FAQs
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

STM32WBA bootloader signing and verification

Go to solution
JamesNi
Associate

‎2025-02-21 3:28 PM - last edited on ‎2025-02-24 1:50 AM by

Hi community, I understand that users can encrypt and sign firmware using STM32CubeProgrammer. My question is about the first stage bootloader provided by ST. From my limited reading, it seemed that this 1st stage ST bootloader is only encrypted but not signed. Is my understanding correct? If not, please can someone point to me the document describing how does ST do the 1st stage bootloader signing and where the verification key is programmed on the MCUs?

Thanks, and best regards

James

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
STTwo-32
ST Employee

‎2025-03-21 7:32 AM

Hello @JamesNi 

Regarding the ST supplied bootloader in the system flash, it is not encrypted and not meant for sophisticated customer and field application use. The only purpose of that bootloader is to load code into the device.
The actual application is supposed to reside in the user flash and that's done through the OEMiROT supplied in the STM32CubeWBA package. The OEMiROT is encrypted and signed and supports authentication and verification.

Best Regards.

STTwo-32

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

View solution in original post

0 Kudos
2 REPLIES 2
Go to solution
Joe WILLIAMS
ST Employee

‎2025-02-24 12:54 PM - edited ‎2025-02-24 1:09 PM

Hi JamesNi

 

This post has been escalated to the ST Online Support Team for additional assistance.  Should anyone else have a similar question about documentation, please submit your request directly to the ST Online Support Team at https://my.st.com/ols

 

Regards

Joe

STMicro Support

0 Kudos
Go to solution
STTwo-32
ST Employee

‎2025-03-21 7:32 AM

Hello @JamesNi 

Regarding the ST supplied bootloader in the system flash, it is not encrypted and not meant for sophisticated customer and field application use. The only purpose of that bootloader is to load code into the device.
The actual application is supposed to reside in the user flash and that's done through the OEMiROT supplied in the STM32CubeWBA package. The OEMiROT is encrypted and signed and supports authentication and verification.

Best Regards.

STTwo-32

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
Top