Added WOLFBOOT_UDS_OBKEYS=1

Instruction to provision keys via iRoT / OBKeys (STM32H5 only)

Author: danielinux

docs/DICE.md

@@ -74,6 +74,27 @@ families must implement the appropriate subset based on hardware support.
 - `hal_attestation_get_iak_private_key(uint8_t *buf, size_t *len)`
   - Optional provisioned IAK private key (used in IAK mode only).
 
+## STM32H5 OBKeys UDS (optional)
+
+STM32H5 devices provide OBKeys secure storage areas tied to temporal isolation
+levels (HDPL). The HDPL1 area is intended for iRoT keys and is the recommended
+location for a device-unique UDS when `WOLFBOOT_UDS_OBKEYS=1` is enabled. OBKeys
+secure storage is only available on STM32H5 lines except STM32H503.
+
+Provisioning uses STs secure data provisioning flow:
+
+1. Create an OBKeys provisioning file (`.obk`) using STM32TrustedPackageCreator
+   (CLI supports `-obk <xml>` input).
+2. Program the `.obk` file using STM32CubeProgrammer CLI with the `-sdp` option.
+
+3. After provisioning, move the device to the CLOSED state as appropriate for
+   production.
+
+When `WOLFBOOT_UDS_OBKEYS=1`, the STM32H5 HAL first attempts to read UDS from
+OBKeys using a platform hook (`stm32h5_obkeys_read_uds`). Integrate this hook
+with your RSSe/RSSLib provisioning flow (DataProvisioning API) as described in
+ST documentation.
+
 ## NSC access (non-secure API)
 
 The non-secure application calls the PSA Initial Attestation API wrappers:

hal/stm32h5.c

@@ -168,6 +168,15 @@ int RAMFUNCTION hal_flash_write(uint32_t address, const uint8_t *data, int len)
 #define STM32H5_BSEC_UID1 (*(volatile uint32_t *)(STM32H5_BSEC_BASE + 0x18))
 #define STM32H5_BSEC_UID2 (*(volatile uint32_t *)(STM32H5_BSEC_BASE + 0x1C))
 
+#ifdef WOLFBOOT_UDS_OBKEYS
+__attribute__((weak)) int stm32h5_obkeys_read_uds(uint8_t *out, size_t out_len)
+{
+    (void)out;
+    (void)out_len;
+    return -1;
+}
+#endif
+
 static int uds_from_uid(uint8_t *out, size_t out_len)
 {
     uint8_t uid[12];
@@ -234,6 +243,12 @@ int hal_uds_derive_key(uint8_t *out, size_t out_len)
         return -1;
     }
 
+#ifdef WOLFBOOT_UDS_OBKEYS
+    if (stm32h5_obkeys_read_uds(out, out_len) == 0) {
+        return 0;
+    }
+#endif
+
 #if defined(FLASH_OTP_KEYSTORE)
     if (hal_flash_otp_read(FLASH_OTP_BASE + OTP_UDS_OFFSET,
                            uds, sizeof(uds)) == 0) {

options.mk

@@ -39,6 +39,13 @@ ifeq ($(WOLFBOOT_UDS_UID_FALLBACK_FORTEST),1)
   CFLAGS+=-D"WOLFBOOT_UDS_UID_FALLBACK_FORTEST"
 endif
 
+ifeq ($(WOLFBOOT_UDS_OBKEYS),1)
+  ifneq ($(TARGET),stm32h5)
+    $(error WOLFBOOT_UDS_OBKEYS is only supported on STM32H5 targets)
+  endif
+  CFLAGS+=-D"WOLFBOOT_UDS_OBKEYS"
+endif
+
 ## Sealing a secret into the TPM
 ifeq ($(WOLFBOOT_TPM_SEAL),1)
   WOLFTPM:=1

tools/config.mk

@@ -61,6 +61,7 @@ ifeq ($(ARCH),)
   WOLFBOOT_ATTESTATION_TEST?=0
   WOLFBOOT_UNIVERSAL_KEYSTORE?=0
   WOLFBOOT_UDS_UID_FALLBACK_FORTEST?=0
+  WOLFBOOT_UDS_OBKEYS?=0
   TZEN?=0
   WOLFCRYPT_TZ?=0
   WOLFCRYPT_TZ_PKCS11?=0
@@ -99,6 +100,7 @@ CONFIG_VARS:= ARCH TARGET SIGN HASH MCUXSDK MCUXPRESSO MCUXPRESSO_CPU MCUXPRESSO
 	WOLFBOOT_ATTESTATION_IAK \
 	WOLFBOOT_ATTESTATION_TEST \
 	WOLFBOOT_UDS_UID_FALLBACK_FORTEST \
+	WOLFBOOT_UDS_OBKEYS \
 	WOLFCRYPT_TZ WOLFCRYPT_TZ_PKCS11 \
 	WOLFCRYPT_TZ_PSA \
 	WOLFBOOT_PARTITION_SIZE WOLFBOOT_SECTOR_SIZE  \

tools/keytools/otp/README.md

@@ -3,4 +3,14 @@
 This application is used to provision the public keys into a dedicated FLASH OTP
 area. For more information about its usage, please refer to [/docs/flash-OTP.md](/docs/flash-OTP.md).
 
+## Attestation UDS storage
+
+For targets that support it (for example STM32H5), wolfBoot can store a random
+UDS for DICE attestation in OTP using the primer app. This is the default
+approach when OBKeys secure storage is not available or not provisioned.
+
+If you have access to STM32H5 OBKeys secure storage, prefer that for production
+iRoT key material. Enable `WOLFBOOT_UDS_OBKEYS=1` and provision OBKeys via
+STM32TrustedPackageCreator/STM32CubeProgrammer (see `docs/DICE.md`). OTP should
+be used for development or as a fallback when OBKeys is unavailable.