Hello,
We are researching the possibility to protect different pieces of our software on Linux (OpenSt-Linux) and firmware for the M33 on the STM32MP257.
Our goals are (mostly) aligned with the purpose of the SSP HSM mechanisms:
1) Avoid our firmware to be copied, either by the final client or by our (non-trusted) manufacturer.
2) Ensure that no more than sold licenses are installed on HW (by the manufacturer).
3) Ensure the firmware is a signed version
My understanding is that this is basically the goal of SSP / HSM:
* We setup an HSM card with licenses (counter) and keys.
* We setup a secret file including keys.
* The manufacturer use them to establish an USB connection with the STM32MP2, and save keys in the OTP, where the secret file (keys) is encrypted all the time until saved in the OTP, at which point it's not readable.
* To make the OTP not readable, the MP2 is switched to OTP_Secured_Close using the RMA mode.
With this, we would like the non-secure Linux to:
1) Verify the signature of files against the key on the OTP
2) Decrypt files with a key on the OTP.
The main goal of this is to have a signed and encrypted firmware, eventually updated at client side (e.g. through Ethernet or USB memory), and launched by Linux, through a process that check and decrypt that firmware before it is launched on the M33.
--------------------------
I followed several documents from (https://wiki.stmicroelectronics.cn/stm32mpu/wiki/STM32_MPU_resources#AN5827) and from the wiki:
https://wiki.stmicroelectronics.cn/stm32mpu/wiki/How_to_deploy_SSP_using_a_step-by-step_approach#cite_note-1
https://wiki.stmicroelectronics.cn/stm32mpu/wiki/How_to_configure_TF-A_BL2
https://www.st.com/resource/en/application_note/dm00713831.pdf
https://www.st.com/resource/en/application_note/DM00882557.pdf
At this point, I think that I can provision SSP secret files (I am still waiting my smart-card reader, so I cannot fully test it yet).
But I am lost in the process of using the OTP key to decrypt or check the signature of files in Linux.
