2025-07-08 2:52 AM
I am working on STM32 Trusted Package Creator. I read the artical How to deploy SSP using a step-by-step approach at section "3.1.2.2. Secret file content for STM32MP2 series". I need to create a secret file that contain FIP-EDMK OTP as the image below:
Could you please explain on Enc/Wrap box.
For the FIP-EDMK What should I select?
Solved! Go to Solution.
2025-07-09 6:25 AM
Hello,
Understanding 2 is correct.
More precisely, the FIP-EDMK will be Encrypted of Wrapped by the embedded SSP software during the SSP procedure.
Enc/Wrap feature is used to obfuscate the secret programmed on the SoC :
The main advantage of Wrapping against Encryption is that when you unwrap the FIP-EDMK to retrieve the value the input file, SAES directly write the FIP-EDMK in the key register of SAES : step 2 figure 538 of @Zakaria1 screenshot. So the FIP-EDMK unwrapped is never accessible by the OEM firmware deployed on the product (CubeHAL, OpenSTLinux, ...). The OEM firmware is using the FIP-EDMK without having access to its real value, hence it limits the risk of leak of the FIP-EDMK.
Note : In OSTL, TF-A does not support unwrapping the FIP-EDMK. So if you want to execute a secure boot with an encrypted FIP, you should select "No Encryption" in STM32 Trusted Package Creator.
2025-07-08 5:58 AM
Hello @ThinhNguyen,
According to the Reference Manual, if you choose wrapping, the software using the key must perform steps 2 and 3 (step 1 is handled by the SSP).
Here’s a screenshot from the Reference Manual showing the additional details for wrapping keys.
Since your binary size is 32 bytes (256 bits), you can use either Wrapping or Encryption. It’s best to choose Encryption to avoid additional steps.
2025-07-09 1:38 AM
hi @Zakaria1 ,
I have read more in Reference Manual but I am still not clear about the purpose of selecting Enc/Wrap.
We are in the process of creating a Secret file. FIP-EDMK is the input binary file of the Secret file.
Understanding 1:
Enc/Wrap refers to the attribute of the input file. In this case FIP-EDMK. It tells the STM32 Trusted Package Creator Tool that FIP-EDMK is Encrypted/Not Encrypted/Wrap. STM32 Trusted Package Creator will have a way to handle the input file appropriately for each case.
Understanding 2:
Enc/Wrap tells the STM32 Trusted Package Creator that FIP-EDMK needs to be Encrypted/ No Encrypted/Wrap in the secret file.
Please advise which interpretation is correct.
2025-07-09 6:25 AM
Hello,
Understanding 2 is correct.
More precisely, the FIP-EDMK will be Encrypted of Wrapped by the embedded SSP software during the SSP procedure.
Enc/Wrap feature is used to obfuscate the secret programmed on the SoC :
The main advantage of Wrapping against Encryption is that when you unwrap the FIP-EDMK to retrieve the value the input file, SAES directly write the FIP-EDMK in the key register of SAES : step 2 figure 538 of @Zakaria1 screenshot. So the FIP-EDMK unwrapped is never accessible by the OEM firmware deployed on the product (CubeHAL, OpenSTLinux, ...). The OEM firmware is using the FIP-EDMK without having access to its real value, hence it limits the risk of leak of the FIP-EDMK.
Note : In OSTL, TF-A does not support unwrapping the FIP-EDMK. So if you want to execute a secure boot with an encrypted FIP, you should select "No Encryption" in STM32 Trusted Package Creator.
2025-07-09 6:58 PM
Hi @ThomasBou and @Zakaria1,
Thanks for explaining clearly.