STM32N6 EDMK derivation in FSBL decryption sequence

kradzphsys · ‎2025-07-28

Hello,

I am interested in the optional decryption sequence part of secure boot on STM32N6 mcu. As described in UM3234 (How to proceed with boot ROM on STM32N6 MCUs) a key derivation function is used to produce an encryption key. However I am not sure how the Enc/Dec Master Key is produced, as in the OTP mapping table (RM0486: STM32N6 Reference Manual) only an EDMK derivation constant is present. Am I correct to assume that this OTP168 word is used to derive the EDMK out of OEM secret (OTP 364-367)? If so, what's the algorithm? Additionally, what's the derivation constant used in ROM that's mentioned in the diagram? Is it publicly available?
Thanks,
kradzphsys

Mikk Leini · ‎2026-03-31

Hello ST,

Please answer questions. I am also wondering what is the encryption derivation constant. This example script uses seemingly magic number 0x7c098af2: Security:How to start with OEMuRoT on STM32N6 MCUs - stm32mcu

Where did that number come from? Who should define it? Should it be unique, should it be "paired" with encryption key? Should it be secret? Does it need to the be same number as is OTP168? So need to read it out from MCU ? If so, is it unique to MCU? But then every device needs own release?

Need better documentation.

Mikk Leini · ‎2026-04-07

Hello ST,

I need answers about the derivation constant. I bricked one device by trying encryption in closed locked stated. Even serial boot of unencrypted (but signed) doesn't revive it. I don't want to guess and brick more devices.