Introduction

The STM32MPx series signing tool software (named STM32MP-SignTool in this document) is integrated in the

STM32CubeProgrammer (STM32CubeProg).

STM32MP-SignTool is a key tool that guarantees a secure platform and ensures the signing of binary images using ECC keys

generated by STM32MP-KeyGen software (refer to the user manual STM32MPx series key generator software description

(UM2542) for more details).

The signed binary images are used during the STM32MPx series MPU secure boot sequence that supports a trusted boot

chain. This action ensures an authentication and integrity check of the loaded images.

STM32MP-SignTool generates a binary image file, a public key file, and a private key file.

The binary image file contains the binary data to be programmed for the device.

The public key file contains the ECC public key in PEM format, generated with STM32MP-KeyGen.

The private key file contains the encrypted ECC private key in PEM format, generated with STM32MP-KeyGen.

A signed binary file can also be generated from an already signed file with the batch file mode. In this case, the following

parameters are not mandatory: the image entry point, the image load address, and the image version parameters.

DT51280V1

STM32MPx series signing tool software description

UM2543

User manual

UM2543 - Rev 4 - June 2024

For further information contact your local STMicroelectronics sales office.

www.st.com

1 Install STM32MP-SignTool

This tool is installed with the STM32CubeProgrammer package (STM32CubeProg). For more information about

the set-up procedure, refer to section 1.2 of the user manual STM32CubeProgrammer software description

(UM2237).

This software applies to the STM32MPx series Arm

-based MPUs.

Note: Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.

UM2543

Install STM32MP-SignTool

UM2543 - Rev 4

page 2/11