cancel
Showing results for 
Search instead for 
Did you mean: 

Key format for secure boot

mrnuke
Associate II

Hi, I'm trying to generate secure boot keys using native linux tools. I assumed the secureboot format would be documented, but all I found was links to STM32MP_KeyGen.

I can use openssl to generate ECDSA keys, and also get publik keys out. I am at teh point where I can take the private key from STM32MP_KeyGen, and convert it to a public key:

openssl ec -in private-key.pem -pubout -out public-key.pem

However, what I can't figure out is how to get the SHA256 hash of the public key in a way that I can burn in the OTP fuses. openssl hash functions give a different result than the one generated by STM32MP_KeyGen. What is the format that the chip expects?

1 ACCEPTED SOLUTION

Accepted Solutions
mrnuke
Associate II

Okay, I figured it out. Rather that try to explain it, I'll post the source code:

https://github.com/mrnuke/stm32mp-keygen/

View solution in original post

1 REPLY 1
mrnuke
Associate II

Okay, I figured it out. Rather that try to explain it, I'll post the source code:

https://github.com/mrnuke/stm32mp-keygen/