I am developing a device with the STM23MP153C and plan to implement secure boot, but I don't fully understand the SSP workflow and have a few questions.
1. The STM32CubeProgrammer documentation says that the -ssp command can be executed both with HSM and with a generated license. Do I understand correctly that this is the license that must be generated by the -hsmgetlicense command of STM32CubeProgrammer? If so, the license is valid only for the current device?
2. Is it mandatory to have HSM in production? Is it possible to generate a license for production so that production is not dependent on the presence of HSM? STM32CubeProgrammer program has a command -hsmgetlicensefromcertifbin. Is this command not what I want? If so, it requires "Input certificate file path" as an argument. How can I generate it?
3. HSM has a certain licenses count. Is this license per flash process or per device? Can I flash the same device multiple times with one license?
