I am working on STM32 Trusted Package Creator. I read the artical How to deploy SSP using a step-by-step approach at section "3.1.2.2. Secret file content for STM32MP2 series". I need to create a secret file that contain FIP-EDMK OTP as the image below:
Could you please explain on Enc/Wrap box.
- When should I select No Encryption?
- When should I select Wrapping?
- When should I select Encryption?
For the FIP-EDMK What should I select?
Hello @ThinhNguyen,
- No-Encryption: Multiples of 32 bits (4 bytes)
- Wrapping: For encryption keys of 128 bits (16 bytes) or 256 bits (32 bytes)
- Encryption: For any data that is a multiple of 128 bits (AES block size)
According to the Reference Manual, if you choose wrapping, the software using the key must perform steps 2 and 3 (step 1 is handled by the SSP).
Here’s a screenshot from the Reference Manual showing the additional details for wrapping keys.
Since your binary size is 32 bytes (256 bits), you can use either Wrapping or Encryption. It’s best to choose Encryption to avoid additional steps.
