Abubuwan da ke ciki boye
1 ST Microelectronics STM32 Sa hannu Software
2 Gabatarwa
3 Shigar da STM32-SignTool
4 Tsarin layin umarni na STM32-SignTool
5 ExampBayanan Bayani na STM32-SignTool
6 FAQ
7 Takardu / Albarkatu
7.1 Magana

ST Microelectronics STM32 Sa hannu Software

Gabatarwa

STM32 sa hannu software kayan aiki (mai suna STM32-SignTool a cikin wannan takarda) an haɗa shi a cikin STM32CubeProgrammer (STM32CubeProg). STM32-SignTool kayan aiki ne mai mahimmanci wanda ke ba da garantin kafaffen dandamali kuma yana tabbatar da sanya hannu kan hotuna na binary ta amfani da maɓallan ECC da STM32-KeyGen ke samarwa (koma zuwa bayanin jagorar mai amfani da maɓallin janareta na STM32 (UM2542) don ƙarin cikakkun bayanai). Ana amfani da hotunan binaryar da aka rattaba hannu a lokacin amintaccen jerin taya na STM32 wanda ke goyan bayan amintaccen sarkar takalmin. Wannan aikin yana tabbatar da tantancewa da amincin hotunan da aka ɗora. STM32-SignTool yana haifar da hoton binary file, maɓalli na jama'a file, da maɓalli na sirri file. Hoton binary file ya ƙunshi bayanan binary da za a tsara don na'urar. Makullin jama'a file ya ƙunshi maɓallin jama'a na ECC a tsarin PEM, wanda aka ƙirƙira tare da STM32-KeyGen. Maɓalli na sirri file ya ƙunshi rufaffen maɓallin keɓaɓɓen ECC a tsarin PEM, wanda aka ƙirƙira tare da STM32-KeyGen. Binary mai sa hannu file Hakanan za'a iya ƙirƙira daga wanda aka riga aka sa hannu file tare da batch file yanayin. A wannan yanayin, sigogi masu zuwa ba dole ba ne: wurin shigar hoto, adireshin ɗaukar hoto, da sigogin sigar hoto. Wannan takaddar ta shafi samfuran da aka jera a teburin da ke ƙasa.

Tebur 1. Abubuwan da suka dace

Nau'in samfur Lambar sashi ko jerin samfur
Mai sarrafawa Saukewa: STM32N6
Microprocessor STM32MP1 da STM32MP2 jerin

A cikin sassan masu zuwa, STM32 yana nufin samfuran da aka jera a cikin tebur na sama, sai dai in an bayyana su.

Shigar da STM32-SignTool

An shigar da wannan kayan aiki tare da kunshin STM32CubeProgrammer (STM32CubeProg). Don ƙarin bayani game da tsarin saiti, koma zuwa sashe na 1.2 na bayanin software STM32CubeProgrammer (UM2237). Wannan software tana goyan bayan samfuran STM32 bisa Arm® Cortex® processor.

Lura: Arm alamar kasuwanci ce mai rijista ta Arm Limited (ko rassan sa) a cikin Amurka da/ko wani wuri.

Tsarin layin umarni na STM32-SignTool

Sashe masu zuwa suna bayyana yadda ake amfani da STM32-SignTool daga layin umarni.

Umarni

Ana jera umarnin da ake da su a ƙasa:

  • -binary-image(-bin), -input(-in)
    • Bayani: Hoton binary file hanya (.bin tsawo)
    • Syntax: 1 -bin /home/User/binaryFile.bin
    • Syntax: 2-in /home/User/binaryFile.bin
  • -Sigar-image (-iv)
    • Bayani: yana shigar da sigar hoton hoton da aka sa hannu file
    • Haɗin kai: -iv
  • - maɓalli na sirri (-prvk)
    • Bayani: maɓalli na sirri file hanya (.pem tsawo)
    • Haɗin kai: -prvkfile_tafarki>
    • Example: -prvk ../privateKey.pem
  • - maɓalli na jama'a - pubk
    • Bayani: maɓallin jama'a file hanyoyi
    • Haɗin kai: -pubkFile_Hanya{1..8}>
      • Don taken v1: yi amfani da hanya ɗaya kawai don samfuran STM32MP15xx
      • Don taken v2 kuma mafi girma: yi amfani da hanyoyi guda takwas don wasu
  • kalmar sirri (-pwd)
    • Bayani: kalmar sirri na maɓalli na sirri (wannan kalmar sirri dole ne ta ƙunshi aƙalla haruffa huɗu)
    • Example: -pwd azarty
    • • –adireshin kaya (-la)
    • Bayani: adireshin ɗaukar hoto
    • Exampku:- ba
  • -maki-shiga (-ep)
    • Bayani: wurin shigar hoto
    • Exampku: ep
  • - tutoci na zaɓi (-na)
    • Bayani: Tutocin zaɓi na hoto (ƙimar tsoho = 0)
    • Example: - da
  • Algorithm (-a)
    • Bayani: Yana ƙayyade ɗaya daga cikin prime256v1 (darajar 1, tsoho) ko brainpoolP256t1 (darajar 2)
    • Exampda: - a <2>
  • - fitarwa (-o)
    • Bayani: fitarwa file hanya. Wannan siga na zaɓi ne. Idan ba a ƙayyade ba, fitarwa file An generated atthe guda source file hanyar (Example, hoton binary file shine C: \ BinaryFile.bin). Binaryar da aka sanya hannu file shine C: \ BinaryFile_Sa hannu.bin.
    • Syntax: -oFile_Tafarki>
  • - nau'in (-t)
    • Bayani: nau'in binary. Mahimman ƙima sune ssbl, fsbl, teeh, teed, teex, da copro
    • Jumla: -t
  • - shiru (-s)
    • Bayani: babu saƙon da aka nuna don maye gurbin fitarwa mai gudana file
  • -taimako (-h da -?)
    • Bayani: yana nuna taimako
  • - sigar (-v)
    • Bayani: yana nuna sigar kayan aiki
  • -enc-dc (-encdc)
    • Bayani: Tsawon ɓoye ɓoye don ɓoye ɓoyayyen FSBL [header v2]
    • Syntax: -encdc
  • - maɓalli (-enck)
    • Bayani: Sirrin OEM file don boye-boye na FSBL [header v2]
    • Syntax: -enck
  • - juji-kai (-juji)
    • Bayani: bita da zubar da taken hoto
    • Syntax: -jujiFile_Tafarki>
  • - sigar kai (-hv)
    • Bayani: sigar sa hannu, ƙimar ƙima: 1, 2, 2.1, 2.2, da 2.3
    • Exampdon STM32MP15xx: -hv 2
    • Exampdon STM32MP25xx: -hv 2.2
    • Example don STM32N6xxx: -hv 2.3
  • -ba-maɓalli (-nk)
    • Bayani: ƙara fankon kai ba tare da zaɓuɓɓukan maɓalli ba
    • Sanarwa: buƙatar musaki zaɓin tantancewa tare da umarnin tutoci na zaɓi

ExampBayanan Bayani na STM32-SignTool

Mai zuwa exampNuna yadda ake amfani da STM32-SignTool:

Exampshafi na 1

-bin /gida/User/BinaryFile.bin –pubk /home/user/publicKey.pem –prvk /home/user/privateKey.pem –iv 5 –pwd azerty –la 0x20000000 –ep 0x08000000 An zaɓi tsoffin algorithm (prime256v1) kuma ƙimar tuta ita ce 0. Abun fitarwa da aka sanya hannu file (BinaryFile_Signed.bin) an ƙirƙira shi a cikin /home/user/ folder

Exampshafi na 2

-bin /gida/User/Jaka1/BinaryFile.bin –pubk /home/user/publicKey.pem –prvk /home/user/privateKey.pem –iv 5 –pwd azerty –s –la 0x20000000 –ep 0x08000000 –a 2 –o /gida/mai amfani/Folder2/Folder3File.bin An zaɓi algorithm BrainpoolP256t1 a wannan yanayin. Ko da Folder2 da Folder3 ba su wanzu, an ƙirƙira su. Tare da umarnin –s, ko da a file yana wanzu tare da ƙayyadadden suna, ana maye gurbinsa ta atomatik ba tare da wani saƙo ba.

Exampshafi na 3

Sa hannu kan binary file ta amfani da sigar rubutun kai 2 wanda ya ƙunshi maɓallan jama'a takwas don kwararar tantancewa.

./STM32_SigningTool_CLI.exe -bin /home/user/input.bin -pubk jama'aKey00.pem na jama'aKey01.pem na jama'aKey02.pem jama'aKey03.pem jama -t fsbl -iv 04x05 -la 06x07 -ep 00x0 -na 00000000x0 -o /home/user/output.stm20000000

Exampshafi na 4

Sa hannu kan binary file ta amfani da sigar rubutun kai 2 wanda ya haɗa da maɓallan jama'a takwas don tantancewa tare da kwararar ɓoyewa.

./STM32_SigningTool_CLI.exe -bin /home/user/input.bin -pubk jama'aKey00.pem na jama'aKey01.pem na jama'aKey02.pem jama'aKey03.pem jama 04x05 -pwd azerty -la 06x07 -ep 00x0 -t fsbl -na 00000000x0 -encdc 20000000x0f08000000e -enck /home/user/OEM_SECRET/us0m

Exampshafi na 5

Tabbatar da hoton da aka samo ta hanyar karkatar da fitarwa file kuma duba kowane filin taken. ./STM32_SigningTool_CLI.exe -dump /home/user/output.stm32

Exampshafi na 6

Ƙara kan kai ba tare da sa hannu ba kuma ba tare da tura maɓallai ba. STM32_SigningTool_CLI.exe -in input.bin -nk -na 0x0 -iv 1 -hv 2.2 -o fitarwa.stm32

Yanayin tsaye

Lokacin aiwatar da STM32-SignTool a yanayin keɓe, dole ne a fara shigar da cikakkiyar hanya. Sannan ana buƙatar kalmar sirri sau biyu don tabbatarwa, kamar yadda aka nuna a hoton da ke ƙasa.

Hoto 1. STM32-SignTool a cikin keɓantaccen yanayi

Matakai na gaba sune kamar haka:

  • Zaɓi ɗaya daga cikin algorithms guda biyu.
  • Shigar da sigar hoto, wurin shigar hoton, da adireshin ɗaukar hoto.
  • Shigar da ƙimar tutar zaɓi.

Wani fitarwa file Ana iya ƙayyade hanya idan an buƙata, ko danna shigar don ci gaba da wanda yake.

PKCS#11 mafita
Ana amfani da hotunan binaryar da aka rattaba hannu a lokacin amintaccen jerin taya na STM32 wanda ke goyan bayan amintaccen sarkar takalmin.
Wannan aikin yana tabbatar da tantancewa da amincin hotunan da aka ɗora.
Umurnin sa hannu na gargajiya yana buƙatar samar da duk maɓallan jama'a da na sirri azaman shigarwa files. Wadannan su ne
kai tsaye zuwa ga kowane mutumin da aka ba shi izinin aiwatar da sabis ɗin sa hannu. A ƙarshe, ana iya la'akari da wannan
ya zama ruwan tsaro. Akwai mafita da yawa don kare maɓalli daga duk wani yunƙuri na satar mahimman bayanai. A cikin wannan
mahallin, an karɓi maganin PKCS#11.
Ana iya amfani da PKCS#11 API don ɗauka da adana maɓallan sirri. Wannan keɓancewa yana ƙayyade yadda ake
sadarwa tare da na'urorin sirri kamar HSMs (samfurin tsaro na hardware) da smartcards. The
Manufar waɗannan na'urori shine samar da maɓallan sirri da sanya hannu akan bayanai ba tare da bayyana maɓalli na sirri ba
abu zuwa duniyar waje.
Aikace-aikacen software na iya kiran API don amfani da waɗannan abubuwa don:
• Ƙirƙirar maɓallan simmetric/maɓallin asymmetric
• Rufewa da ɓoyewa
• Yin lissafi da tabbatar da sa hannun dijital
PKCS #11 yana gabatar da aikace-aikace na gama-gari, mai ma'ana view na na'urar da ake kira cryptographic token da ita
yana ba da ID na slot ga kowane alama. Aikace-aikacen yana gano alamar da yake son samun dama ta hanyar tantancewa
dace slot ID.
Ana amfani da STM32SigningTool don sarrafa mahimman abubuwan da aka adana akan smartcards da makamantan tsaro na PKCS#11
Alamu inda maɓallan sirri masu mahimmanci ba su taɓa barin na'urar ba.
STM32SigningTool yana amfani da ƙirar PKCS#11 don sarrafawa da sanya hannu akan binaries dangane da ECDSA.
maɓallan jama'a/na sirri. Ana adana waɗannan maɓallan a cikin alamun tsaro (hardware ko software).

Ƙarin umarni na PKCS#11

  • -module (-m)
    • Bayani: saka PKCS#11 module/Hanyar Laburare don lodawa (dll, haka)
    • Jumla:-m
    • • -maɓalli-index (-ki)
  • -key-index (-ki)
    • Bayani: lissafin maɓallan da aka yi amfani da su a cikin tsarin hex
      • Yi amfani da fihirisa ɗaya don kai v1 da fihirisa takwas don kai v2 (rabu da sarari)
    • Syntax: -ki
  • -slot-index (-si)
    • Bayani: saka fihirisar ramin don amfani (tsoho 0x0)
    • Syntax:-si
  • -slot-mai ganowa (-sid)
    • Bayani: Ƙayyade mai gano ramin don amfani (na zaɓi, a cikin tsari na ƙima ko hexadecimal)
    • Syntax:-sid
      • Idan an yi amfani da zaɓin –slot-identifier a lokaci guda tare da –slot-index, kayan aikin yana bincika idan wannan saitin ya yi daidai da ramin guda ɗaya. Mai ganowa yana nuna alamar da aka ambata; in ba haka ba, kuskure yana faruwa.
      • Yana yiwuwa a yi amfani da -slot-identifier ba tare da ambaton-slot-index ba. Kayan aikin suna bincika fihirisar Ramin a tsanake.
  • -Active-keyIndex (-aki)
    • Bayani: saka ainihin maɓalli mai aiki (tsoho 0)
    • Syntax: -aki <hexValue>

PKH/PKTH file tsara

Bayan aiwatar da aikin sa hannu, kayan aikin yana samar da PKH cikin tsari files don amfani bayan fuse OTP.

  • PKH file mai suna pkcsHashPublicKey0x{active_key_index}.bin don kai v1
  • PKTH file mai suna pkcsPublicKysHashHashes.bin don kai v2

Examples

Kayan aiki na iya sa hannu kan shigarwa files don duka v1 da kai v2, tare da ɗan ƙaramin bambanci a cikin layin umarni.

  • Babban v1
    -bin shigar.bin -iv -pwd - da -ep -t -na -
    -key-index -aki 0 ​​-module -slot-index -o fitarwa.stm32
  • Babban v2
    -bin shigar.bin -iv -pwd - da -ep -t -na --key-index -aki - module -slot-index -o fitarwa.stm0

Kuskure akan layin umarni, ko gazawar kayan aiki don gano mahimman abubuwan da suka dace, yana haifar da bayyanar saƙon kuskure. Wannan yana nuna tushen matsalar. The SigningTool yana da ikon amfani da HSMs da aka riga aka tsara, kuma ba a ƙirƙira shi don sarrafa ko ƙirƙirar sabbin abubuwan tsaro ba. Don haka, ya zama dole a shigar da software kyauta don kafa yanayi mai dacewa. Ana iya ƙirƙirar maɓallan, da bayanai game da abubuwan da aka samu.

Zaɓin mai gano rami:

  • -bin shigarwar.bin -type fsbl -hv 1 -key-index 0x40 -aki 0 ​​-module softhsm2.dll -password prg-dev -ep 0x2ffe4000 -s -si 0 -sid 0x51a53ad8 -la 0x2ffc2500 -0x0st

Kuskure exampda:

  • Fihirisar ramin da ba daidai ba

Hoto 2. HSM TOKEN_NOT_RECOGNIZED
Abun maɓalli wanda ba a sani ba wanda aka ambata a cikin umarnin-key-index

Hoto 3. HSM OBJECT_HANDLE_INVALID

Kayan aiki yana kula da abubuwa a jere. Idan ba za ta iya gano maɓallan maɓalli ba a farkon gwaji, aikin sa hannu yana dakatar da aikin. Ana nuna saƙon kuskure don nuna tushen matsalar.

Tarihin bita

Tebur 2. Tarihin bitar daftarin aiki

Kwanan wata Sigar Canje-canje
14-Fabrairu-2019 1 Sakin farko.
 

 

26-Nuwamba-2021

  

 

2

 An sabunta:

• Sashi na 2.1: Umarni

• Sashi na 2.2: ExampBayanan Bayani na STM32-SignTool

• Ƙara Sashe 2.4: PKCS#11 bayani
27-Yuni-2022 3 Sabunta Sashe 2.1: Umarni
 

 

 

26-Yuni-2024

  

 

 

4

 An maye gurbinsa a cikin duka daftarin aiki:

• jerin STM32MP1 ta jerin STM32MPx

• STM32MP1-SignTool ta STM32MP-SignTool

• STM32MP1-KeyGen ta STM32MP-KeyGen

An sabunta -Maɓallin jama'a -pubk da ƙara - sigar-header (-hv) da -no-keys (- nk) a cikin Sashe na 2.1: Umurnai.

Ya kara da cewa “Example 6” a Sashe na 2.2: ExampBayanan Bayani na STM32-SignTool.
 

 

 

14-Nuwamba-2024

  

 

 

5

 Ƙara:

• Jerin STM32N6 zuwa samfuran da suka dace An maye gurbinsu a cikin duk takaddun:

• STM32MP ta STM32

An sabunta:

• Sashi na 2.1: Umarni
 

06-Maris-2025

  

6

 An sabunta:

• Sashe 2.4.1: Ƙarin umarni na PKCS#11

• Sashi na 2.4.3: Examples

MUHIMMAN SANARWA – KU KARANTA A HANKALI

STMicroelectronics NV da rassan sa ("ST") sun tanadi haƙƙin yin canje-canje, gyare-gyare, haɓakawa, gyare-gyare, da haɓakawa ga samfuran ST da/ko ga wannan takaddar a kowane lokaci ba tare da sanarwa ba. Ya kamata masu siye su sami sabbin bayanai masu dacewa akan samfuran ST kafin yin oda. Ana siyar da samfuran ST bisa ga sharuɗɗa da sharuɗɗan siyarwa na ST a wurin lokacin amincewa. Masu siye ke da alhakin zaɓi, zaɓi, da amfani da samfuran ST kuma ST ba ta ɗaukar alhakin taimakon aikace-aikacen ko ƙirar samfuran masu siye. Babu lasisi, bayyananne ko fayyace, ga kowane haƙƙin mallakar fasaha da ST ke bayarwa a nan. Sake siyar da samfuran ST tare da tanadi daban-daban da bayanan da aka gindaya a ciki zai ɓata kowane garantin da ST ya bayar don irin wannan samfurin. ST da tambarin ST alamun kasuwanci ne na ST. Don ƙarin bayani game da alamun kasuwanci na ST, koma zuwa www.st.com/trademarks. Duk sauran samfuran ko sunayen sabis mallakin masu su ne. Bayanin da ke cikin wannan takarda ya maye gurbin bayanan da aka kawo a baya a cikin kowane juzu'in wannan takaddar.

© 2025 STMicroelectronics – Duk haƙƙin mallaka

FAQ

  • Tambaya: Menene zan yi idan na gamu da kurakurai yayin amfani da STM32-SignTool?
    • A: Bincika tsarin tsarin umarni, tabbatar da cewa an samar da duk sigogin da ake buƙata daidai, kuma koma zuwa littafin mai amfani don shawarwarin matsala.
  • Tambaya: Zan iya amfani da STM32-SignTool akan tsarin aiki daban-daban?
    • A: STM32-SignTool an tsara shi don yin aiki akan takamaiman tsarin aiki. Koma zuwa ƙayyadaddun software don cikakkun bayanai masu dacewa.

Takardu / Albarkatu

ST Microelectronics STM32 Sa hannu Software [pdf] Manual mai amfani
STM32N6 jerin, STM32MP1, STM32MP2 jerin, STM32 Sa hannu Tool Software, STM32, Sa hannu Tool Software, Kayan aiki Software, Software

Magana

Bar sharhi

Ba za a buga adireshin imel ɗin ku ba. Ana yiwa filayen da ake buƙata alama *