Last edited 4 weeks ago

Secure Secret Provisioning (SSP) overview

Applicable for STM32MP13x lines, STM32MP15x lines, STM32MP25x lines

This article gives information about the Secure Secret Provisioning (SSP) feature.

A complete feature description is available in the dedicated SSP application note[1].

1. Feature purpose[edit source]

To meet the market security requests and protect customers against any leakage of their Intellectual Properties, STMicroelectronics introduces a security feature, the secure secret provisioning (SSP), allowing the OEM secrets programming into STM32 MPU one time programming (OTP) area in a secure way (with confidentiality, authentication and integrity checks). The STM32 Arm® Cortex® MPUs More info.png support protection mechanisms that allows the protection of critical operations (such as cryptography algorithms) and critical data (such as secret keys) against unexpected access.
This article gives an overview of the STM32 Arm® Cortex® MPUs More info.png SSP solution with its associated tools ecosystem.

Following the STM32 MCU SFI strategy[2], the SSP processing relies on an STM32 Hardware Security Module[3] (HSM) to manage chip authentication and and to unwarily encrypt exchange data with STM32 Arm® Cortex® MPUs More info.png The STM32 Arm® Cortex® MPUs More info.png authentication allows to count the number of provisioned devices. The STM32 HSM is connected to the manufacturing programming tool (STM32CubeProgrammer presented as an example) that uploads the encrypted data to the chip.

Once the SSP is completed, the STM32 Arm® Cortex® MPUs More info.png contains all the secrets of the OEM and all the STM32 Arm® Cortex® MPUs More info.png secure mechanism are enabled.

2. System overview[edit source]

The SSP is a secure system mechanism implemented in STM32 Arm® Cortex® MPUs More info.png that allows secured and counted installation of OEM secrets in untrusted production environment (such the OEM contract manufacturer).
The SSP process prevents the OEM secrets from:

  • being accessed by the contract manufacturer.
  • being extracted or disclosed.
  • being over produced.

SSP Highlevel.png

2.1. Component description[edit source]

  • STM32HSM-V2: The HSMv2 used for SSP offers a way to verify authenticity of the STM32 Arm® Cortex® MPUs More info.png under provisioning. Once the authentication is confirmed, it generates a per device license and decremented the number of possible provisioned devices.
  • Programmer: The manufacturing programming tool (represented as STM32CubeProgrammer in the previous example) is the link between the STM32 Arm® Cortex® MPUs More info.png and the HSM.
  • OEM secrets: This is the file which contains the OEM data which must be securely transferred into the STM32 Arm® Cortex® MPUs More info.png. The file has been previously contructed with the STM32 Trusted Package Creator.
  • STM32 Arm® Cortex® MPUs More info.png: This is the virgin STM32 Arm® Cortex® MPUs More info.png to be provisioned.

2.1.1. STM32HSM-V2[edit source]

The STM32HSM-V2 is a configurable hardware security module that is required to establish a secure connection with the STM32 Arm® Cortex® MPUs More info.png.

Thanks to STM32 Trusted Package Creator, it is possible to specify the HSM to the targetted product.

The provisioning of the STM32HSM-V2 is explained in this article.

Provisioning the HSM stands to:

  • record the specific data associated to the STM32 Arm® Cortex® MPUs More info.png.
  • save the OEM symetric key used to decrypt the secrets.

2.1.2. Programmer[edit source]

The programmer is the communication tool making the link between HSM and STM32 Arm® Cortex® MPUs More info.png.

The protocol for connecting to the target is available in USB DFU/USART protocols used in STM32MP1 series bootloaders and the extension for SSP Overview of the secure secret provisioning (SSP) on STM32MP1 series.

A reference implementation is available through STM32CubeProgrammer.

Some partners solutions are also available such as Elprotronics[4]

2.1.3. OEM Secrets[edit source]

The OEM secrets file is a data file, encrypted that contains the all the secrets which must be embedded in the target to make the device secure. It must at least contains:

  • the Root of trust for the initial firmware authentication
  • the RMA password

All the other secret keys or password might be transported in the OEM file.

The secret file can be generated using STM32 Trusted Package Creator.

2.2. STM32 Arm® Cortex® MPUs More info.png SSP implementation[edit source]

The STM32 Arm® Cortex® MPUs More info.png implementation relies on two embedded software parts:

Warning white.png Warning
On STM32MP1 series, the SSP process requires to reset the chip to exchange information between the two embedded software stages, the vddcore must be maintained during this phase in order to preserve the SYSRAM content during software reset.

2.3. ROM Code SSP implementation[edit source]

The ROM code has a complete access to chip data. During the SSP process, it is in charge of:

  • Generating the chip certificate.
  • Connecting to programming tool via serial interface binary loading.
  • Downloading the SSP Firmware in SYSRAM from serial interface.
  • Authenticating the SSP Firmware.
  • Executing SSP firmware

On STM32MP1 series, the ROM code is also:

  • Decrypting the secret data.

On STM32MP2 series, the ROM code is also:

  • Downloading the OEM secret file.

2.4. SSP firmware[edit source]

2.4.1. STM32MP1 series[edit source]

The SSP firmware is based on TF-A BL2 implementation.

The TF-A BL2 SSP Firmware is a specific code that extends the communication with the programming tool and is in charge of specific SSP commands to:

  • Initializes the SSP process by changing the chip life cycle state to secure provisioning state.
  • Sends the ROM code prepared chip certificate to the programming tool to allow chip authentication.
  • Receives the secret data binary from the programming tool and store it in a dedicated secure memory region for the ROM code.
  • Writes all the decrypted secrets in the chip OTP and sets the chip to Secure closed device state.

This part of code is using part of TF-A BL2 generic code but is only restricted to serial connection mode and OTP access. The TF-A SSP size is limited to the minimum but required a dedicated board configuration (over device tree).

2.4.2. STM32MP2 series[edit source]

The SSP firmware is a dedicated ST firmware that is signed and encrypted by ST.

It ensures a safe implementation of the secure secret provisioning.

3. To go further[edit source]

A dedicated page how to deploy SSP: a step-by-step approach explains how to configure and run a complete SSP process.

4. References[edit source]