SBSFU with STM32 and STSAFE-A100 UM2262
86/94 UM2262 Rev 6
G.2 Certificate generation
Generation of the certificates is done using openssl via a set of batch files provided in the
STSAFE-A100 project example variant as shown in
Figure 51:
• GEN_SBSFU_SAMPLE_ROOT_CA_ECC_NIST_P256.bat: generates Root CA public
and private ECC keys and a self signed root certificate.
• GEN_SBSFU_SAMPLE_INTER1_CA_ECC_NIST_P256.bat : generates First
Intermediate CA (OEM CA) ECC key pair and certificate signed by the RootCA.
• GEN_SBSFU_SAMPLE_INTER2_CA_ECC_NIST_P256.bat : generates Second
Intermediate CA (OEM Divisional CA) ECC key pair and certificate signed by the OEM
CA.
• GEN_SBSFU_SAMPLE_FW_SIGNING_ECC_NIST_P256.bat: generates the
Firmware Signing ECC key pair and certificate signed by the OEM Divisional CA.
Figure 51. Batch files using openssl
G.3 STSAFE-A100 provisioning
To provision STSAFE-A100 with pairing keys and certificates that are used in the context of
the SBSFU application example, a provisioning tools application project is provided as
example in the X-CUBE-SBSFU package (2_Images_STSAFE\STSAFE_Provisioning).
To Next Page
Loading...
