How to migrate from STM32IMAGE to FIP using Hardware Security Module?

jandriea · ‎2023-02-12

In my current project, I am still using the older environment. Even though there are no urgencies to migrate to the newer environment, I want to prepare everything in advance.

My current project uses an external module to generate a signature. it works very well with the older image because I only need to update the image's header section with the generated signature from the external module. However, the newer image prevents me to do this because it requires the private key to generate the certificate. The external security module won't allow me to retrieve the private key from the module. It only allows me to generate a signature or retrieve the public key. So, my only choice is to generate the certificate by myself and use the external module to sign the certificate. But after searching through the internet for days, I still cannot find that this is a possible option.

Is it possible to generate the certificate by ourselves and embed the generated certificate into the FIP binary?

Thank you

Erwan SZYMANSKI · ‎2023-02-13

Hello @jandriea,

Good idea the anticipate this kind of change ! We use ST signing tool to do it in our different process, but having a particular attention between the changes from your OSTL version to this new one (4.1) will be needed.

I put you here the different article that can help you with your issue:

and 2 more articles that can be relevant:

I hope that these articles will help you to go forward with the FIP use.

Kind regards,

Erwan.

In order to give better visibility on the answered topics, please click on 'Select as Best' on the reply which solved your issue or answered your question. See also 'Best Answers'

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.