How to select format type and KeySize in STM32 Trusted Package Creator?

ThinhNguyen · ‎2025-07-07

I am following the "How to deploy SSP using a step-by-step approach". I am working on "3.1.2.2. Secret file content for STM32MP2 series". The target MPU is STM32MP257F. I have some questions as below:

1. How do I know whether to choose "Format 1" or "Format 2"?

2. I selected the binary file as FIP-EDMK, which is 256-bit but the KeySize shows 128-bit and it won't let me select 256-bit again. Is this acceptable?

Zakaria1 · ‎2025-07-08

Indeed, the FIP-EDMK format is not specified in the wiki. I’ll look into updating the wiki page to include the correct format.
You can find the information in U-Boot in the file:

`arch/arm/mach-stm32mp/cmd_stm32key.c`

It contains:
{
.name = "FIP-EDMK",
.desc = "Encryption/Decryption Master Key for FIP",
.start = 260,
.size = 8,
},
The format isn’t specified, so it defaults to Format 1.
static int fuse_key_value(struct udevice *dev, const struct stm32key *key, unsigned long addr, bool print)
{
u32 word, val;
int i, ret;
u32 (*format)(u32) = format1;

/* Use key_format function pointer if defined */
if (key->key_format)
format = key->key_format;

Format1 is the default value.

If the format is specified in the structure (always with Format 2), then Format 2 is used.

So, the format to use is indeed Format 1. I hope this answers all your questions. I’ll request information regarding the meaning of the Enc/Wrap option and respond in the other post.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

View solution in original post

Zakaria1 · ‎2025-07-08

Hello @ThinhNguyen,

According to the STM32 Trusted Package Creator user manual, it states:
"Select the endianness format of the binary, Format 1, or Format 2. (Format 1 is fixed for word item)." Since you’re working with a binary, you should select Format 2.
For the second question, you need to change the Enc/Wrap option to either Encryption or Wrapping to access the KeySize option and set it to 256-bit.

Please refer to the user manual UM2238 for more details.

Best Regards,
Zakaria

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

ThinhNguyen · ‎2025-07-08

Hi @Zakaria1 ,

I read UM2238 but didn't see much mention about when to use format 1 and when to use format 2. As you said, when using binary files, you should choose format 2, so why are OEM_KEY1_ROOT and RMA_LOCK_PSWD also binary files but it requires choosing format 1.

Zakaria1 · ‎2025-07-08

Hi @ThinhNguyen,
Sorry, I misunderstood. In fact, for all word items, the format is fixed as Format 1. For binary items, there is a choice, but for specific keys, I believe the tool enforces the format to avoid selecting an incorrect one. The format refers to the endianness used for writing keys to the OTPs. Here’s an example from UM2238:

Endianness given in the specification for format: Keys are represented as a string of bytes
to be stored in consecutive OTP words. For example, a 64-bit key
(0xAABBCCDDEEFF5566) is stored in two consecutive OTP words, KEY0 and KEY1. A
key is stored in OTP words using one of the following formats:
• Format 1: KEY0 = 0xAABBCCDD, KEY1 = 0xEEFF5566
• Format 2: KEY0 = 0xDDCCBBAA, KEY1 = 0x6655FFEE

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

ThinhNguyen · ‎2025-07-08

Hi @Zakaria1,

Thanks for clarifying. You are right. However, the problem arises that I do not have the information to know whether the FIP-EDMK (32 random bytes) has a Format 1 or Format 2. I think this Format is pre-defined so that the ROM code can read and understand the value in the OTP. ROM code is a blind spot for me. Can you provide relevant information to help me determine the Format of the FIP-EDMK?

Zakaria1 · ‎2025-07-08

Please refer to this wiki page for the STM32MP23-25 OTP mapping to determine which format to use.
STM32MP23-25 OTP mapping - stm32mpu
Here’s a screenshot from the wiki showing that OEM_KEY1_ROT and OEM_KEY2_ROT must be in Format 1:

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

ThinhNguyen · ‎2025-07-08

Hi @Zakaria1,

I looked through it, but unfortunately it doesn't mention anything about the FIP-EDMK format. You can see the image I pasted below.

Click to the link it let me to the intruction to enable secure boot. There is no information about FIP-EDMK format type too.

Zakaria1 · ‎2025-07-08

Indeed, the FIP-EDMK format is not specified in the wiki. I’ll look into updating the wiki page to include the correct format.
You can find the information in U-Boot in the file:

`arch/arm/mach-stm32mp/cmd_stm32key.c`

It contains:
{
.name = "FIP-EDMK",
.desc = "Encryption/Decryption Master Key for FIP",
.start = 260,
.size = 8,
},
The format isn’t specified, so it defaults to Format 1.
static int fuse_key_value(struct udevice *dev, const struct stm32key *key, unsigned long addr, bool print)
{
u32 word, val;
int i, ret;
u32 (*format)(u32) = format1;

/* Use key_format function pointer if defined */
if (key->key_format)
format = key->key_format;

Format1 is the default value.

If the format is specified in the structure (always with Format 2), then Format 2 is used.

So, the format to use is indeed Format 1. I hope this answers all your questions. I’ll request information regarding the meaning of the Enc/Wrap option and respond in the other post.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

ThinhNguyen · ‎2025-07-08

Hi @Zakaria1,

It answered my question. Thanks!

ThinhNguyen · ‎2025-07-08

hi @Zakaria1,

I I opened the cmd_stm32key.c file to read more but I found it very different from the code you quoted. Here is the code I have.

static int fuse_key_value(struct udevice *dev, const struct stm32key *key, u32 addr, bool print)
{
	u32 word, val;
	int i, ret;

	for (i = 0, word = key->start; i < key->size; i++, word++, addr += 4) {
		val = __be32_to_cpu(*(u32 *)(long)addr);
		if (print)
			printf("Fuse %s OTP %i : %08x\n", key->name, word, val);

		ret = misc_write(dev, STM32_BSEC_OTP(word), &val, 4);
		if (ret != 4) {
			log_err("Fuse %s OTP %i failed\n", key->name, word);
			return ret;
		}
		/* on success, lock the OTP for the key */
		val = BSEC_LOCK_PERM;
		ret = misc_write(dev, STM32_BSEC_LOCK(word), &val, 4);
		if (ret != 4) {
			log_err("Lock %s OTP %i failed\n", key->name, word);
			return ret;
		}
	}

	return 0;
}

To make sure I didn't make a mistake I also checked the latest uboot patch file here: https://raw.githubusercontent.com/STMicroelectronics/meta-st-stm32mp/refs/heads/walnascar/recipes-bsp/u-boot/u-boot-stm32mp/0001-v2023.10-stm32mp-r1.2.patch

It also does not contain the code you quoted.

I would like to ask where I can find the code you quoted to read more about how they work.