cancel
Showing results for 
Search instead for 
Did you mean: 

SHCI_C2_FUS_LoadUsrKey doesn't load AES1 key registers

oga
Associate III

Hi all

I'm working on a STM32WB55 nucleo board

I'm designing a simple Signing procedure

At beginning I've try that every thing ok by using a hard codded key and now I want to switch on a key kept secure in FUS zone

I've load 2 256 bits AES keys into FUS user Key secure zone first time with a custom app that will be loaded in prod to set all default keys

second time I've try by cube programmer

I've based my procedure on CKS example

- call HAL_CRYP_DeInit() to clear all AES regs and context

- setup handle.init structure : I'm initializing for a 32 bytes buffer input and AES CBC mode

- call HAL_CRYP_Init() and keeping AES key to NULL (to avoid HAL_CRYP_Encrypt() call overwrite AES KEY registers

- call SHCI_C2_FUS_LoadUsrKey() with the good key index

- call HAL_CRYP_Encrypt() 

- finaly unload the key etc ... 

if I use 1 or 2 as index SHCI_C2_FUS_LoadUsrKey() is responding SHCI_Success

if I use another index not previously set with a key it's answering SHCI_FUS_CMD_NOT_SUPPORTED

it makes me feel that keys have been correctly wrote to FUS secure zone and when I ask wireless stack to bring me back the keys it's understanding what I'm willing

unfortunately after SHCI_C2_FUS_LoadUsrKey() call noting is wrote into AES KEYR*

I've surely missed something but can't figure what

here you can find my piece of code

 

 

// get the SHA_256 hash of FW binary image
	SIG_HASH_INIT(&hasher);
	SIG_HASH_UPDATE(&hasher,BOOTLOADER_START_APP_ADDRESS,Bootloader_shared_infos_RAM.fwByteSize);
	SIG_HASH_DIGEST(&hasher,Bootloader_shared_infos_RAM.Computed_key);
//	uint32_t key[]={0x00000000,0x00000000,0x00000000,0x00000000,
//					0x00000000,0x00000000,0x00000000,0x00000000};
	uint32_t iv[] ={Bootloader_shared_infos_RAM.Descriptor,Bootloader_shared_infos_RAM.Descriptor,Bootloader_shared_infos_RAM.Descriptor,Bootloader_shared_infos_RAM.Descriptor};
	hcryp1.Instance = AES1;
	if (HAL_CRYP_DeInit(&hcryp1) != HAL_OK)
		return RETURN_ERROR;
	hcryp1.Init.DataType      = CRYP_DATATYPE_8B;
	hcryp1.Init.DataWidthUnit = CRYP_DATAWIDTHUNIT_BYTE;
	hcryp1.Init.KeySize       = CRYP_KEYSIZE_256B;
	hcryp1.Init.Algorithm     = CRYP_AES_CBC;
	//hcryp1.Init.pKey          = key; /* Key will be provided by CKS service */
hcryp1.Init.pKey=NULL; // should be published at next step by FUS himself
	hcryp1.Init.HeaderWidthUnit = CRYP_HEADERWIDTHUNIT_WORD;
	hcryp1.Init.KeyIVConfigSkip = CRYP_KEYIVCONFIG_ALWAYS;
	hcryp1.Init.pInitVect     = iv;
	if (HAL_CRYP_Init(&hcryp1) != HAL_OK)
		return RETURN_ERROR;
	printf("load Bootloader Key :");
	SHCI_CmdStatus_t res=SHCI_C2_FUS_LoadUsrKey(1); // should write key #1 into AES_KEY_R*
	print_SHCI_CmdStatus_t(res);// with index 1/2 i get SHCI_Success return with anything else I get Unknown Cmd answer (looks ok as only first and 2nd key are wrotes
/// when looking in AES_KEYR* reg at this step they are still at 0
	uint8_t cyphered[BOOTLOADER_APP_SIGNATURE_SIZE];
	if (HAL_CRYP_Encrypt(&hcryp1, Bootloader_shared_infos_RAM.Computed_key, BOOTLOADER_APP_SIGNATURE_SIZE,cyphered, 0xFF) != HAL_OK)
	    return RETURN_ERROR;

 

 

thanks for any idea that would come to your mind

 

2 REPLIES 2
CMYL
ST Employee

Hello @oga 

 After key loading through FUS_LOAD_USR_KEYthere is no way to read back and verify the loaded user keys during manufacturing programming prior to locking .  Absolutely no way of any kind to read back keys values directly or indirectly. In other words, the keys stored in the FUS secure zone are protected by hardware isolation, ensuring that they cannot be read back directly or indirectly. The keys are loaded into the secure AES hardware, and no one can read the key content

 The procedure to load and use keys that you provided is correct. It involves clearing the AES registers, initializing the CRYP handle, loading the user key from the FUS, performing encryption, and finally unloading the key. This procedure is supported by the FUS and the wireless firmware.

The STM32CubeProgrammer supports key storage with the -wusrkey command, which allows writing user keys when accessing the device in bootloader mode.

For more detailed information, you can refer to the application notes AN5185 and AN5289, which contain information concerning key management and the supported commands

Hope this answer is helpful for you and sorry for my late reply.

 

Best Regards

oga
Associate III

thank's for your kind reply

I well understand that key can't be read back once loaded (it makes sense by the way) but it mean only rely on SHCI_C2_FUS_LoadUsrKey() return code to control if key is well loaded and if it's the good one.

 

just another related question as there are 100key slots available in order to be able to change key during product life time I was planing to set an index reference in flash to indicate the active key slot .. .do you recommend another way to do this kind of stuff ?