Need mass programming PKH in stm32mp157x OTP. How to automate this step?

AndreyK · ‎2022-04-20

I was generate key-pair (privateKey.pem, publicKey.pem) by STM32MP_KeyGen_CLI and also got publicKeyhash.bin. After this i was sign FSBL TF-A bootloader and then make FIP (OP-TEE, U-Boot, configs) with "TRUSTED_BOARD_BOOT=1" option, kernel, rootfs. At now i have a question: is any easy way to put publicKeyhash.bin on device OTP (about hundred devices)?

Usage "STM32_Programmer_CLI -c port=usb1 -otp program wordID=0xNNNN value=0xMMMM" command is not easy way, because absent command to read OPT. How to check programmed value after write, before lock device? And also need some script to convert "publicKeyhash.bin" to STM32_Programmer_CLI commands.

How was solved this case on mass production?

OlivierK · ‎2022-05-06

Hi AndreyK (Community Member)

STM32CubeProgrammer is not intended to be a mass production tool.

However here is the procedure to easy read OTPs with CubeProgrammer, you need only the first 2 partitions of a TSV file.

https://wiki.st.com/stm32mpu/wiki/STM32CubeProgrammer#How_to_fuse_STM32MP15x_OTP

For example in CLI : FlashLayout_sdcard_stm32mp1-forOTP.tsv

#Opt Id Name Type IP Offset Binary

- 0x01 fsbl1-boot Binary none 0x0 tf-a-stm32mp157f-dk-usb.stm32

- 0x03 fip-boot Binary none 0x0 fip-stm32mp157f-dk-optee.bin

To read OTP values:

STM32_Programmer_CLI -c port=usb1 -w ./FlashLayout_sdcard_stm32mp1-forOTP.tsv

STM32_Programmer_CLI -c port=usb1 -otp displ

For the PKH fuse.

STM32_Programmer_CLI -c port=usb1 -otp fwrite lock publicKeyHash.bin word=24

Regards,

Olivier

View solution in original post

OlivierK · ‎2022-05-06