cancel
Showing results for 
Search instead for 
Did you mean: 

STM32MP153C SSP workflow

axel101
Associate III

I am developing a device with the STM23MP153C and plan to implement secure boot, but I don't fully understand the SSP workflow and have a few questions.
1. The STM32CubeProgrammer documentation says that the -ssp command can be executed both with HSM and with a generated license. Do I understand correctly that this is the license that must be generated by the -hsmgetlicense command of STM32CubeProgrammer? If so, the license is valid only for the current device?
2. Is it mandatory to have HSM in production? Is it possible to generate a license for production so that production is not dependent on the presence of HSM? STM32CubeProgrammer program has a command -hsmgetlicensefromcertifbin. Is this command not what I want? If so, it requires "Input certificate file path" as an argument. How can I generate it?
3. HSM has a certain licenses count. Is this license per flash process or per device? Can I flash the same device multiple times with one license?

1 ACCEPTED SOLUTION

Accepted Solutions
Olivier GALLIEN
ST Employee

Hi @axel101 ,

 

Did you already refer to Overview of the secure secret provisioning (SSP) on STM32MP1 series - Application note

I guess it might answer to some of your questions. 

 

Olivier 

 

 

Olivier GALLIEN
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

View solution in original post

1 REPLY 1
Olivier GALLIEN
ST Employee

Hi @axel101 ,

 

Did you already refer to Overview of the secure secret provisioning (SSP) on STM32MP1 series - Application note

I guess it might answer to some of your questions. 

 

Olivier 

 

 

Olivier GALLIEN
In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.