UM2262 Rev 6 17/94
UM2262 Secure Boot and Secure Firmware Update (SBSFU)
93
Table 3. Cryptographic scheme comparison
Features
Asymmetric
with AES encryption
Asymmetric
without encryption
X509 certificate-based
asymmetric without
encryption
Symmetric
(AES-GCM)
(1)
Confidentiality
AES-CBC encryption,
or AES-CTR
encryption for STM32
MCUs supporting
OTFDEC processing
(FW binary)
None: the user FW is in clear format.
AES-GCM encryption
(FW binary)
Integrity SHA256 (FW header and FW binary)
AES-GCM Tag
(FW header and FW
binary)
Authentication
– SHA256 of the FW header is ECDSA signed
– SHA256 of the FW binary stored in FW header
Cryptographic
keys in device
Private AES-CBC key
(secret)
Public ECDSA key
Public ECDSA key
Public ECDSA key in
X509 certificate chain
(stored in STSAFE-A100)
Private AES-GCM
key (secret)
1. For the symmetric cryptographic scheme, it is highly recommended to configure a unique symmetric key for each product.
To Next Page
Loading...
