2024-04-11 01:39 AM
Hello,
I'm struggling to find any information regarding possibility to remove the keys stored through FUS CKS.
My understanding is, if the keys are constantly being stored to some reserved space in flash memory, this reserved space will eventually be full and another key write will be impossible.
I found two related threads with no answer to this problem:
https://community.st.com/t5/stm32-mcus-security/stm32wb-fus-cks-no-option-to-delete-or-overwrite-userkeys/td-p/586508
https://community.st.com/t5/stm32-mcus-security/how-can-i-wipe-user-key-fus-ws-cks-when-all-index-positions-are/td-p/62762
Is it possible at this point to add key removal to the API? Is such feature planned?
Regards,
Larry
2024-04-12 03:04 AM
Hello @larry_g,
Based on the information provided in AN5185 (see section 5.1 Key types and structure), FUS system is designed to store a limited number of keys (101 keys, including 1 master key and 100 clear/encrypted keys), and it is explicitly stated that any stored key cannot be changed or removed. This implies that once a key is written into the FUS, it occupies a slot permanently.
Given this constraint, it is not possible to remove keys once they are stored in the FUS. The reason behind this is to disallow the removal or change of keys for security purposes to prevent tampering with the keys after they have been set.
If the reserved space for keys in the FUS becomes full, no additional keys can be written, and any attempt to write more than the supported number of keys will be rejected with an error message. This must be considered when designing the system that will use the FUS.
BR