT_AES128_GCM_AES_128_GCM_AES128_GCM crypto option. I have disabled all security IPs for ease of debugging and have tried with  local loader and no loader configurations. I am using STM32 IDE and following all steps. Infact the SECBOOT_ECCDSA_WITHOUT_ENCRYPT_SHA256 crypto option works for me under same settings.

However, I am never able to use this crypto option to successfully decrypt and execute UserApp. 

Has anyone been able to use this crypto option with P-Nucleo-WB55 project.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Frantz LEFRERE
ST Employee

‎2023-11-07 11:43 PM

Hi,

have you provisioned AES key ?

This is describe in the readme.txt in SECorebin.

For example:
STM32CubeExpansion_SBSFU_V2.6.2\Projects\P-NUCLEO-WB55.Nucleo\Applications\2_Images\2_Images_SECoreBin\readme.txt 


"5. Provisioning AES key in index 0x1
- STM32_Programmer_CLI.exe -c port=usb1 -wusrkey OEM_KEY_COMPANY1_key_AES_CBC.bin keytype=1
- this step can be done only once. Index will be incremented at each command but our example requires key to be
located at index 0x1 (SBSFU_AES_KEY_IDX)."

 

 

View solution in original post

0 Kudos
3 REPLIES 3
Go to solution
Frantz LEFRERE
ST Employee

‎2023-11-07 11:43 PM

Hi,

have you provisioned AES key ?

This is describe in the readme.txt in SECorebin.

For example:
STM32CubeExpansion_SBSFU_V2.6.2\Projects\P-NUCLEO-WB55.Nucleo\Applications\2_Images\2_Images_SECoreBin\readme.txt 


"5. Provisioning AES key in index 0x1
- STM32_Programmer_CLI.exe -c port=usb1 -wusrkey OEM_KEY_COMPANY1_key_AES_CBC.bin keytype=1
- this step can be done only once. Index will be incremented at each command but our example requires key to be
located at index 0x1 (SBSFU_AES_KEY_IDX)."

 

 

0 Kudos
Go to solution
kaur
Associate III
In response to Frantz LEFRERE

‎2023-11-08 08:58 AM

Hi Frantz,

No, I didn't provision the AES key since my understanding is that we don't need to provision key for SECBOOT_AES128_GCM_AES_128_GCM_AES128_GCM crypto. I was under the impression that only AES-CBC requires key provisioning.

I am slightly confused if it is necessary to provision AES key for AES-GCM option since I was able to use the same configuration for L476RG project without provisioning AES key.

0 Kudos
Go to solution
kaur
Associate III

‎2023-11-17 11:43 AM

Update: It turned out that the issue was in provisioning key. I needed to provision key for AES-GCM too.

After provisioning key, I was able to use SBSFU as intended. It is interesting to see that my STM32 programmer or CLI do not return index of the key after writing AES key(as expected from the instructions in readme).

0 Kudos
Top