SFU with 256-bit AES key

aerosysdev · ‎2025-03-18

Hello,

I am having some trouble understanding what bootloader (if any) is installed by ST from the factory for the STM32U5x and what AES key sizes that bootloader supports for secure firmware update. UM2851 only lists AES-CTR-128 (I interpret 128 to be the key size) but mcuboot docs lists support for 256-bit keys.

Ultimately, I need to be able to encrypt my software using a 256-bit AES key. Is this possible with STM32U5A5 and the ST provided tooling? If so, is there documentation describing how to achieve this configuration?

Thank you

Jocelyn RICARD · ‎2025-03-25

Hello @aerosysdev ,

There is no secure boot pre-installed in factory on STM32U5.

You need to implement your secure boot in the user flash.

You can use SBSFU example here based on mcuboot.

This implementation is provided as example. You can adapt it to your needs

It can be adapted easily to STM32U5A5 because mapping file support it.

Regarding AES 256, this seems to be supported by mcuboot from documentation but actual size is hardcoded as 16 bytes. This may be changed easily in the code but never tried.

Best regards

Jocelyn

View solution in original post

aerosysdev · ‎2025-03-20

Any thoughts or references? Thanks!

Jocelyn RICARD · ‎2025-03-25