2024-02-29 11:21 AM
Hi,
While using the STM32Cube_FW_H5_V1.1.1 repository to explore secure boot on the STM32H5, I saw that the configuration file to generate OEMiRoT_Data.obk is missing. As I want to use my own keys and certificates for the OEMiRoT example application, I think I should regenerate the OEMiRoT_Data.obk file, but I can't find how to do this.
Am i missing something, or is the OEMiRoT_Data.xml file missing from the repository?
Best,
Jens
Solved! Go to Solution.
2024-02-29 11:17 PM - edited 2024-02-29 11:18 PM
Hi @jens-vdb
in fact we do not provide an xml to generate this OEMiRoT_Data.obk.
As this one is only initialize data region used by OEM-iRot to 0, you don't need to tune it.
Basically the obk syntax is
Address / Size / Flag / SHA256 ( content) / Content
If you dump the content you will find the sha256 :
0x B3 93 97 88 42 A0 FA 3D 3E 14 70 19 6F 09 8F 47 3F 96 78 E7 24 63 CB 65 EC 4A B5 58 18 56 C2 E4
Data Content
0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
So you can use it as it's.
Best regards,
Frantz
2024-02-29 12:02 PM
Hello @jens-vdb ,
I advise you follow this wiki page How to start with OEMiRoT on STM32H573 and 563–Arm® TrustZone® enabled - stm32mcu to generate a customized configuration file.
2024-02-29 01:18 PM - edited 2024-02-29 01:44 PM
Hi @Imen.D ,
On that page I have found instructions to generate the OEMiRoT_Config.obk file (and generate a OEMiRoT_Config.xml) file using the Trusted Package Creator, but that page does not mention anything about the OEMiRoT_Data.obk file and how to generate that.
In the repository both the OEMiRoT_Config.obk and OEMiRoT_Config.xml files are present, but only OEMiRoT_Data.obk and *not* OEMiRoT_Data.xml. It is that last xml file that I don't know what to put in there.
2024-02-29 11:17 PM - edited 2024-02-29 11:18 PM
Hi @jens-vdb
in fact we do not provide an xml to generate this OEMiRoT_Data.obk.
As this one is only initialize data region used by OEM-iRot to 0, you don't need to tune it.
Basically the obk syntax is
Address / Size / Flag / SHA256 ( content) / Content
If you dump the content you will find the sha256 :
0x B3 93 97 88 42 A0 FA 3D 3E 14 70 19 6F 09 8F 47 3F 96 78 E7 24 63 CB 65 EC 4A B5 58 18 56 C2 E4
Data Content
0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
So you can use it as it's.
Best regards,
Frantz
2024-03-08 04:40 AM
Thanks, that explains a lot!