Figure 3. Debug Authentication Using Certificate - ST STM32H5 Series Getting Started

When the user triggers the debug authentication feature (regression or debug reopening), they first send a
certificate and an action request to the STM32.
1. On certificate chain reception, STM32:
– Verifies that the root key embedded in the certificate corresponds to the hash of the root public key
stored in the device.
– Manages the permissions embedded in the certificates (refer to
more details.
– Checks that the requested action fits with the authorized actions list carried by the certificate chain.
2. STM32 sends a challenge to the host.
3. STM32 verifies that the host owns the debug authentication private key before performing the requested
action (regression or debug reopening). The certificate carries the authorized actions. Finally, a token which
carries the requested action and the response to the challenge is sent to the device.
AN6008 - Rev 1
Figure 3. Debug authentication using certificate
Challenge
Step 1 Step 2
: Debug Authentication Certificate
: Debug Authentication Private Key
Response
Product State = OPEN
Step 3
Section 5.4.3: Permission masks
AN6008
Overview
for
page 4/25