[PATCH v2 1/4] ARM: stm32: Fix ECDSA authentication with Dcache enabled

Marek Vasut marex at denx.de
Wed Dec 14 17:15:47 CET 2022


On 12/12/22 10:40, Patrick DELAUNAY wrote:
> Hi,

Hello Patrick

[...]

>> Hmmm, what does the BootROM use CRYP for then ?
> 
> 
> used for SSP = Secure Secret Provisioning
> 
> https://wiki.st.com/stm32mpu/wiki/Secure_Secret_Provisioning_(SSP)

Oh, only this part, I see.

>> It is necessary to have MP15xC/F for the authenticated boot to work, 
>> but it seems the only difference there is the presence of CRYP. Or is 
>> there some BootROM fuse too ?
> 
> 
> Yes,  the secure boot feature availability is indicated in the security 
> field of the chip part number, for STM32MP13 and STM32MP15.
> 
> - SSP is not supported
> 
> - the associated authentication feature for secure boot is deactivated 
> in ROM code
> 
> 
> => the key is burned/locked in OTP on these chips
> 
>        and checked by ROM code before to authenticate the FSBL

Thank you for the clarification, this is really useful.


More information about the U-Boot mailing list