secure secret provisioning (SSP) not working

MVass.1 · ‎2022-05-08

Hi,

I've finally reached the stage where I can test the SSP flow

I burned a debug AES128GCM key on my ST-HSM-v2 card

I created a 148 bytes secrets file and passed it through TrustedPackageCreator tool to get the 244 bytes file

I created a signed ssp-tf-a bin

And I have a stm32mp157f-ev1 board to sacrifice

I am following commands in

https://www.st.com/resource/en/application_note/an5510-overview-of-the-secure-secret-provisioning-ssp-on-stm32mp1-series-stmicroelectronics.pdf

and

https://www.st.com/resource/en/user_manual/dm00403500-stm32cubeprogrammer-software-description-stmicroelectronics.pdf

Here is where I am currently stuck at:

The command: "STM32_Programmer_CLI.exe -c port=USB1 -ssp .\secrets.ssp .\tf-a-ssp-stm32mp157f-ev1-ssp-signed.stm32 hsm=1 slot=2" always fails

scenario #1:

board is started into DFU mode -> I execute the command (as suggested by the first doc as a valid method)

I get:

USB speed   : High Speed (480MBit/s)
Manuf. ID   : STMicroelectronics
Product ID  : DFU in HS Mode @Device ID /0x500, @Revision ID /0x0000
SN          : 001C00203139510B38313636
DFU protocol: 1.1
Board       : --
Device ID   : 0x0500
Device name : STM32MP1
Device type : MPU
Revision ID : --
Device CPU  : Cortex-A7
 
 
UPLOADING OTP STRUCTURE ...
  Partition     : 0xF2
  Size          : 1024 Bytes
 
Uploading OTP data:
▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒▒
 
Error: unable to get the associate alternate setting of partition ID: 0xf2
Error: please make sure that your alternate settings have string descriptors with the right format
Error: the specified partition: 0xf2 is unreachable
Error: Read OTP Partition failed
 
 
Error: Uploading the OTP structure failed
Error: Initializing the OTP structure failed

From this "0xf2" error I see in a different thread on this forum that It means I need to be in U-boot

so:

Scenario #2:

board is started into DFU mode ->

I use STM32_Programmer_CLI with "-w Flashlayout"

#Opt	Id	Name	Type	IP	Offset	Binary
-	0x01	fsbl1-boot	Binary	none	0x0	serialboot/tf-a-stm32mp157f-ev1-serialboot.stm32.signed
-	0x03	ssbl-boot	Binary	none	0x0	serialboot/u-boot-stm32mp157f-ev1-serialboot.stm32.signed

--> I execute the SSP command and get:

USB speed   : High Speed (480MBit/s)
Manuf. ID   : STMicroelectronics
Product ID  : USB download gadget@Device ID /0x500, @Revision ID /0x2001, @Name /STM32MP157FAA Rev.Z,
SN          : 001C00203139510B38313636
DFU protocol: 1.1
Board       : --
Device ID   : 0x0500
Device name : STM32MP157FAA Rev.Z
Device type : MPU
Revision ID : --
Device CPU  : Cortex-A7
 
 
UPLOADING OTP STRUCTURE ...
  Partition     : 0xF2
  Size          : 1024 Bytes
 
Uploading OTP data:
██████████████████████████████████████████████████ 100%
 
 
 
 
Memory Programming ...
Opening and parsing file: tf-a-ssp-stm32mp157f-ev1-ssp-signed.stm32
  File          : tf-a-ssp-stm32mp157f-ev1-ssp-signed.stm32
  Size          : 87.61 KB
  Partition ID  : 0x01
 
Download in Progress:
██████████████████████████████████████████████████ 100%
 
File download complete
Time elapsed during download operation: 00:00:00.049
 
     SSP file path             : .\secrets.ssp
     SSP HSM slot ID           : 2
 
Reading the chip Certificate...
 
Requesting Chip Certificate...
 
 
Error: unable to get the associate alternate setting of partition ID: 0x 0
Error: please make sure that your alternate settings have string descriptors with the right format
Error: unable to upload data from virtual partition

on the board's console I just see:

partitions : done
Phase=END
DFU alt info setting: done
crq->brequest:0x0
#
UPLOAD ... done
Ctrl+C to exit ...
#
UPLOAD ... done
Ctrl+C to exit ...
#
UPLOAD ... done
Ctrl+C to exit ...
failed: -22

Please help me complete this final SSP step

side note:

The SSP process write all OTP words from 59-95

But all evaluation board already have word 59 written with "board id"

I hope this won't interfere with the SSP process (I left first 4 bytes in my 148 byte secrets file as all 0s)

EDIT: I am using 2.10.0 version of tools, and version 2.0 of the ST yocto BSP

EDIT2: see update below

Thanks,

Michael

MVass.1 · ‎2022-05-08

UPDATE:

I debugged the "failed: -22" log from u-boot side and found out it's because stm32prog_set_phase() is called with phase=83 (0x53) and it's not in data object

I switched to STM32_Programmer_CLI version 2.7.0 to see if maybe it's due to compatibility issues, and seems like version 2.7.0 did not have those problems

BUT the SSP process as a whole is still not working

Scenario #3:

board is in DFU mode --> I put it into uboot like in Scenario #2

--> I use the SSP command:

PC shell:

-------------------------------------------------------------------
                       STM32CubeProgrammer v2.7.0
      -------------------------------------------------------------------
 
 
 
USB speed   : High Speed (480MBit/s)
Manuf. ID   : STMicroelectronics
Product ID  : USB download gadget@Device ID /0x500, @Revision ID /0x2001, @Name /STM32MP157FAA Rev.Z,
SN          : 001C00203139510B38313636
FW version  : 0x0110
Device ID   : 0x0500
Device name : STM32MP157FAA Rev.Z
Device type : MPU
Device CPU  : Cortex-A7
 
 
UPLOADING OTP STRUCTURE ...
  Partition     : 242
  Size          : 1024 Bytes
 
Uploading OTP data:
██████████████████████████████████████████████████ 100%
 
OTP Partition read successfully
 
 
PROGRAMMING SAFMEM ...
  Partition     : 242
  Size          : 1024 Bytes
 
Downloading OTP data:
██████████████████████████████████████████████████ 100%
Message from Embedded Flash Loader : Provisioning
Rebooting ...
 
 
Reconnecting the device ...
 
USB speed   : High Speed (480MBit/s)
Manuf. ID   : STMicroelectronics
Product ID  : DFU in HS Mode @Device ID /0x500, @Revision ID /0x0000
SN          : 001C00203139510B38313636
FW version  : 0x0110
Device ID   : 0x0500
 
 
 
 
Memory Programming ...
Opening and parsing file: tf-a-ssp-stm32mp157f-ev1-ssp-signed.stm32
  File          : tf-a-ssp-stm32mp157f-ev1-ssp-signed.stm32
  Size          : 89716 Bytes
  Partition ID  : 0x01
 
Download in Progress:
██████████████████████████████████████████████████ 100%
 
File download complete
Time elapsed during download operation: 00:00:00.195
 
     SSP file path             : .\secrets.ssp
     SSP HSM slot ID           : 2
 
 
Requesting Chip Certificate...
 
Get Certificate done successfully
 
requesting license for the current STM32 device
 
Init Communication ...
 
ldm_LoadModule(): loading module "stlibp11_SAM.dll" ...
ldm_LoadModule(WIN32): OK loading library "stlibp11_SAM.dll": 0x5EBE0000 ...
C_GetFunctionList() returned 0x00000000, g_pFunctionList=0x5EC5F560
P11 lib initialization Success!
 
Opening session with solt ID 2...
 
Succeed to Open session with reader solt ID 2
 
Succeed to generate license for the current STM32 device
 
Closing session with reader slot ID 2...
 
Session closed with reader slot ID 2
 
Closing communication with HSM...
 
Communication closed with HSM
 
Succeed to get License for Firmware from HSM slot ID 2
 
Starting Firmware Install operation...
 
Writing blob
 
 
Blob successfully written
 
Start operation achieved successfully
Send detach command
Detach command executed
SSP file .\secrets.ssp Install Operation Success
 
Time elapsed during SSP install operation: 00:00:02.882

Board shell:

partitions : done
Phase=END
DFU alt info setting: done
crq->brequest:0x0
#
UPLOAD ... done
Ctrl+C to exit ...
#
UPLOAD ... done
Ctrl+C to exit ...
#INFO:    write all otp succeed
Error: Provisioning
DOWNLOAD ... OK
Ctrl+C to exit ...
Reset requested
#
UPLOAD ... done
Ctrl+C to exit ...
Download done
Reset...
resetting ...
INFO:    PSCI Power Domain Map:
INFO:      Domain Node : Level 1, parent_node -1, State ON (0x0)
INFO:      Domain Node : Level 0, parent_node 0, State ON (0x0)
INFO:      CPU Node : MPID 0x0, parent_node 0, State ON (0x0)
INFO:      CPU Node : MPID 0xffffffff, parent_node 0, State OFF (0x2)
NOTICE:  CPU: STM32MP157FAA Rev.Z
NOTICE:  Model: STMicroelectronics STM32MP157F eval daughter on eval mother
NOTICE:  Board: MB1263 Var4.0 Rev.C-03
INFO:    Reset reason (0x44):
INFO:      System reset generated by MPU (MPSYSRST)
INFO:    PMIC version = 0x20
INFO:    Using USB
INFO:      Instance 2
INFO:    Boot used partition fsbl1
INFO:    Detected start SSP Phase 2
INFO:    Start Download partition SSP address 0x2ffe5000 length 380
INFO:    GETSTATUS :
INFO:                   DFU_STATE_IDLE
INFO:    UPLOAD :
INFO:                   Phase ID : 0
INFO:                   address 0x2ffd9d9c
INFO:    GETSTATUS :
INFO:                   DFU_STATE_IDLE
INFO:    UPLOAD :
INFO:                   Phase ID : 0
INFO:                   address 0x2ffd9d9c
INFO:    USB : DFU : end of download partition : 0
INFO:    Receive Detach

So, according to the tool, the SSP process was successful (The HSM counter also dropped by 1)

But, nothing was performed on the device side

The public key hash (pkh) is not written

The device is not locked

The OTP secrets (words 60-95) are all 0s

Also,

OTP word 8 bit 8 (SSP_REQ) is "1" --> SSP began.

OTP word 8 bit 9 (SSP_SUCCESS) is "0" --> SSP not done.

OTP word 2 bits 0-3 (SSP_ATTEMPTS) is "0x3" --> 2 attempts were used, 2 left.

What did I do wrong ?

Thanks,

Michael

MVass.1 · ‎2022-05-22

Maybe I am still using wrong prog tool version ?

Also, where is the MPU_SSP_ATTEMPTS-- logic (4 ssp attempts)

Is it in the MPU's rom code, or the tf-a-spp ?

If it is in the tf-a-spp maybe I will be able to debug this issue without destroying boards by commenting this out.

OlivierK · ‎2022-05-24

Hi MVass.1 (Community Member)

To let you know that your issue is now handled internally as support request 128976.

We are also investigating the regression you've found on CubeProgrammer V2.10 vs V2.7.

For the SSP_ATTEMPTS, only the bootRom is handling this to prevent any security breach.. Unfortunately there is no workaround to extend the number of attempts.

It seems you are in the case described in AN5510 chap 3.3.4 Error cases: So 2 possibilities:

the Key and input vector (nonce) in the HSM are different compared to the one used to generate the secret.ssp
the TF-A signature doesn't match the one used in the secret

Regards,

Olivier