cancel
Showing results for 
Search instead for 
Did you mean: 

Regenerating OEMiRoT_Data.obk

jens-vdb
Associate II

Hi,

While using the STM32Cube_FW_H5_V1.1.1 repository to explore secure boot on the STM32H5, I saw that the configuration file to generate OEMiRoT_Data.obk is missing. As I want to use my own keys and certificates for the OEMiRoT example application, I think I should regenerate the OEMiRoT_Data.obk file, but I can't find how to do this.

Am i missing something, or is the OEMiRoT_Data.xml file missing from the repository?

Best,

Jens

1 ACCEPTED SOLUTION

Accepted Solutions

Hi @jens-vdb 

in fact we do not provide an xml to generate this OEMiRoT_Data.obk.
As this one is only initialize data region used by OEM-iRot to 0, you don't need to tune it.

Basically the obk syntax is 
Address / Size /  Flag / SHA256 ( content)  / Content
If you dump the content you will find the sha256 : 
0x B3 93 97 88 42 A0 FA 3D 3E 14 70 19 6F 09 8F 47 3F 96 78 E7 24 63 CB 65 EC 4A B5 58 18 56 C2 E4

Data Content 
0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

So you can use it as it's.

Best regards,

Frantz 

View solution in original post

4 REPLIES 4
Imen.D
ST Employee

Hello @jens-vdb ,

I advise you follow this wiki page How to start with OEMiRoT on STM32H573 and 563–Arm® TrustZone® enabled - stm32mcu to generate a customized configuration file.

When your question is answered, please close this topic by clicking "Accept as Solution".
Thanks
Imen

Hi @Imen.D ,

On that page I have found instructions to generate the OEMiRoT_Config.obk file (and generate a OEMiRoT_Config.xml) file using the Trusted Package Creator, but that page does not mention anything about the OEMiRoT_Data.obk file and how to generate that.

In the repository both the OEMiRoT_Config.obk and OEMiRoT_Config.xml files are present, but only OEMiRoT_Data.obk and *not* OEMiRoT_Data.xml. It is that last xml file that I don't know what to put in there.

Hi @jens-vdb 

in fact we do not provide an xml to generate this OEMiRoT_Data.obk.
As this one is only initialize data region used by OEM-iRot to 0, you don't need to tune it.

Basically the obk syntax is 
Address / Size /  Flag / SHA256 ( content)  / Content
If you dump the content you will find the sha256 : 
0x B3 93 97 88 42 A0 FA 3D 3E 14 70 19 6F 09 8F 47 3F 96 78 E7 24 63 CB 65 EC 4A B5 58 18 56 C2 E4

Data Content 
0x00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000

So you can use it as it's.

Best regards,

Frantz 

Thanks, that explains a lot!