Zviri mukati hide
1 ST Microelectronics STM32 Signing Tool Software
2 Nhanganyaya
3 Isa STM32-SignTool
4 STM32-SignTool yekuraira mutsara interface
5 Exampzvimwe zve STM32-SignTool
6 FAQ
7 Zvinyorwa / Zvishandiso
7.1 References

ST Microelectronics STM32 Signing Tool Software

Nhanganyaya

Iyo STM32 yekusaina chishandiso software (inonzi STM32-SignTool mugwaro iri) inosanganiswa muSTM32CubeProgrammer (STM32CubeProg). STM32-SignTool chishandiso chakakosha chinovimbisa chikuva chakachengeteka uye chinova nechokwadi chekusainwa kwemifananidzo yebhinari uchishandisa makiyi eECC anogadzirwa neSTM32-KeyGen software (ona bhuku remushandisi STM32 key generator software tsananguro (UM2542) kuti uwane rumwe ruzivo). Iwo akasainwa mabhinari mapikicha anoshandiswa panguva yeSTM32 yakachengeteka boot sequence inotsigira yakavimbika boot cheni. Chiito ichi chinovimbisa huchokwadi uye kutendeseka cheki yemifananidzo yakatakura. STM32-SignTool inogadzira mufananidzo webhinari file, kiyi yeruzhinji file, uye kiyi yakavanzika file. Mufananidzo webhinari file ine data yebhinari ichagadzirirwa mudziyo. Kiyi yeruzhinji file ine ECC yeruzhinji kiyi muPEM fomati, yakagadzirwa neSTM32-KeyGen. Kiyi yakavanzika file ine yakavharidzirwa ECC yakavanzika kiyi muPEM fomati, yakagadzirwa neSTM32-KeyGen. Bhanari yakasainwa file inogona zvakare kugadzirwa kubva kune yakasaina kare file ne batch file mode. Muchiitiko ichi, maparamendi anotevera haasungirwe: nzvimbo yekupinda yemufananidzo, kero yemutoro wemufananidzo, uye paramita yemufananidzo. Gwaro iri rinoshanda kune zvigadzirwa zvakanyorwa patafura iri pazasi.

Tafura 1. Zvigadzirwa zvinoshanda

Chigadzirwa mhando Chikamu nhamba kana chigadzirwa chakatevedzana
Microcontroller Nhoroondo ye STM32N6
Microprocessor STM32MP1 uye STM32MP2 nhevedzano

Muzvikamu zvinotevera, STM32 inoreva zvigadzirwa zvakanyorwa patafura iri pamusoro, kunze kwekunge zvataurwa neimwe nzira.

Isa STM32-SignTool

Ichi chishandiso chakaiswa neiyo STM32CubeProgrammer package (STM32CubeProg). Kuti uwane rumwe ruzivo nezve maitiro ekuseta, tarisa kune chikamu 1.2 chemushandisi bhuku STM32CubeProgrammer tsananguro software (UM2237). Iyi software inotsigira STM32 zvigadzirwa zvichibva paArm® Cortex® processor.

Ongorora: Arm chiratidzo chakanyoreswa cheArm Limited (kana vatsigiri vayo) muUS uye/kana kumwewo.

STM32-SignTool yekuraira mutsara interface

Zvikamu zvinotevera zvinotsanangura maitiro ekushandisa STM32-SignTool kubva pamutsetse wekuraira.

Mirairo

Mirairo iripo yakanyorwa pazasi:

  • -binary-image(-bin), -input(-in)
    • Tsanangudzo: mufananidzo webhinari file nzira (.bin extension)
    • Syntax: 1 -bin /home/Mushandisi/bhinariFile.bin
    • Syntax: 2 -in /home/User/binaryFile.bin
  • - mufananidzo-shanduro (-iv)
    • Tsanangudzo: inopinda mufananidzo vhezheni yemufananidzo wakasainwa file
    • Sintakisi: -iv
  • -private-kiyi (-prvk)
    • Description: private key file nzira (.pem extension)
    • Syntax: -prvkfile_nzira>
    • Example: -prvk ../privateKey.pem
  • -public-kiyi -pubk
    • Tsanangudzo: kiyi yeruzhinji file nzira
    • Syntax: -pubkFile_Nzira{1..8}>
      • Yemusoro v1: shandisa nzira imwechete yakakosha yeSTM32MP15xx zvigadzirwa
      • Pamusoro pemusoro v2 uye mukuru: shandisa nzira sere dzemakiyi kune vamwe
  • -password (-pwd)
    • Tsanangudzo: password yekiyi yakavanzika (password iyi inofanirwa kunge iine mavara mana)
    • Example: -pwd azerty
    • • -load-address (-la)
    • Tsanangudzo: mufananidzo mutoro kero
    • Example: -la
  • -yekupinda-nzvimbo (-ep)
    • Tsanangudzo: mufananidzo wekupinda nzvimbo
    • Example: -ep
  • -sarudzo-mureza (-ye)
    • Tsanangudzo: mufananidzo sarudzo mireza (default value = 0)
    • Example: -of
  • -algorithm (-a)
    • Tsanangudzo: inotsanangura imwe yeiyo prime256v1 (value 1, default) kana brainpoolP256t1 (value 2)
    • Example: -a <2>
  • -kubuda (-o)
    • Tsanangudzo: kubuda file nzira. Iyi parameter ndeyekusarudza. Kana zvisina kutaurwa, zvinobuda file inogadzirwa panzvimbo imwe chete file nzira (semuenzanisoample, iyo binary mufananidzo file iri C:\BinaryFile.bhini). Bhanari yakasainwa file iri C:\BinaryFile_Signed.bin.
    • Syntax: -oFile_Nzira>
  • -rudzi (-t)
    • Tsanangudzo: binary type. Hunhu hunobvira ndeiyi ssbl, fsbl, teeh, teed, teex, uye copro
    • Syntax: -t
  • -nyarara (-s)
    • Tsanangudzo: hapana meseji inoratidzwa yekutsiva iripo yabuda file
  • -help (-h uye -?)
    • Tsanangudzo: inoratidza rubatsiro
  • -shanduro (-v)
    • Tsanangudzo: inoratidza chishandiso vhezheni
  • -enc-dc (-encdc)
    • Tsanangudzo: encryption inotorwa nguva dzose yeFSBL encryption [musoro v2]
    • Syntax: -encdc
  • -enc-kiyi (-enck)
    • Tsanangudzo: OEM chakavanzika file yeFSBL encryption [musoro v2]
    • Syntax: -enck
  • -dump-header (-dump)
    • Tsanangudzo: parse uye dusa mufananidzo musoro
    • Syntax: -dumpFile_Nzira>
  • -musoro-vhezheni (-hv)
    • Tsanangudzo: kusaina musoro wevhezheni, zvinokwanisika kukosha: 1, 2, 2.1, 2.2, uye 2.3
    • Example ye STM32MP15xx: -hv 2
    • Example ye STM32MP25xx: -hv 2.2
    • Example ye STM32N6xxx: -hv 2.3
  • -no-makiyi (-nk)
    • Tsanangudzo: kuwedzera isina musoro musoro pasina makiyi sarudzo
    • Chiziviso: inoda kudzima sarudzo yechokwadi nesarudzo mireza yekuraira

Exampzvimwe zve STM32-SignTool

Anotevera examples inoratidza mashandisiro e STM32-SignTool:

Example 1

-bin /home/User/BhinaryFile.bin -pubk /home/user/publicKey.pem -prvk /home/user/privateKey.pem -iv 5 -pwd azerty -la 0x20000000 -ep 0x08000000 The default algorithm (prime256v1) yakasarudzwa uye iyo sarudzo yemureza kukosha 0 ndiyo yakasarudzwa). Iyo yakasainwa yakabuda binary file (BinaryFile_Signed.bin) inogadzirwa mu /home/user/ folda

Example 2

-bin /home/User/Folder1/BinaryFile.bin -pubk /home/user/publicKey.pem -prvk /home/user/privateKey.pem -iv 5 -pwd azerty -s -la 0x20000000 -ep 0x08000000 -a 2 -o /home/user/Folder2/Folder3/FolderFile.bin The BrainpoolP256t1 algorithm inosarudzwa mune iyi kesi. Kunyangwe kana Folder2 uye Folder3 isipo, inogadzirwa. Ne -s murairo, kunyange kana a file iripo ine zita rakataurwa, rinotsiviwa pasina meseji.

Example 3

Saina binary file uchishandisa musoro vhezheni 2 iyo inosanganisira masere eruzhinji makiyi ekuyerera kwechokwadi.

./STM32_SigningTool_CLI.exe -bin /home/user/input.bin -pubk publicKey00.pem publicKey01.pem publicKey02.pem publicKey03.pem publicKey04.pem publicKey05.pem publicKey06.pem publicKeywp07. azerty -t fsbl -iv 00x0 -la 00000000x0 -ep 20000000x0 -of 08000000x0 -o /home/user/output.stm80000001

Example 4

Saina binary file uchishandisa musoro vhezheni 2 iyo inosanganisira masere eruzhinji makiyi ekusimbisa uye encryption kuyerera.

./STM32_SigningTool_CLI.exe -bin /home/user/input.bin -pubk publicKey00.pem publicKey01.pem publicKey02.pem publicKey03.pem publicKey04.pem publicKey05.pem publicKey06.pem publicKey07. 00x0 -pwd azerty -la 00000000x0 -ep 20000000x0 -t fsbl -of 08000000x0 -encdc 00000003x0f25205e -enck /home/user/OEM_SECRET/outputmstm.

Example 5

Chengetedza mufananidzo wabuda nekupatsanura zvabuda file uye tarisa imwe neimwe yemusoro ndima. ./STM32_SigningTool_CLI.exe -dump /home/user/output.stm32

Example 6

Wedzera musoro usina kusaina uye pasina kutumira makiyi. STM32_SigningTool_CLI.exe -in input.bin -nk -of 0x0 -iv 1 -hv 2.2 -o output.stm32

Standalone mode

Paunenge uchiita STM32-SignTool mune yakamira modhi, nzira yakakwana inofanira kutanga yapinzwa. Pasiwedhi inokumbirwa kaviri kuti isimbiswe, sezvinoratidzwa pamufananidzo uri pazasi.

Mufananidzo 1. STM32-SignTool in standalone mode

Matanho anotevera ndeaya anotevera:

  • Sarudza imwe yeaviri algorithms.
  • Pinda mufananidzo wevhezheni, nzvimbo yekupinda mufananidzo, uye kero yemufananidzo.
  • Pinda iyo sarudzo yemureza kukosha.

Kumwe kubuda file nzira inogona kutsanangurwa kana ichidikanwa, kana dzvanya Enter kuti uenderere mberi neiripo.

PKCS#11 mhinduro
Iwo akasainwa mabhinari mapikicha anoshandiswa panguva yeSTM32 yakachengeteka boot sequence inotsigira yakavimbika boot cheni.
Chiito ichi chinovimbisa huchokwadi uye kutendeseka cheki yemifananidzo yakatakura.
Yemhando yekusaina yekuraira inokumbira kuti makiyi ese eruzhinji neakavanzika apiwe sekupinza files. Izvi ndizvo
inosvikika zvakananga nemunhu chero upi zvake anotenderwa kuita basa rekusaina. Pakupedzisira, izvi zvinogona kuonekwa
kuva chengetedzo leak. Pane mhinduro dzinoverengeka dzekuchengetedza makiyi kubva kune chero kuedza kuba data kiyi. Mune izvi
mamiriro ezvinhu, mhinduro yePKCS#11 yakagamuchirwa.
Iyo PKCS#11 API inogona kushandiswa kubata nekuchengetedza cryptographic kiyi. Iyi interface inotsanangura maitiro ekuita
kutaurirana necryptographic zvishandiso seHSMs (hardware kuchengetedza modules) uye smartcards. The
Chinangwa chemidziyo iyi kugadzira makiyi ecryptographic uye kusaina ruzivo pasina kuburitsa zvakavanzika-kiyi
zvinhu kune kunze kwenyika.
Zvishandiso zveSoftware zvinogona kufonera API kushandisa zvinhu izvi ku:
• Gadzira symmetric/asymmetric keys
• Encryption uye decryption
• Kuongorora uye kuongorora siginecha yedhijitari
PKCS #11 inopa kune zvikumbiro zvakajairika, zvine musoro view yemudziyo unonzi cryptographic token and it
inopa slot ID kune imwe neimwe chiratidzo. Chikumbiro chinozivisa chiratidzo chainoda kuwana nekutsanangura iyo
yakakodzera slot ID.
Iyo STM32SigningTool inoshandiswa kubata zvinhu zvakakosha zvakachengetwa pasmartcards uye yakafanana PKCS#11 chengetedzo.
tokens uko makiyi akavanzika akavanzika haambosiya mudziyo.
Iyo STM32SigningTool inoshandisa iyo PKCS#11 interface kubata nekusaina mabhinari ekuisa zvichienderana neECDSA.
makiyi eruzhinji/akavanzika. Aya makiyi anochengetwa mumatokeni ekuchengetedza (hardware kana software).

Yekuwedzera PKCS#11 mirairo

  • -module (-m)
    • Tsanangudzo: tsanangura PKCS#11 module/raibhurari nzira yekurodha (dll, saka)
    • Syntax:-m
    • • -key-index (-ki)
  • -kiyi-index (-ki)
    • Tsanangudzo: runyorwa rweakashandiswa makiyi indexes mune hex fomati
      • Shandisa imwe index yemusoro v1 uye masere indexes emusoro v2 (yakaparadzaniswa nenzvimbo)
    • Syntax: -ki
  • -slot-index (-si)
    • Tsanangudzo: tsanangura indekisi ye slot yekushandisa (default 0x0)
    • Syntax:-si
  • -slot-identifier (-sid)
    • Tsanangudzo: tsanangura identifier yeslot yekushandisa (inosarudza, mune decimal kana hexadecimal fomati)
    • Syntax:-sid
      • Kana iyo sarudzo -slot-identifier ikashandiswa panguva imwe chete ne -slot-index, chishandiso chinotarisa kana iyi gadziriso ichienderana neyakafanana slot. Chiziviso chinoratidza index yakataurwa; kana zvisina kudaro, kukanganisa kunoitika.
      • Zvinogoneka kushandisa -slot-identifier pasina kutaura -slot-index. Zvishandiso zvinotsvaga iyo slot index zvine hurongwa.
  • -active-keyIndex (-aki)
    • Tsanangudzo: tsanangura iyo chaiyo inoshanda kiyi index (default 0)
    • Syntax: -aki <hexValue>

PKH/PKTH file generation

Mushure mekugadzirisa basa rekusaina, chishandiso chinogadzira PKH files yekushandisa mushure meOTP fuse.

  • PKH file yakanzi pkcsHashPublicKey0x{active_key_index}.bin yemusoro v1
  • PKTH file yakanzi pkcsPublicKeysHashHashes.bin yemusoro v2

Examples

Chishandiso chinogona kusaina mapindiro files yezvose musoro v1 uye musoro v2, ine musiyano mudiki mumutsetse wekuraira.

  • Musoro v1
    -bin input.bin -iv -pwd -la -ep -t -of -
    -key-index -aki 0 ​​-module -slot-index -o output.stm32
  • Musoro v2
    -bin input.bin -iv -pwd -la -ep -t -of --key-index -aki -module -slot-index -o output.stm0

Kukanganisa pamutsara wekuraira, kana kusakwanisa kwechishandiso kuona zvinhu zvakakosha zvinoenderana, zvinoita kuti meseji yemhosho iratidzike. Izvi zvinoratidza kwakabva dambudziko. Iyo SigningTool inokwanisa chete kushandisa preconfigured HSMs, uye haina kugadzirwa kubata kana kugadzira zvinhu zvitsva zvekuchengetedza. Naizvozvo, zvinodikanwa kuisa software yemahara kumisikidza nzvimbo yakakodzera. Makiyi anogona kubva agadzirwa, uye ruzivo nezvezvinhu zvakawanikwa.

Slot identifier sarudzo:

  • -bin input.bin -type fsbl -hv 1 -key-index 0x40 -aki 0 ​​-module softhsm2.dll -password prg-dev -ep 0x2ffe4000 -s -si 0 -sid 0x51a53ad8 -la 0x2ffc2500 -iv0 -iv 0 -iv 80000000x32

Error exampzvishoma:

  • Slot index haisiriyo

Mufananidzo 2. HSM TOKEN_NOT_RECOGNIZED
Chinhu chakakosha chisingazivikanwe chinotaurwa mu -key-index command

Mufananidzo 3. HSM OBJECT_HANDLE_INVALID

Chishandiso chinobata zvinhu zvakatevedzana. Kana ikasakwanisa kuona zvinhu zvakakosha pakuedza kwekutanga, kusaina kumisa maitiro. Meseji yemhosho inozoratidzwa kuratidza kwabva dambudziko.

Nhoroondo yekudzokorora

Tafura 2. Document revision history

Date Version Kuchinja
14-Feb-2019 1 Kusunungurwa kwekutanga.
 

 

26-Nov-2021

  

 

2

 Updated:

• Chikamu 2.1: Mirairo

• Chikamu 2.2: Eksampzvimwe zve STM32-SignTool

• Yakawedzerwa Chikamu 2.4: PKCS#11 mhinduro
27-Jun-2022 3 Yakagadziridzwa Chikamu 2.1: Mirairo
 

 

 

26-Jun-2024

  

 

 

4

 Yakatsiviwa mugwaro rose:

• STM32MP1 series by STM32MPx series

• STM32MP1-SignTool neSTM32MP-SignTool

• STM32MP1-KeyGen neSTM32MP-KeyGen

Yakagadziridzwa -public-kiyi -pubk uye yakawedzerwa -header-version (-hv) uye -no-makiyi (- nk) muChikamu 2.1: Mirairo.

Yakawedzerwa “Example 6” muChikamu 2.2: Eksampzvimwe zve STM32-SignTool.
 

 

 

14-Nov-2024

  

 

 

5

 Akawedzera:

• STM32N6 nhevedzano kune zvigadzirwa zvinoshanda Yakatsiviwa mugwaro rese:

• STM32MP neSTM32

Updated:

• Chikamu 2.1: Mirairo
 

06-Mar-2025

  

6

 Updated:

• Chikamu 2.4.1: Yekuwedzera PKCS#11 mirairo

• Chikamu 2.4.3: Eksamples

CHIZIVISO CHINOKOSHA – VERENGA ZVAKANAKA

STMicroelectronics NV nevatsigiri vayo (“ST”) vanochengeta kodzero yekuita shanduko, kugadzirisa, kusimudzira, gadziridzo, nekuvandudza kuSTproducts uye/kana kugwaro iri chero nguva pasina chiziviso. Vatengi vanofanirwa kuwana ruzivo rwazvino rwakakodzera pane zvigadzirwa zveST vasati vaisa maodha. ST zvigadzirwa zvinotengeswa zvichiteerana ne ST zvirevo uye mamiriro ekutengesa aripo panguva yekuodha kubvuma. Vatengi ndivo vane basa rekusarudza, kusarudza, uye kushandiswa kweST zvigadzirwa uye ST haitore mhosva yerubatsiro rwekushandisa kana dhizaini yezvigadzirwa zvevatengi. Hapana rezinesi, kutaura kana kurehwa, kune chero kodzero yepfuma inopihwa neST muno. Kutengeswazve kwezvigadzirwa zveST zvine zvipimo zvakasiyana neruzivo rwataurwa pano kuchabvisa chero waranti yakapihwa neST yechigadzirwa chakadaro. ST uye ST logo zviratidzo zve ST. Kuti uwane rumwe ruzivo nezve ST trademarks, tarisa kune www.st.com/trademarks. Zvese zvimwe zvigadzirwa kana sevhisi mazita midziyo yevaridzi vazvo. Ruzivo rwuri mugwaro rino rinotsiva uye kutsiva ruzivo rwakambopihwa mune chero shanduro dzekare dzegwaro iri.

© 2025 STMicroelectronics – Kodzero dzese dzakachengetwa

FAQ

  • Mubvunzo: Chii chandinoita kana ndikasangana nezvikanganiso ndichishandisa STM32-SignTool?
    • A: Tarisa iyo syntax yekuraira, ita shuwa kuti ese anodiwa paramita akapihwa nemazvo, uye tarisa kune remushandisi bhuku remazano ekugadzirisa matambudziko.
  • Mubvunzo: Ndingashandisa STM32-SignTool pane akasiyana masisitimu anoshanda?
    • A: STM32-SignTool yakagadzirirwa kushanda pane chaiwo masisitimu anoshanda. Tarisa kune zvakatemwa zvesoftware kuti uwane ruzivo rwekuenderana.

Zvinyorwa / Zvishandiso

ST Microelectronics STM32 Signing Tool Software [pdf] User Manual
STM32N6 series, STM32MP1, STM32MP2 series, STM32 Signing Tool Software, STM32, Signing Tool Software, Tool Software, Software

References

Siya mhinduro

Yako email kero haizoburitswa. Nzvimbo dzinodiwa dzakamakwa *