The X-CUBE-SBSFU Secure Boot and Secure Firmware Update solution allows the update of the STM32 microcontroller built-in program with new firmware versions, adding new features and correcting potential issues. The update process is performed in a secure way to prevent unauthorized updates and access to confidential on-device data.
The Secure Boot (Root of Trust services) is an immutable code, always executed after a system reset, that checks STM32 static protections, activates STM32 runtime protections and then verifies the authenticity and integrity of user application code before every execution in order to ensure that invalid or malicious code cannot be run.
The Secure Firmware Update application receives the firmware image via a UART interface with the Ymodem protocol, checks its authenticity, and checks the integrity of the code before installing it. The firmware update is done on the complete firmware image, or only on a portion of the firmware image. Examples are provided for single firmware image configuration in order to maximize firmware image size, and for dual firmware image configurations in order to ensure safe image installation and enable over-the-air firmware update capability commonly used in IoT devices. Examples can be configured to use asymmetric or symmetric cryptographic schemes with or without firmware encryption.
The secure key management services provide cryptographic services to the user application through the PKCS #11 APIs (KEY ID-based APIs) that are executed inside a protected and isolated environment. User application keys are stored in the protected and isolated environment for their secured update: authenticity check, data decryption and data integrity check. This is available on the STM32L4 Series with example provided on the B-L475E-IOT01A board.
STSAFE-A100 is a tamper-resistant secure element (HW Common Criteria EAL5+ certified) used to host X509 certificates and keys, and perform verifications that are used for firmware image authentication during Secure Boot and Secure Firmware Update procedures. This is available on the STM32L4 Series with example provided on the B-L475E-IOT01A board.
X-CUBE-SBSFU is built on top of STM32Cube software technology, making the portability across different STM32 microcontrollers easy. It is provided as reference code to demonstrate best use of STM32 security protections.
The X-CUBE-SBSFU Expansion Package comes with examples running on the STM32L4 Series, STM32F4 Series, STM32F7 Series, STM32G0 Series, STM32G4 Series, STM32H7 Series, STM32L0 Series, STM32L1 Series, and STM32WB Series. An example combining STM32 microcontroller and STSAFE-A100 is also provided for the STM32L4 Series.
X-CUBE-SBSFU is classified ECCN 5D002.
- Secure Boot to check firmware image before execution
- Secure Firmware Update with anti-rollback and partial image update capabilities for over-the-air or local firmware image update
- Secure key management services offering cryptographic services by means of the PKCS #11 APIs
- Standalone STM32 system solution example demonstrating best use of STM32 protections to protect assets against unauthorized external or internal access
- Combined STM32 and STSAFE-A100 system solution example demonstrating hardware Secure Element protections for secure authentication services and secure data storage
|Part Number||General Description||Software Version||Supplier||GitHub link||Download|
|X-CUBE-SBSFU||Secure boot & secure firmware update software expansion for STM32Cube||2.2.0||ST||-|
MadeForSTM32™ is a new quality label delivered by ST, which is granted after an evaluation process. It helps engineers identify third party solutions with the highest level of integration and quality for the STM32 microcontrollers' ecosystem. MadeForSTM32™ is offered to members of the ST Partner Program who want to go one step further in our collaboration, with the overall objective of contributing to a high-quality STM32 ecosystem.
The STM32Cube.AI is an extension pack of the widely used STM32CubeMX configuration and code generation tool enabling AI on STM32 Arm® Cortex®-M-based microcontrollers.
The X-CUBE-VS4A Expansion Package consists of a set of libraries and application examples for STM32F7 Series microcontrollers acting as Alexa-enabled devices. It runs on the 32F769IDISCOVERY board, which provides a native Ethernet interface.