cancel
Showing results for 
Search instead for 
Did you mean: 

How to validate keys and certiicates without fusing hash key to OTP area in secure boot?

GChin.1
Associate

I am using STM32MP157F-DK2 for secure boot. I am using ecosystem release v3.1.1​ which has TFA v2.4-stm32mp-r2.1. As per steps given by ST need to fuse publicKeyhash.bin to OTP from u-boot console using "stm32key fuse 0xc00000000".

As OTP area can not be used for multiple hash. How test multiple key hash with keys and certificate or with secure boot chain​? As developer how to verify different hash keys without fusing to actual otp register (24 to 31).?

Thank you. ​

1 REPLY 1
OlivierK
ST Employee

Hi GChin.1 (Community Member) 

There is no such verification tool available right now. To test the signature authentication you need to fuse the OTP PKH. The only thing possible is to use "KeyGen" / "SigningTool" part of STM32MPCubeProgrammer install, to generate public, private, and Hash public key. The Hash public key is then ready to be fused in OTP PKH. The same generated keys will be used in SigninTool to sign the TF-A binary.

Regards,

Olivier