FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Review a secret file content for STM32MP2 series to enable secure boot

ThinhNguyen
Associate III

‎2025-07-09 7:30 PM

My goal is to create a SSP payload and write it to the OTP of the STM32MP257F chip. The OS running on my KIT is based on OpenSTLinux.

To get the SSP Payload, a Secret file is required. I just need secure boot.

I refer to the following sources:

The contents of my Secret file will include the components as shown below. (Json file attached)

ThinhNguyen_0-1752114013070.png

Is a secret file with such components enough for secure boot? And please advise if there are any invalid options in the Secret list

Preview file
10 KB
0 Kudos
1 REPLY 1
ThomasB
ST Employee

‎2025-08-11 2:08 AM

Hello @ThinhNguyen,

On MP2x A35TD these four elements are sufficient.

Keep in mind that the first two elements (OEM_KEY1_ROT and RMA_LOCK_PSWD) are mandatory. The two others are optional, depending on what you want to achieve :

  • OEM_FIP_EDMK is used to decrypt the FIP binaries (OP-TEE, U-Boot). If you do not encrypt your FIP, it is not required.
  • OEM_KEY1_EDMK is used to decrypt the FSBL (TF-A). If you do not encrypt the FSBL, it is not required.

 

Best regards,

Thomas

Top