FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SBSFU - Updating ECC public key in runtime

LucaZa
Associate

‎2025-06-02 7:42 AM

Hello,

I would like to replace ECC public key in SE_Key_region_ROM region from my application in runtime. My device has no protection enabled (RDP, PCROP, WRP). I am able to read and write in the region via CubeProgrammer.

I dumped the 256 bytes of SE_Key_region_ROM but I am unable to identify the public key associated to the ECC private key ECCKEY1.txt. How can I retrieve and identify the public key based on the default private key provided by STM (SE_Key_region_ROM region starts at address 0x08000400) ?


This is my use case :
I have a device is running with default SBSFU configuration (ECCKEY1.txt and OEM_KEY_COMPANY1_key_AES_CBC.bin used to sign and encrypt the firmware). My device supports firmware update OTA by cellular.

I would like to test this procedure :
- Sign a firmware with a new ECC private key and update the device with this firmware.
- After download and before rebooting, the first firmware would copy the ECC public key to SE_Key_region_ROM
- After reboot, the bootloader will check the signature of new firmware with new ECC public key.

Thanks for the support.

Best Regards,

Luca

Labels:
Preview file
1 KB
0 Kudos
2 REPLIES 2
ahsrabrifat
Senior II

‎2025-06-02 8:08 AM

STM provides ECCKEY1.txt (a private key) typically in PEM format. You can extract the public key with openssl:

openssl ec -in ECCKEY1.txt -pubout -outform DER -out ECC_pubkey.der

This gives you a DER-encoded public key.

Now, extract the raw X and Y coordinates (each 32 bytes for secp256r1):

openssl ec -in ECCKEY1.txt -pubout -text -noout

Look for this part in the output:

pub:
    04:xx:xx:...:yy:yy

  • The first byte (04) indicates uncompressed form.

  • The next 32 bytes are X.

  • The final 32 bytes are Y.

You can convert this into a 64-byte array:
Public Key = [X || Y]

0 Kudos
LucaZa
Associate
In response to ahsrabrifat

‎2025-06-02 9:01 AM

Hi Ahsrabrifat,

I extracted the public key following your procedure (see attached file). Unfortunately, I don't find it in Flash in address range [0x08000400 ; 0x08000500].

- Is the region SE_Key_region_ROM encrypted by default ?

- Is the ECC public key always stored at the same place in SE_Key_region_ROM (at least in the default mapping) ? 

Thanks,

Luca 

Preview file
2 KB
0 Kudos
Top