FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Secure key storage using SAES engine

Kishore2
Associate

‎2024-02-23 12:59 AM

Hi, with MCU STM32U585QII6QTR we encrypted an AES key using SAES engine and stored it in Internal Flash in RDP Level 0 and then moved to RDP Level 1. When we decrypt the key that was encrypted in RDP Level 0 using SAES engine, we didn't get our original key. We kindly request you to support us in solving this issue.

Labels:
0 Kudos
1 REPLY 1
Jocelyn RICARD
ST Employee

‎2024-02-23 05:13 AM

Hello @Kishore2,

If you used the SAES this means you used it selecting the DHUK.

If this is the case, the explanation of your issue is in the reference manual chapter 3.8.1 Hardware secret key management:

Note: DHUK is the same for all devices when RDP = 0 (debug/development mode).

This means that as long as the device is open, you can use the SAES with DHUK but with fixed value.

To be able to use the real unique key provided by the system, you need to set at least RDP level to 0.5 

Best regards

Jocelyn

Top