Launch Debug Authentication Service (Certificate Method); Table 9. Debug Authentication Certificates Generation Xml File Details; Figure 10. Debug Authentication Ecosystem For Service Launch - ST STM32H5 Series Getting Started

Step 2
The DA configuration obk file is programmed in STM32 OBK by using the STM32CubeProgrammer.
6.2

Launch debug authentication service (certificate method)

2
STM32CubeProgrammer
Certificate chains
1
STM32 Trusted Package
Certificates_Gen.xml
Step 1
The STM32 Trusted Package Creator is used to create the certificate chain from the certificate generation xml file.
Certificate role
Root or issuer private key
Root or Intermediate of Leaf public key
Usage
PSA security life cycle
Implementation defined state
OEM constraint
SoC ID
SoC class
Permission mask
Input certificate for chaining
Step 2
A debug authentication service is launched by using the STM32CubeProgrammer or an IDE (both integrating the
SDM library) to send the certificates chain to the device.
AN6008 - Rev 1
Figure 10. Debug authentication ecosystem for service launch
Host
or IDE
SDM
Creator
Table 9. Debug authentication certificates generation xml file details
Parameter
Role of the generated certificate (root /
intermediate / leaf)
Private key of root or of the issuer
Public key of root or intermediate or leaf
SoC ID used to generate a specific
certificate to one device
SoC class used to generate a specific
certificate to one product series
Actions authorized by the generated
certificate
Certificate chain to which the generated
certificate must be added
Debug authentication ecosystem overview
Debug port
Probe
/ DBGMCU
Description
-
-
-
Not yet supported
Not yet supported
Not yet supported
Not yet supported
By default, value is zero.
By default, value is zero.
Refer to
-
AN6008
STM32H5
Debug
Authentication
Additional comment
Section 4.1.4.
page 17/25