FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to select format type and KeySize in STM32 Trusted Package Creator?

Go to solution
ThinhNguyen
Associate III

‎2025-07-07 2:08 AM

I am following the "How to deploy SSP using a step-by-step approach". I am working on "3.1.2.2. Secret file content for STM32MP2 series". The target MPU is STM32MP257F. I have some questions as below:

1. How do I know whether to choose "Format 1" or "Format 2"?

2. I selected the binary file as FIP-EDMK, which is 256-bit but the KeySize shows 128-bit and it won't let me select 256-bit again. Is this acceptable?

 

ThinhNguyen_2-1751878929230.png

 

 

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Zakaria1
ST Employee
In response to ThinhNguyen

‎2025-07-08 3:09 AM

Indeed, the FIP-EDMK format is not specified in the wiki. I’ll look into updating the wiki page to include the correct format.
You can find the information in U-Boot in the file:

`arch/arm/mach-stm32mp/cmd_stm32key.c`

It contains:
{
.name = "FIP-EDMK",
.desc = "Encryption/Decryption Master Key for FIP",
.start = 260,
.size = 8,
},
The format isn’t specified, so it defaults to Format 1.
static int fuse_key_value(struct udevice *dev, const struct stm32key *key, unsigned long addr, bool print)
{
u32 word, val;
int i, ret;
u32 (*format)(u32) = format1;

/* Use key_format function pointer if defined */
if (key->key_format)
format = key->key_format;

Format1 is the default value.

If the format is specified in the structure (always with Format 2), then Format 2 is used.

So, the format to use is indeed Format 1. I hope this answers all your questions. I’ll request information regarding the meaning of the Enc/Wrap option and respond in the other post.


View solution in original post

0 Kudos
11 REPLIES 11
Go to solution
Zakaria1
ST Employee

‎2025-07-08 1:47 AM

Hello @ThinhNguyen,

According to the STM32 Trusted Package Creator user manual, it states:
"Select the endianness format of the binary, Format 1, or Format 2. (Format 1 is fixed for word item)." Since you’re working with a binary, you should select Format 2.
For the second question, you need to change the Enc/Wrap option to either Encryption or Wrapping to access the KeySize option and set it to 256-bit.

Please refer to the user manual UM2238 for more details.

Best Regards,
Zakaria

0 Kudos
Go to solution
ThinhNguyen
Associate III
In response to Zakaria1

‎2025-07-08 2:03 AM

Hi @Zakaria1 ,

I read UM2238 but didn't see much mention about when to use format 1 and when to use format 2. As you said, when using binary files, you should choose format 2, so why are OEM_KEY1_ROOT and RMA_LOCK_PSWD also binary files but it requires choosing format 1. 

ThinhNguyen_0-1751965157215.png

 

0 Kudos
Go to solution
Zakaria1
ST Employee
In response to ThinhNguyen

‎2025-07-08 2:11 AM

Hi @ThinhNguyen,
Sorry, I misunderstood. In fact, for all word items, the format is fixed as Format 1. For binary items, there is a choice, but for specific keys, I believe the tool enforces the format to avoid selecting an incorrect one. The format refers to the endianness used for writing keys to the OTPs. Here’s an example from UM2238:

Endianness given in the specification for format: Keys are represented as a string of bytes
to be stored in consecutive OTP words. For example, a 64-bit key
(0xAABBCCDDEEFF5566) is stored in two consecutive OTP words, KEY0 and KEY1. A
key is stored in OTP words using one of the following formats:
• Format 1: KEY0 = 0xAABBCCDD, KEY1 = 0xEEFF5566
• Format 2: KEY0 = 0xDDCCBBAA, KEY1 = 0x6655FFEE

0 Kudos
Go to solution
ThinhNguyen
Associate III
In response to Zakaria1

‎2025-07-08 2:22 AM

Hi @Zakaria1,

Thanks for clarifying. You are right. However, the problem arises that I do not have the information to know whether the FIP-EDMK (32 random bytes) has a Format 1 or Format 2. I think this Format is pre-defined so that the ROM code can read and understand the value in the OTP. ROM code is a blind spot for me. Can you provide relevant information to help me determine the Format of the FIP-EDMK?

0 Kudos
Go to solution
Zakaria1
ST Employee

‎2025-07-08 2:24 AM

Please refer to this wiki page for the STM32MP23-25 OTP mapping to determine which format to use.
STM32MP23-25 OTP mapping - stm32mpu
Here’s a screenshot from the wiki showing that OEM_KEY1_ROT and OEM_KEY2_ROT must be in Format 1:

Zakaria1_0-1751966631741.png

0 Kudos
Go to solution
ThinhNguyen
Associate III
In response to Zakaria1

‎2025-07-08 2:30 AM

Hi @Zakaria1,

I looked through it, but unfortunately it doesn't mention anything about the FIP-EDMK format. You can see the image I pasted below.

ThinhNguyen_0-1751966884832.png

Click to the link it let me to the intruction to enable secure boot. There is no information about FIP-EDMK format type too.

 

0 Kudos
Go to solution
Zakaria1
ST Employee
In response to ThinhNguyen

‎2025-07-08 3:09 AM

Indeed, the FIP-EDMK format is not specified in the wiki. I’ll look into updating the wiki page to include the correct format.
You can find the information in U-Boot in the file:

`arch/arm/mach-stm32mp/cmd_stm32key.c`

It contains:
{
.name = "FIP-EDMK",
.desc = "Encryption/Decryption Master Key for FIP",
.start = 260,
.size = 8,
},
The format isn’t specified, so it defaults to Format 1.
static int fuse_key_value(struct udevice *dev, const struct stm32key *key, unsigned long addr, bool print)
{
u32 word, val;
int i, ret;
u32 (*format)(u32) = format1;

/* Use key_format function pointer if defined */
if (key->key_format)
format = key->key_format;

Format1 is the default value.

If the format is specified in the structure (always with Format 2), then Format 2 is used.

So, the format to use is indeed Format 1. I hope this answers all your questions. I’ll request information regarding the meaning of the Enc/Wrap option and respond in the other post.


0 Kudos
Go to solution
ThinhNguyen
Associate III
In response to Zakaria1

‎2025-07-08 3:12 AM

Hi @Zakaria1,

It answered my question. Thanks!

0 Kudos
Go to solution
ThinhNguyen
Associate III
In response to Zakaria1

‎2025-07-08 7:36 PM

hi @Zakaria1,

I I opened the cmd_stm32key.c file to read more but I found it very different from the code you quoted. Here is the code I have.

static int fuse_key_value(struct udevice *dev, const struct stm32key *key, u32 addr, bool print)
{
	u32 word, val;
	int i, ret;

	for (i = 0, word = key->start; i < key->size; i++, word++, addr += 4) {
		val = __be32_to_cpu(*(u32 *)(long)addr);
		if (print)
			printf("Fuse %s OTP %i : %08x\n", key->name, word, val);

		ret = misc_write(dev, STM32_BSEC_OTP(word), &val, 4);
		if (ret != 4) {
			log_err("Fuse %s OTP %i failed\n", key->name, word);
			return ret;
		}
		/* on success, lock the OTP for the key */
		val = BSEC_LOCK_PERM;
		ret = misc_write(dev, STM32_BSEC_LOCK(word), &val, 4);
		if (ret != 4) {
			log_err("Lock %s OTP %i failed\n", key->name, word);
			return ret;
		}
	}

	return 0;
}

 To make sure I didn't make a mistake I also checked the latest uboot patch file here: https://raw.githubusercontent.com/STMicroelectronics/meta-st-stm32mp/refs/heads/walnascar/recipes-bsp/u-boot/u-boot-stm32mp/0001-v2023.10-stm32mp-r1.2.patch

It also does not contain the code you quoted. 

I would like to ask where I can find the code you quoted to read more about how they work.

0 Kudos
Top