Writing and locking the Boot Hardware Key using the B-U585I-IOT02A discovery kit

KKupf.1 · ‎2021-11-26

Hi all,

I’m trying to find out when the Boot Hardware Key (BHK) is exactly written and locked (using the B-U585I-IOT02A discovery kit).

The reference manual (RM0456, page 1513) just says that it is „written by a secure code during boot“.

So I modified an example project where the TrustZone is enabled and assumed that it boots in secure mode and the key is written. I then tried to read out the key and to use it to encrypt data with the SAES module but this didn’t work. So I assume that the key wasn’t written yet. Is there anything else I have to do that the BHK is written during boot or do I have to generate the BHK with my own code? What is meant with secure boot exactly?

Best regards,

Kathrin

Amel NASRI · ‎2021-12-09

Hi @KKupf.1 ,

While I'm not an expert on this area, I'll try to provide some hints. That may be helpful for you to find an answer.

If I refer to RM0456, there is a KEYSEL bitfield in SAES control register.

You need to check which key was selected in your case.

If you would like to understand more about Secure Boot mainly and Secure features generally, I suggest you the following references:

If you still don't find the answer to your questions, please keep me updated on the current status of your request (if possible with more precise questions) so that I can look for answers with the help of our experts.

-Amel

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.