Secure Boot & Chain of Trust (Foundation) STM32MP1

About the Course

This is an intensive, hands-on training for embedded engineers and cybersecurity specialists who face the challenge of securing IoT products based on the STM32MP1 platform.

In the era of ubiquitous connected devices, firmware layer security has stopped being optional — it has become fundamental. Most courses discuss Secure Boot theoretically. We will guide you through the entire device hardening procedure, including irreversible OTP fuse burning.

You will understand from the inside how BootROM verifies each element of the chain of trust:

• TF-A (Trusted Firmware-A) — first stage bootloader
• U-Boot — main bootloader
• Linux Kernel — operating system

🎯 Project Goal: “The Fusing Ceremony”

During the course, we don’t discuss slides. We lock a real device. Participants will independently:

✓ Generate their own Public Key Infrastructure (PKI) using ECDSA P-256 elliptic curve cryptography

✓ Digitally sign bootloader images (TF-A) and verify their headers in a hex editor

✓ Conduct the “Fusing Ceremony” — permanent writing of the public key hash to the device’s OTP memory

✓ Close the device lifecycle and test failure scenarios, including intentional “bricking” of the board

✓ Build a Trusted Application (TA) running in the OP-TEE secure world

📅 Training Program

DAY 1: The Foundation – Trust Architecture and Exploration

Understanding the hardware security fundamentals. From BootROM to OTP.

Module 1.1: Cryptography in Embedded Systems

• Symmetric vs asymmetric cryptography: When to use what?
• Hash functions (SHA-256) and digital signatures (ECDSA)
• Why ECC, not RSA? Efficiency vs security in embedded

Module 1.2: STM32MP1 Security Architecture

• Role of BootROM as the immutable Root of Trust
• BSEC controller and OTP memory map: Words 0-23 (ST), 24-31 (Your key!)
• The “shadow registers” mechanism — how to test before permanent writing?

Module 1.3: Lab – Factory State Analysis (“Open”)

• Environment setup: STM32MP157C-DK2, SDK, STM32CubeProgrammer
• First boot and stopping at U-Boot
• Practical exercise: stm32key read command — we see a “clean slate”

DAY 2: The Ceremony – Root of Trust Implementation

The heart of the Secure Boot procedure. Key generation, signing, and the point of no return.

Module 2.1: Key Infrastructure Generation (PKI)

• STM32MP_KeyGen_CLI tool: Creating ECC P-256 key pair
• File anatomy: privateKey.pem (crown jewels), publicKey.pem, publicKeyhash.bin (32 bytes for OTP)
• Key security: Why do we use HSM in production?

Module 2.2: Firmware Signing

• STM32MP_SigningTool_CLI: Signing TF-A image
• STM32 header analysis (.stm32): Magic bytes ‘S’,‘T’,‘M’,0x32
• Lab: Comparing files before/after signing (hexdump, vbindiff)

Module 2.3: OTP Provisioning – Point of No Return

• “Check twice, burn once” strategy
• Hash transfer to RAM (ext4load), verification (stm32key read 0xc0000000)
• ⚠️ Irreversible command: stm32key fuse -y — The Fusing Ceremony
• Post-write verification: The device now has an identity!

DAY 3: The Lockdown – Closure and Production

Transition from prototype to secured product. Automation and TEE.

Module 3.1: Device Lifecycle Closure

• Device Life Cycle states: OPEN → CLOSED → RMA
• ⚠️ Preparation: Signed image MUST be on the card before closure!
• stm32key close command — Secure Boot enforcement
• Lab: Intentional “bricking” and recovery procedure

Module 3.2: Automation in Yocto (OpenSTLinux)

• meta-st layer configuration: TRUSTED_BOARD_BOOT, TF_A_SIGN_ENABLE, ROT_KEY
• Image rebuild: bitbake st-image-weston with certificates
• FIP image analysis

Module 3.3: OP-TEE – Trusted Execution Environment

• Why do we secure the system? Secure World vs Normal World isolation
• Lab: “Hello World” Trusted Application — secret safe from Linux
• SYSRAM limitations in MP15x: How to write lean TAs?

Module 3.4: Q&A and Summary

• Secure Boot vs Encryption: MP13x/MP15x differences
• Lifecycle management in mass production (SSP)
• Consultation on participants’ own projects

💰 Pricing and Participation Models

I offer a flexible model, tailored to skill level and needs.

Option A: FUNDAMENTALS (2 Days)

Ideal for those who want to understand security architecture and go through the basic Secure Boot procedure, without diving into production automation.

Option B: FULL LOCKDOWN (3 Days) ⭐ Recommended

Complete training including device closure, Yocto automation, and introduction to OP-TEE. Essential for teams preparing for mass production of secured IoT devices.

Promotion: By choosing the 3-day package upfront, you save €100 compared to adding the 3rd day separately (3rd day add-on price is €350).

Small teams: For teams smaller than 5 people - rates are negotiated individually.

🏆 Why is it worth it?

🛠️ Hardware Requirements

Each participant receives:

• STM32MP157C-DK2 board (Discovery Kit)
• 16GB microSD card (class 10)
• USB Type-C cable

Required software: Ubuntu 20.04/22.04 LTS, STM32CubeProgrammer, OpenSTLinux SDK.

🎁 Hardware stays with participants after the workshop!

Want to reserve a date for your team? Contact me to arrange details and availability. Secure your devices before someone else does.