secure boot - RSA4096 - stm32u5

paulgoulpie · ‎2025-03-10

Good morning,

I am Paul Goulpié, technical expert at Smile ECS - integrator of open source embedded solutions.

I am contacting you because I have some questions related to the secure boot solution (mcuboot).
I am using the following evaluation board: B-U585I-IOT02A.
I am using the following reference project: https://github.com/STMicroelectronics/STM32CubeU5/tree/main/Projects/B-U585I-IOT02A/Applications/SBSFU

Currently I see that the key format used to create the signature is RSA2048. I would have liked to use an RSA4096 key.
Can you tell me if there is a hardware restriction that would prevent it from being used. I am well aware that software modifications at different levels are necessary, however I would have liked to know in advance if a blockage on the hard side (bootRomCode or other) prevents this implementation from being carried out.
Are you aware of the completion of this integration (on an internal or external project).
On a similar project I have the signing step which is outsourced (via a PKI, which supports the signing of a binary). Do you have a description of a workflow that implements this outsourced signature step?

Thanking you in advance for your responses.

Kind regards,

Paul Goulpie

Jocelyn RICARD · ‎2025-03-10

Hello @paulgoulpie ,

there is no hardware restriction to use RSA 4K.

Only issue is to adapt the mcuboot to this specific key size. It already supports RSA 3072 (through configuration in SBSFU_Boot\Inc\mcuboot_config\mcuboot_config.h)

The outsourcing of signature step will require the modification of imgtool script provided by mcuboot.

In latest version of STM32CubeU5 the signature is done through TrustedPackageCreator.

You can still check the imgtool command used in <UserHomeDir>\STMicroelectronics\STM32CubeProgrammer\imgtool-command.log

Imgtool is available in mcuboot git repo

Best regards

Jocelyn

paulgoulpie · ‎2025-03-11

Hello @Jocelyn RICARD

Thank you very much for this feedback and for removing uncertainty regarding hardware blockages.

I just took a look at the code and indeed the RSA 4096 integration is accessible.

I could make a merge request with the changes if you're interested.

However, you also need to modify the imgtool utility.

I have access to the sources from the original project:

https://github.com/mcu-tools/mcuboot/blob/main/scripts/imgtool.py

On the other hand, I cannot locate the sources of the ST version of imgtool that you modified: can you tell me the access point to these sources?

I only have access to the binary, the version of which is:

~/STMicroelectronics/STM32Cube/STM32CubeProgrammer/bin/Utilities/Linux/imgtool version
1.7.2

I also do not have the STMicroelectronics\STM32CubeProgrammer\imgtool-command.log log file that you reference in your previous message, is this a version problem, or the need to pass an option?

Thanking you,

Kind regards,

Paul Goulpie

paulgoulpie · ‎2025-03-17

Good morning,

Sorry, I'm restarting the conversation.

Is it possible to obtain the sources of imgtool version ST, in order to be able to integrate the management of RSA4096.

Thanking you,

Sincerely,

Paul Goulpie

Jocelyn RICARD · ‎2025-03-19

Hello @paulgoulpie ,

You can use the imgtool provided in mcuboot github with same version.

There is no specific addition made by ST here.

Best regards

Jocelyn

paulgoulpie · ‎2025-03-19

Hello @Jocelyn RICARD

Thank you for your feedback.

However I cannot interchange the imgtool version of github and the imgtool version of ST (provided by /STMicroelectronics/STM32Cube/STM32CubeProgrammer/bin//Utilities/Linux/imgtool)

I will detail the tests carried out for you

Getting imgtool from github and version testing:

git clone https://github.com/mcu-tools/mcuboot.git
cd mcuboot
git checkout v1.7.2
./scripts/imgtool.py version
1.7.2

Modification of the env.sh file for referencing the imgtool version of github:

imgtool="/home/${USER}/Dev/mcuboot/scripts/imgtool.py"

Test launching the postbuild.sh script (from the SBSFU_Appli/STM32CubeIDE/NonSecure/Release folder)

"../../postbuild.sh" "." "1.0.0+0" "nonsecure"
/home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/NonSecure/Release
assemble image
Usage: imgtool.py [OPTIONS] COMMAND [ARGS]...
Try 'imgtool.py -h' for help.

Error: No such command 'ass'.
postbuild.sh failed

It seems that the ass option is not integrated in the imgtool version of github:

/home/${USER}/Dev/mcuboot/scripts/imgtool.py -h
Usage: imgtool.py [OPTIONS] COMMAND [ARGS]...

Options:
-h, --help Show this message and exit.

Commands:
create Create a signed or unsigned image
getpriv Dump private key from keypair
getpub Dump public key from keypair
keygen Generate pub/private keypair
sign Create a signed or unsigned image
verify Check that signed image can be verified by given key
version Print imgtool version information

On the other hand, the imgtool version of ST seems to integrate it:

/home/${USER}/STMicroelectronics/STM32Cube/STM32CubeProgrammer/bin//Utilities/Linux/imgtool -h
Usage: imgtool [OPTIONS] COMMAND [ARGS]...

Options:
-h, --help Show this message and exit.

Commands:
ass Assemble and padd 1 or 2 binaries
clean clean an ST file
create Create a signed or unsigned image
flash modify bash /batch variable value with layout file content
getpriv Dump private key from keypair
getprivbin Dump private key from keypair, in binary format
getpub Dump public key from keypair
getpubbin Dump public key in binary format
keygen Generate pub/private keypair
resign resign a licence image file
sign Create a signed or unsigned image
version Print imgtool version information

Similar test by restoring the use of the imgtool version of ST.
Modification of the env.sh file for referencing the imgtool version of ST:

imgtool="/home/${USER}/STMicroelectronics/STM32Cube/STM32CubeProgrammer/bin//Utilities/Linux/imgtool"

Test launching the postbuild.sh script (from the SBSFU_Appli/STM32CubeIDE/NonSecure/Release folder

"../../postbuild.sh" "." "1.0.0+0" "nonsecure"
/home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/NonSecure/Release
assemble image
signing
encrypting

However, I can try to use the ST version for the assemble image step and use the github version for the signing step.
In this case, I also note a discrepancy.
If below the commands generated by postbuild.sh used for the signing step:

/home/${USER}/STMicroelectronics/STM32Cube/STM32CubeProgrammer/bin//Utilities/Linux/imgtool sign -k /home/${USER}/Dev/sbsfu/SBSFU_Boot/Src/root-rsa-2048.pem -S 1335296 -e little -H 0x400 --pad-header -s auto --align 16 --primary-only --overwrite-only -v 1.0.0+0 --confirm --pad /home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/../Binary/sbsfu_app.bin /home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/../Binary/sbsfu_app_init.bin
/home/${USER}/STMicroelectronics/STM32Cube/STM32CubeProgrammer/bin//Utilities/Linux/imgtool sign -k /home/${USER}/Dev/sbsfu/SBSFU_Boot/Src/root-rsa-2048.pem -S 1335296 -e little -H 0x400 --pad-header -s auto --align 16 --primary-only --overwrite-only -v 1.0.0+0 /home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/../Binary/sbsfu_app.bin /home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/../Binary/sbsfu_app_sign.bin
/home/${USER}/STMicroelectronics/STM32Cube/STM32CubeProgrammer/bin//Utilities/Linux/imgtool sign -k /home/${USER}/Dev/sbsfu/SBSFU_Boot/Src/root-rsa-2048.pem -E /home/${USER}/Dev/sbsfu/SBSFU_Boot/Src/enc-rsa2048-pub.pem -S 1335296 -e little -H 0x400 --pad-header -s auto --align 16 --primary-only --overwrite-only -v 1.0.0+0 /home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/../Binary/sbsfu_app.bin /home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/../Binary/sbsfu_app_enc_sign.bin

These run without problems.

If I try to run with the github version, here are the results:

/home/${USER}/Dev/mcuboot/scripts/imgtool.py sign -k /home/${USER}/Dev/sbsfu/SBSFU_Boot/Src/root-rsa-2048.pem -S 1335296 -e little -H 0x400 --pad-header -s auto --align 16 --primary-only --overwrite-only -v 1.0.0+0 --confirm --pad /home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/../Binary/sbsfu_app.bin /home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/../Binary/sbsfu_app_init.bin
Usage: imgtool.py sign [OPTIONS] INFILE OUTFILE
Try 'imgtool.py sign -h' for help.

Error: No such option: --primary-only Did you mean --overwrite-only?

/home/${USER}/Dev/mcuboot/scripts/imgtool.py sign -k /home/${USER}/Dev/sbsfu/SBSFU_Boot/Src/root-rsa-2048.pem -S 1335296 -e little -H 0x400 --pad-header -s auto --align 16 --primary-only --overwrite-only -v 1.0.0+0 /home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/../Binary/sbsfu_app.bin /home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/../Binary/sbsfu_app_sign.bin
Usage: imgtool.py sign [OPTIONS] INFILE OUTFILE
Try 'imgtool.py sign -h' for help.

Error: No such option: --primary-only Did you mean --overwrite-only?

/home/${USER}/Dev/mcuboot/scripts/imgtool.py sign -k /home/${USER}/Dev/sbsfu/SBSFU_Boot/Src/root-rsa-2048.pem -E /home/${USER}/Dev/sbsfu/SBSFU_Boot/Src/enc-rsa2048-pub.pem -S 1335296 -e little -H 0x400 --pad-header -s auto --align 16 --primary-only --overwrite-only -v 1.0.0+0 /home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/../Binary/sbsfu_app.bin /home/${USER}/Dev/sbsfu/SBSFU_Appli/STM32CubeIDE/../Binary/sbsfu_app_enc_sign.bin
Usage: imgtool.py sign [OPTIONS] INFILE OUTFILE
Try 'imgtool.py sign -h' for help.

Error: No such option: --primary-only Did you mean --overwrite-only?

For additional information, here is a comparison of the options available for the sign stage.
Version github:

/home/${USER}/Dev/mcuboot/scripts/imgtool.py sign -h
Usage: imgtool.py sign [OPTIONS] INFILE OUTFILE

Create a signed or unsigned image

INFILE and OUTFILE are parsed as Intel HEX if the params have .hex
extension, otherwise binary format is used

Options:
-k, --key filename
--public-key-format [hash|full]
In what format to add the public key to the
image manifest: full key or hash of the key.
--align [1|2|4|8] [required]
-v, --version TEXT [required]
-s, --security-counter TEXT Specify the value of security counter. Use
the `auto` keyword to automatically generate
it from the image version.
-d, --dependencies TEXT Add dependence on another image, format:
"(<image_ID>,<image_version>), ... "
--pad-sig Add 0-2 bytes of padding to ECDSA signature
(for mcuboot <1.5)
-H, --header-size INTEGER [required]
--pad-header Add --header-size zeroed bytes at the
beginning of the image
-S, --slot-size INTEGER Size of the slot. If the slots have
different sizes, use the size of the
secondary slot. [required]
--pad Pad image to --slot-size bytes, adding
trailer magic
--confirm When padding the image, mark it as confirmed
(implies --pad)
-M, --max-sectors INTEGER When padding allow for this amount of
sectors (defaults to 128)
--boot-record sw_type Create CBOR encoded boot record TLV. The
sw_type represents the role of the software
component (e.g. CoFM for coprocessor
firmware). [max. 12 characters]
--overwrite-only Use overwrite-only instead of swap upgrades
-e, --endian [little|big] Select little or big endian
-E, --encrypt filename Encrypt image using the provided public key.
(Not supported in direct-xip or ram-load
mode.)
--save-enctlv When upgrading, save encrypted key TLVs
instead of plain keys. Enable when
BOOT_SWAP_SAVE_ENCTLV config option was set.
-F, --rom-fixed INTEGER Set flash address the image is built for.
-L, --load-addr INTEGER Load address for image when it should run
from RAM.
-x, --hex-addr INTEGER Adjust address in hex output file.
-R, --erased-val [0|0xff] The value that is read back from erased
flash.
--custom-tlv [tag] [value] Custom TLV that will be placed into
protected area. Add "0x" prefix if the value
should be interpreted as an integer,
otherwise it will be interpreted as a
string. Specify the option multiple times to
add multiple TLVs.
-h, --help Show this message and exit

Version ST:

/home/${USER}/STMicroelectronics/STM32Cube/STM32CubeProgrammer/bin//Utilities/Linux/imgtool sign -h
Usage: imgtool sign [OPTIONS] INFILE OUTFILE

Create a signed or unsigned image

INFILE and OUTFILE are parsed as Intel HEX if the params have .hex
extension, otherwise binary format is used

Options:
-ma, --magic-val INTEGER fix magic value in hex output file.
-u, --urot TEXT
-p, --profile [1|2|3|4|5|6|7] Fix Secure Manager Profile : 1 (small) | 2
(medium) | 4 (large)
-C, --core TEXT
-l, --licence [0|1] Fix Licence : 0 (global licence) 1(chip
licence)
-c, --clear Output is not Encrypted, So that it can be
written in primary slot
-k, --key filename optional key for signature if key not
present TLV signature is not present.
--public-key-format [hash|full]
In what format to add the public key to the
image manifest: full key or hash of the key.
--align [1|2|4|8|16] [required]
-v, --version TEXT [required]
-s, --security-counter TEXT Specify the value of security counter. Use
the `auto` keyword to automatically generate
it from the image version.
-d, --dependencies TEXT Add dependence on another image, format:
"(<image_ID>,<image_version>), ... "
--no-pad-tlv disable tlv padding (in case of magic in
0x73ab1024)
--pad-sig create uncompress ECDSA signature (for
mcuboot <1.5 and for STuRoT and
SecureManager Image)
-P, --primary-only when encrypted image hash and signature are
computed with header without encrypted flag
-o, --otfdec INTEGER
-H, --header-size INTEGER [required]
--pad-header Add --header-size zeroed bytes at the
beginning of the image
-S, --slot-size INTEGER Size of the slot. If the slots have
different sizes, use the size of the
secondary slot. [required]
--pad Pad image to --slot-size bytes, adding
trailer magic
--confirm When padding the image, mark it as confirmed
(implies --pad)
-M, --max-sectors INTEGER When padding allow for this amount of
sectors (defaults to 128)
--boot-record sw_type Create CBOR encoded boot record TLV. The
sw_type represents the role of the software
component (e.g. CoFM for coprocessor
firmware). [max. 12 characters]
--overwrite-only Use overwrite-only instead of swap upgrades
-e, --endian [little|big] Select little or big endian
-E, --encrypt filename Encrypt image using the provided public key.
(Not supported in direct-xip or ram-load
mode.)
--save-enctlv When upgrading, save encrypted key TLVs
instead of plain keys. Enable when
BOOT_SWAP_SAVE_ENCTLV config option was set.
-F, --rom-fixed INTEGER Set flash address the image is built for.
-L, --load-addr INTEGER Load address for image when it should run
from RAM.
-x, --hex-addr INTEGER Adjust address in hex output file.
-R, --erased-val [0|0xff] The value that is read back from erased
flash.
--custom-tlv [tag] [value] Custom TLV that will be placed into
protected area. Add "0x" prefix if the value
should be interpreted as an integer,
otherwise it will be interpreted as a
string. Specify the option multiple times to
add multiple TLVs.
-h, --help Show this message and exit.

diff:

diff -u --color /tmp/git /tmp/st
--- /tmp/git 2025-03-19 12:44:09.504940283 +0100
+++ /tmp/st 2025-03-19 12:44:44.201041295 +0100
@@ -1,4 +1,4 @@
-Usage: imgtool.py sign [OPTIONS] INFILE OUTFILE
+Usage: imgtool sign [OPTIONS] INFILE OUTFILE

Create a signed or unsigned image

@@ -6,19 +6,35 @@
extension, otherwise binary format is used

Options:
- -k, --key filename
+ -ma, --magic-val INTEGER fix magic value in hex output file.
+ -u, --urot TEXT
+ -p, --profile [1|2|3|4|5|6|7] Fix Secure Manager Profile : 1 (small) | 2
+ (medium) | 4 (large)
+ -C, --core TEXT
+ -l, --licence [0|1] Fix Licence : 0 (global licence) 1(chip
+ licence)
+ -c, --clear Output is not Encrypted, So that it can be
+ written in primary slot
+ -k, --key filename optional key for signature if key not
+ present TLV signature is not present.
--public-key-format [hash|full]
In what format to add the public key to the
image manifest: full key or hash of the key.
- --align [1|2|4|8] [required]
+ --align [1|2|4|8|16] [required]
-v, --version TEXT [required]
-s, --security-counter TEXT Specify the value of security counter. Use
the `auto` keyword to automatically generate
it from the image version.
-d, --dependencies TEXT Add dependence on another image, format:
"(<image_ID>,<image_version>), ... "
- --pad-sig Add 0-2 bytes of padding to ECDSA signature
- (for mcuboot <1.5)
+ --no-pad-tlv disable tlv padding (in case of magic in
+ 0x73ab1024)
+ --pad-sig create uncompress ECDSA signature (for
+ mcuboot <1.5 and for STuRoT and
+ SecureManager Image)
+ -P, --primary-only when encrypted image hash and signature are
+ computed with header without encrypted flag
+ -o, --otfdec INTEGER
-H, --header-size INTEGER [required]
--pad-header Add --header-size zeroed bytes at the
beginning of the image

All of these tests lead me to the conclusion that there are differences between the ST version and the github version.
Can you confirm these things for me and tell me how to proceed?

Thanking you,

Kind regards,

Paul Goulpié

Jocelyn RICARD · ‎2025-03-19

Hello @paulgoulpie ,

I'm sorry I didn't check first.

In fact the imgtool was provided in previous releases of STM32CubeU5.

You can download version 1.5.0 and python scripts are there in Middelwares\Third_Party\mcuboot\scripts

I don't know why this was actually removed.

Best regards

Jocelyn

paulgoulpie · ‎2025-03-29

Hello @Jocelyn RICARD

Thank you for all the helpful information you provided.
For your information, I've made a PR:
https://github.com/STMicroelectronics/STM32CubeU5/pull/60
Integrating changes for RSA4096 support.
Have a nice day.

Paul

Jocelyn RICARD · ‎2025-04-03

Hello @paulgoulpie ,

Thank you for the PR !

Best regards

Jocelyn