2024-10-10 05:39 AM
Hi,
is there a possibility to do the complete chain to product state "closed" by non secure user code ?
I have a custom bootloader which usually did a set of the old RDP Level.
Now, with a STM32H57 device we have to use the new product state.
I'm able to set the state to provisioning. But when i use
2024-10-10 08:44 AM
Hello @martinhaefner9 ,
yes it is possible to perform provisioning through firmware.
On STM32H573, you need to make sure your device is closed to do the provisioning of the DA keys.
Reason is that DA configuration has to be encrypted using the DHUK, and this key is not available in open state.
To perform the provisioning you can use the helper function provided in STM32Cube_FW_H5_V1.3.0\Projects\STM32H573I-DK\Applications\ROT\OEMiROT_Boot\Src\low_level_obkeys.c
OBK_Flash_WriteEncrypted.
The sequence should be
1) First start of firmware: Detect it is still in open state : Change product state to PROVISIONING and immediately to CLOSED and launch system reset to have this new product state taken into account
2) Second start of firmware: Detect product state is CLOSED. Check DA provisioning in OBKey: not present. You need to have the obk file somewhat hardcoded in your firmware to be able to provide the input buffer to the obk write function. Once obk written, you are done with the DA provisioning
The best would be to provide you an example but I don't have it right now and not much time available.
I'll try to provide something by next week
Best regards
Jocelyn