 Welcome to this MOOC that we'll cover on the flight encryption on STM32 microcontrollers. On the flight encryption engine is an internal periphery that can be found on some STM32 L5s and STM32 H7s. The main purpose of OTAV DAC is to protect the confidentiality of read-only code and data that are stored in external SPI flash. The OTAV DAC performs on the flight encryption during OctoSPI memory mapped read operations. Any read access down to the byte is supported. The OTAV DAC is located below the bus metrics and between busmasters and OctoSPI periphery. The crypto scheme is either the standard advanced encryption standard 128-bit in counter mode or the standard AS in counter mode with an additional proprietary layer. The decryption key must be securely stored inside the internal flash. Up to four independent regions can be defined, each with their own key and initialization vector. Decryption is performed transparently to the Cortex core. Data and instructions that the processor receives have been decrypted internally by the OTAV DAC. As of today, the OTAV DAC can be found on STM32 L5s6 and STM32 H7B devices. So let's now go to the hands-on part. The purpose is to show code execution of encrypted binary from external memory. We are going to use STM32 L5s6 discovery kit, which is based on Cortex M33. We will need one USB microcable and on your PC you should have a key programmer and some terminal window. We are going to use TerraTerm. In the materials provided together with this MOOC, you will find binaries, source code, documentation and other tools to reproduce everything that you see in this video. To keep things simple, we are only going to use binaries, but you are free to have a look in the source code and the batch scripts later on. The L5 discovery kit embeds an external memory from Macronix that we will use to store the encrypted firmware. There are many more features on the board, I will discuss them just briefly. There is an onboard energy meter, which measures from 300nm to 150mA, dynamically in time. You might be already aware of the stand-alone power shield, which is now integrated on the L5 disco, so this is a great way to evaluate consumption of the target. There is also a LCD display, audio codec, Bluetooth low-energy module and much more. So let's now go in more details about each step that we will do in this hands-on. We will start by loading firmware into the internal flash. So this firmware will configure the OctoSPI and the external memory and it will also show you an interactive menu. Then we will load a plain text binary into the external memory, so there is no encryption involved in this stage yet. From the interactive menu we will be able to dump part of the external memory, we will be able to pass the execution to the external application, which is a simple LED blinking application that is also showing some UART traces. In the next step we will process the firmware for the external flash with OpenSSL, we will encrypt it with the AS in counter mode and again we will load it into the external memory. From the menu we can activate the OTF deck, so you will be able to see that the data encode is decrypted on the fly thanks to the OTF deck. So let's start by connecting the USB cable to FTLink v3, the connector is highlighted in blue in this picture. So the next step is to load the binary for the internal flash. So the binary is located in the hands-on folder in the package provided together with this MOOC and there are many ways to load it. You can use Q programmer for example, but the simplest way is to just drag and drop it into the FTLink mass storage class. So FTLink is in fact a USB composite device, it enumerates as a debugger, it enumerates as a virtual comport, which we will also use to see the traces, and it enumerates also as a mass storage. So let me do this also, I have the board connected and I am now inside the hands-on folder, I select the internal flash plain.bin and just drag and drop it into the STLink mass storage. So you see the loading process completed. Now I will start the terra-term.bat, which will open the terminal window, set up the correct board rate and parity. So let me just enlarge the font. And if I now press the reset button on the board, you will see some traces. So this is the application running from internal flash. So before we continue, let's also load the plain text binary into the external macronext memory. So to do this, we do need a Q programmer. So I will just open and here in the bottom left corner, you see the icon, external loaders. So here you see all the evaluation boards provided by ST. We can search for STM32L5, which will give us the discovery kit. So I will just check this box, which will tell Q programmer to use the loader specific to this memory. Now I go into the Erasing and Programming tab and I select again in the hands-on folder the external flash plain. So this is the non-encrypted version. The start address should be 90 million because this is where the external memory is mapped. And I can leave the verify programming checkbox so that we will get some confirmation that everything passed successfully. So now I can press start programming and I got the message download verified successfully. So now I just disconnect and go back to the traces. So let me reset the board once more. So you see the menu. If I press one, I dump the memory content at the address 90 million, which is the external memory. I can also activate the OTF deck so we will do this later. And by pressing three, I can launch the binary placed inside the external memory. So let me just dump the memory. So you see that this is in fact plain text. The first word is a stack pointer and then you see some values starting with 90 millions, which is the vector table of the application. If I press three, the execution is passed into the external memory. So the code is now executed from the external SPI. You see the traces and you also see the green LED blinking over here. If you wish, you can just press the reset button, which will force the microcontroller to boot again from the internal memory and you can start again and experiment. So now we just verified that code execution is possible from the external memory. So let's now encrypt the binary on a PC, load it again and activate the OTF deck on the L5. So to encrypt the binary, you simply launch the script, the encrypt sim.bat. This will call the open SSL and also another tool that is written in Python that changes the endianity of the image. So in fact this is needed once before the encryption and once after it is finished. And it will process the external flash plane and it will create a new file called external flash encrypted. So let me launch the script. You see the first few lines are calling the custom application that is changing the endianity. Then the open SSL is called, it's using the AES in counter mode. You see the key and you also see the initialization vector. And after the reversing needs to be done again, the change of endianity and the new file is created in the hands-on folder. So let's double check this. So in fact this one, this file was just created by calling the open SSL and the custom application that changes the endianness. If you have any issues running this script, you can always use the backup which is encrypted already. So let me flash this again to the external memory. I will just locate the file in the key programmer. You might need to reset the board in advance. So let me select the flash encrypted dot bin. I will change the start address again to 90 million to point towards the external flash. And let's connect first and let's start the programming. So again everything passed successfully. I can disconnect and go back to the traces. I will clear them. Let's reset the target once again. The microcontroller booted into the internal app. I can dump the memory by pressing 1. So we see something different now. This is clearly encrypted. We no longer recognize the stack pointer or the reset vector. This has been encrypted by the open SSL. But what we can do is to activate the OTF deck, which will load the correct key into the periphery. So the OTF deck region was activated, the key and the initialization vector was loaded. So if we dump the content again, it will be decrypted on the fly and transparently to the core. So we see the stack pointer and we see the reset vector again. We can also press 3 and execute the encrypted application from the external memory. Let's summarize the hands-on. We have seen how OTF deck enables confidentiality of firmware that is stored inside the external flash. The AES encryption process was done on a PC thanks to the open SSL and the image loading was done over key programmer and in the case of internal firmware it was done thanks to the STLIC master class. For further information I recommend you the AN5281 application note that is describing details about OTF deck encryption and decryption in trusted environments. I also invite you to STM32 MOOCs where you will find many topics also related to security and also you can have a look on STM32 L5 online training. I hope you enjoyed this video and thank you for watching.