ProvenCore-M (P&R-ProvenCore-M) is a highly secure RTOS for STM32 ARM® Cortex®-M3/M4/M7 microcontrollers that enables the creation of secure IoT products. Its architecture allows customers to target the entirety of small- to large-scale deployments while staying focused on developing the functional part of their applications since the use of ProvenCore-M requires no in-depth security expertise.
ProvenCore-M is designed from the ground up to securely isolate applications from each other, and to protect the stability of the IoT product at all times, with minimal impact on existing code. It is based on a microkernel architecture implemented using formally proven code to get as close as possible to zero defects and to guarantee security properties. This also eases the path toward any required certifications. As a result, ProvenCore-M removes the complexity of implementing reliable and secure embedded systems, even under constraints such as complex code stack or architecture, high certification requirements, and others.
ProvenCore-M can also be configured with built-in security services, allowing customers to rely on the strong security expertise of Prove & Run. For example, the Secure Boot service provides a strong root of trust to the product by guaranteeing the authenticity of the RTOS and of all customer applications upon each reset. The authenticity check uses embedded public-key signature verification, and relies on STM32-specific hardware mechanisms to protect the associated root of trust elements. Another service, the Firmware Update, allows updating IoT products in the field. The ProvenCore-M architecture guarantees that full control is kept under any circumstances on any update of applicative executable code, including buggy code or viruses in applications or drivers. The Firmware Update service also checks the authenticity of the updated code using a PKI, and guarantees an atomic update of the application.
For an even higher level of security and insurance, ProvenCore-M can be augmented with the STSAFE-A100, a Common Criteria EAL5+ certified tamper-proof chip offering secure storage and a cryptographic coprocessor. The STSAFE-A100 is highly resistant to attacks (including high-potential physical ones), which guarantees that stored sensitive secrets are protected. Thanks to its unique architecture, ProvenCore-M retains exclusive control of the STSAFE-A100, and is able to enforce strict rules in applications that make use of the secrets stored inside the STSAFE-A100.
This product is supplied by a third party not affiliated to ST. For the latest information on the product, refer to the third party's website http://www.provenrun.com/.
- Robust high-security microkernel architecture, which enforces proven isolation (integrity and confidentiality) between applications, both on code and on data.
- Allows strongly increased security and robustness of services on IoT devices (e.g. key management, remote update, TLS).
- Preemptive, deterministic, multitasking scheduler; handles interrupts in bounded time, and guarantees the stability of the system.
- Minimal constraints for supporting existing code: easy integration with CMSIS HAL (minor modifications for existing drivers).
- High confidence on developed product with time- and cost-controlled security certification processes.
- Memory requirements:
- Static microkernel data: 20 Kbytes of Flash memory and 3 Kbytes of RAM
- Per application: 256 Bytes of Flash memory and 384 Bytes of RAM
- Support of STM32 ARM® Cortex® -M3/M4/M7 microcontrollers.
- Support of STSAFE™-A products.