Several regulatory schemes have defined security functions. STM32Trust addresses them all to map ST security assurance levels against application certification schemes.

STM32Trust brings 12 security functions and services to align with asset-protection use cases and to provide the right security assurance levels.

  • IP protection
  • Data protection
  • Secure connectivity
  • System integrity
The 12 security functions and services of STM32Trust

1. Secure boot

Ability to ensure the authenticity and integrity of an application that runs inside a device.

2. Secure Install/Update

Installation or update of firmware with initial checks of integrity and authenticity before programming.

3. Silicon device lifecycle

Control states to securely protect silicon-device assets through a constrained path.

4. Isolation

Isolation between trusted and nontrusted parts of an application.

5. Secure storage

Ability to securely store secrets like data or keys (and to access them without them being visible externally).

6. Crypto engine

Ability to process cryptographic algorithms, as recommended by a security assurance level.

7. Secure manufacturing

Initial device provisioning in an unsecured environment with overproduction control. Potential secured personalization.

8. Identification / Authentication / Attestation

Unique identification of a device and/or software package, and ability to detect its authenticity, from inside the device or externally.

9. Software IP protection

Ability to protect a section or the whole software package against external or internal reading. Can be multi-tenant.

10. Abnormal situation handling

Ability to detect abnormal situations (both hardware and software) and to take adapted decisions like the removal of secret data.

11. Audit/Log

Keep trace of security events in an unchangeable way.

12. Application lifecycle

Define unchangeable incremental states to securely protect application states and assets.

The following examples illustrate how the security framework addresses key security use cases:

Secure manufacturing
Secure boot & Secure update
Brand protection and identification
Your company designs smart toys.

    Key requirements
  • No firmware stealing at production
  • No over-production by manufacturer
  • Ensure firmware does not program devices not owned by the company
  • No firmware stealing in the field
  • Detection of attacks in the field

The Security Functions you need

  • Secure Manufacturing
  • Software IP Protection
  • Secure Install and Update
  • Silicon Device Lifecycle
  • Abnormal Situation Handling
  • Audit and Log
Your company sells technical equipment and would like to offer a firmware updated service.

    Key requirements
  • Ensure firmware update targets only your equipment
  • Be aware of product state at all times
  • Ensure the update is handled with integrity and that authenticity checks are carried out
  • Authenticity of firmware running on devices

The Security Functions you need

  • Identification Authentication Attestation
  • Secure Install and Update
  • Secure Boot
You control a fleet of devices from a remote server

    Key requirements
  • That every device shows a unique identity
  • Authenticate single devices
  • Attest device access rights
  • Secure device communication
  • Ensure that identities and access right secrets cannot be leaked even at the manufacturing stage

The Security Functions you need

  • Identification Authentication Attestation
  • Crypto Engine
  • Secure Storage and Secure Manufacturing (Secure Personalization)
Live webinar: simplify device identity with STM32H5 MCUs & keySTREAM® IoT