STM32Trust

Overview
Firmware
Certifications
Resources
Trainings
Partners
Featured content
 
Image for STM32Trust

STM32Trust offers a robust multi-level strategy to enhance security in new product designs based on our STM32 microcontrollers and microprocessors augmented with STSAFE secure elements.

STM32Trust is a security framework combining our knowledge, ecosystem, and security services. This solution offers developers a complete toolset to protect their design’s valuable assets, such as software IP and data, and to ensure secure connectivity and system integrity.

With a set of 12 security functions offering hardware, software, and design services from ST and third parties, STM32Trust complies with the requirements of the major IoT certification schemes.
To ensure best-in-class security, ST provides MCUs and MPUs with their associated security functions based on PSA and SESIP certifications.

This assurance level allows designers to build their applications using a solid security framework and to meet the requirements of their pre-defined security assurance level, such as PCI, UL-2900, IEC 62443, ETSI EN 303 645, FIPS-140-2 and many others.

To enhance the Security Assurance Level, STM32Trust also supports secure elements from the STSAFE product family. Certified Common Criteria EAL5+, the STSAFE portfolio offers multiple devices for secure connectivity which are essential for cloud communications, secure storage and authentication, and system integrity.

Developed in close collaboration with partners and customers, STM32Trust builds on several asset-protection use cases and the security features they require, as shown in the examples below. However, as a first step before using the STM32Trust framework, it is necessary to perform an in-depth analysis of your security model, based on the outcome of your threat analysis.

      • Key protection requirements
        • Prevent code & data access
        • Isolate third-party software IP
        • Control software licenses
        • Enable software updates
        • Prevent malware
        • Lock usage to authorize devices
        • Application lifecycle (define unchangeable incremental states to protect application states and assets)
        Essential functions
        • Secure boot
        • Secure Install/Update
        • Secure storage
        • Isolation
        • Abnormal situation handling
        • Crypto engine
        • Identification / Authentication / Attestation
        • Silicon device lifecycle
        • Software IP protection
        • Secure manufacturing
        • Application lifecycle (define unchangeable incremental states to protect application states and assets)
      • Key protection requirements
        • Confidentiality
        • Secret storage
        • Ensure compliance with GDPR regulations
        • Authenticity
        Essential functions
        • Secure boot
        • Secure storage
        • Isolation
        • Abnormal situation handling
        • Crypto engine
        • Identification / Authentication / Attestation
        • Silicon device lifecycle
        • Application lifecycle (define unchangeable incremental states to protect application states and assets)
      • Key protection requirements
        • Availability
        • Host & Server authenticity
        • Confidentiality
        • Integrity
        • Maintainability
        Essential functions
        • Secure boot
        • Secure Install/Update
        • Secure storage
        • Isolation
        • Abnormal situation handling
        • Crypto engine
        • Audit/Log
        • Identification / Authentication / Attestation
        • Silicon device lifecycle
        • Software IP protection
        • Secure manufacturing
        • Application lifecycle
      • Key protection requirements
        • Reliability
        • Availability
        • Authentication
        • Confidentiality
        • Regulatory compliance
        Essential functions
        • Secure boot
        • Secure storage
        • Isolation
        • Abnormal situation handling
        • Crypto engine
        • Identification / Authentication / Attestation
        • Silicon device lifecycle
        • Application lifecycle (define unchangeable incremental states to protect application states and assets)

Three examples illustrating how STM32Trust addresses key security needs are highlighted below.

Secure manufacturing
Secure boot & Secure update
Brand protection and identification
 
 
 
Your company designs smart toys.

    Key requirements
  • No firmware stealing at production
  • No over-production by manufacturer
  • Ensure firmware does not program devices not owned by the company
  • No firmware stealing in the field
  • Detection of attacks in the field

The Security Functions you need

  • Secure Manufacturing
  • Software IP Protection
  • Secure Install and Update
  • Silicon Device Lifecycle
  • Abnormal Situation Handling
  • Audit and Log
Your company sells technical equipment and would like to offer a firmware updated service.

    Key requirements
  • Ensure firmware update targets only your equipment
  • Be aware of product state at all times
  • Ensure the update is handled with integrity and that authenticity checks are carried out
  • Authenticity of firmware running on devices

The Security Functions you need



  • Identification Authentication Attestation
  • Secure Install and Update
  • Secure Boot
You control a fleet of devices from a remote server

    Key requirements
  • That every device shows a unique identity
  • Authenticate single devices
  • Attest device access rights
  • Secure device communication
  • Ensure that identities and access right secrets cannot be leaked even at the manufacturing stage

The Security Functions you need



  • Identification Authentication Attestation
  • Crypto Engine
  • Secure Storage and Secure Manufacturing (Secure Personalization)

STM32Trust brings 12 security functions & services to align with asset-protection use cases and to provide the right security assurance levels

1. Secure boot

Ability to ensure the authenticity and integrity of an application that runs inside a device

2. Secure Install/Update

Installation or update of firmware with initial checks of integrity and authenticity before programming

3. Secure Storage

Ability to securely store secrets like data or keys (and to access them without them being visible externally)

4. Isolation

Isolation between trusted and non-trusted parts of an application

5. Abnormal situation handling

Ability to detect abnormal situations (both hardware and software) and to take adapted decisions like the removal of secret data

6. Crypto Engine

Ability to process cryptographic algorithms, as recommended by a security assurance level

7. Audit/Log

Keep trace of security events in an unchangeable way

8. Identification / Authentication / Attestation

Unique identification of a device and/or software package, and ability to detect its authenticity, from inside the device or externally

9. Silicon device lifecycle

Control states to securely protect silicon-device assets through a constrained path

10. Software IP protection

Ability to protect a section or the whole software package against external or internal reading. Can be multi-tenant

11. Secure manufacturing

Initial device provisioning in unsecured environment with overproduction control. Potential secured personalization

12. Application lifecycle

Define unchangeable incremental states to securely protect application states and assets

 

Some examples are listed below, and additional product documentation is available for more accurate descriptions and information on availability: RDP (Read Protection), WRP (Write Protection), PcRoP (Proprietary code Read out Protection), MPU (Memory Protection Unit), HDP (Hide Protect), OTP zones, OTFDEC (On the fly Decryption), CRC (*Cyclic Redundancy check), *TrustZone, Firewall, Anti-tamper mechanisms, Crypto Accelerators & Libraries, RNG (Random Number Generator), Unique IDs, SSP (Secure Secret Provisioning), TF-M (Trusted Firmware Management), TF-A (Trusted Firmware for Arm Cortex-A), OPTEE (Open Portable Trusted Execution Environment), UBE (Unique Boot Entry), FSBL (First Stage Boot Loader), SBSFU (Secure Boot & Secure Firmware Update), SFI (Secure Firmware Installation) etc. Additionally, firmware & tools services will be introduced.

Firmware & SW Tools

Secure Boot and Secure Firmware Update (SBSFU)

Secure Boot ensures the integrity and authenticity of the application firmware to run on the device.
Secure Firmware Update allows you to authenticate and to verify the integrity of the required field updates.

ST provides two different implementations as reference source codes on STM32 microcontrollers and microprocessors:

  • X-CUBE-SBSFU, implementing the SBSFU mechanisms. This solution shows you how to set up all STM32 memory-protection mechanisms to isolate Secure Boot and Firmware Update functions from the main application. A reference implementation of ST's secure element STSAFE, which maximizes the security level of the final application, is included. STM32L4 implementation also offers secure storage.
  • TFM_SBSFU, implementing the same mechanisms on devices loaded with TF-M (Trusted Firmware-M), and delivered with STM32Cube packages

Trusted Firmware-M (TFM)

The Trusted Firmware-M software implementation is a reference implementation of the Platform Security Architecture (PSA) for Cortex-M ARMv7-M and Armv8-M.

TF-M is an open-source software project included in the STM32Cube MCU packages that provides, for STM32 microcontrollers:

  • Secure firmware with support for PSA Level 1 and 2 isolation on Armv8-M;
  • The Interfaces exposed by secure firmware to a non-secure side.
  • A secure firmware model with non-secure application example.
  • Secure services running within the secure environment include:
    • Secure Storage Service
    • Attestation
    • Crypto Service
    • Audit Log

Trusted Firmware-A

Usually shortened to TF-A, Trusted Firmware-A is a reference implementation of the secure-world software solution provided by Arm. It was first designed for Armv8-A platforms, and has been adapted by ST to be used on Armv7-A platforms. Arm is transferring the Trusted Firmware project to be managed as an open-source project by Linaro.

It is used as the first-stage boot loader (FSBL) on STM32 MPU platforms when using the trusted boot chain.

The code is open source, under a BSD-3-Clause license, and can be found on Github, with an updated documentation on Trusted Firmware-A implementation.

Trusted Firmware-A also implements a secure monitor with various Arm interface standards:

  • The power state coordination interface (PSCI)
  • Trusted board boot requirements (TBBR)
  • SMC calling convention
  • System control and management interface

More information is available on the STM32MP1 MPU wiki page.

Open Portable Trusted Execution Environment (OPTEE)

OPTEE is a Trusted Execution Environment (TEE), a software solution designed as a companion for a non-secure Linux kernel running on microprocessors with Arm Cortex-A cores using TrustZone technology. OPTEE APIs are defined by the GlobalPlatform API specifications to which they belong.

The main design goals for OP-TEE are:

  • Isolation: the TEE provides isolation from the non-secure OS and protects the loaded Trusted Applications (TAs) from each other using underlying hardware support
  • Small footprint: the TEE should remain small enough to reside in a reasonable amount of on-chip memory as found on Arm-based systems
  • Portability: the TEE is compatible with different architectures and available hardware, and supports various set-ups such as multiple client operating services and TEEs.
  • OP-TEE is delivered as part of OpenSTLinux distribution packages, available for STM32 microprocessors.

Crypto Libraries

ST offers several cryptographic libraries for STM32 microcontrollers to address the requirements of practical use cases:

  • X-CUBE-CRYPTOLIB: this ECCN 5D002-classified software solution is based on the architecture of the STM32Cube package and includes a set of crypto algorithms based on firmware implementation. Ready to use in all STM32 microcontrollers.
  • TF-M Crypto: cryptographic service, as delivered within TF-M reference code
  • DPA Resistant Crypto Lib: ST offers a DPA-resistant implementation of cryptographic algorithms. On demand on some specific part numbers. Please contact your nearest sales office.

Secure Firmware Installation (SFI)

The Secure Firmware Installation solution, available on STM32L4, STM32H7 and STM32L5 microcontrollers and soon to be extended to additional STM32 platforms, provides protection when devices are being programmed for the first time.

This solution offers a complete toolset with the Trusted Package Creator software package to encrypt OEM binaries, the STM32CubeProgrammer to securely flash the STM32, and the STM32HSM to transfer OEM credentials to the programming partner.

After firmware development and validation, designers can securely encrypt binary files using the Trusted Package Creator software, and store their credentials into a dedicated smart card, such as the hardware security module STM32HSM.

The STM32CubeProgrammer or SFI recommended partner programming tools can then be implemented to securely program STM32 MCUs in untrusted environments, such as EMS manufacturing lines.

STM32CubeProgrammer

The STM32CubeProgrammer includes the STM32TrustedPackage Creator tool which allows the generation of SFI and SMI encrypted images for STM32 devices embedding SFI. It is available in both CLI and GUI modes for free.

The SFI format is an encryption format for firmware created by ST. It uses AES algorithm to transform a firmware solution in Elf, Hex, Bin or Srec formats into an encrypted and authenticated firmware in SFI format. An SFI firmware image is composed of a header and several areas. The areas are usually contiguous firmware areas. The last area is the configuration area containing the option byte values to be programmed when the SFI is complete.

STM32HSM

The STM32HSM-V1 is used to secure the programming of STM32 products to avoid product counterfeiting during the manufacturing process.

X-CUBE-PCROP firmware

The goal of X-CUBE-PCROP firmware is to illustrate the practical usage of the PCROP protection feature on STM32F4, STM32F7 and STM32L4 MCUs.

Security Assurance & Certifications

Resources

00 Files selected for download
  Description Version Size Action
DB2641
Proprietary code read-out protection (PCROP), software expansion for STM32Cube
3.0
139 KB
PDF
  Description Version Size Action
AN5056
Integration guide for the X-CUBE-SBSFU STM32Cube Expansion Package
3.0
3 MB
PDF
AN5156
Introduction to STM32 microcontrollers security
2.0
3 MB
PDF
AN4729
STM32L0/L4 FIREWALL overview
1.2
114 KB
PDF
AN4730
Using the FIREWALL embedded in STM32L0/L4/L4+ Series MCUs for secure access to sensitive parts of code and data
2.0
114 KB
PDF
AN2606
STM32 microcontroller system memory boot mode
38.0
3.9 MB
PDF
AN4701
Proprietary code read-out protection on microcontrollers of the STM32F4 Series
3.0
893 KB
PDF
AN4758
Proprietary code read-out protection on microcontrollers of the STM32L4 Series
2.0
994.8 KB
PDF
AN4968
Proprietary code read out protection (PCROP) on STM32F72xxx and STM32F73xxx microcontrollers
1.0
1.1 MB
PDF
AN4230
STM32 microcontrollers random number generation validation using NIST statistical test suite
2.0
517 KB
PDF
AN3371
Using the hardware real-time clock (RTC) in STM32 F0, F2, F3, F4 and L1 series of MCUs
5.2
418 KB
PDF
AN4992
Overview secure firmware install (SFI)
3.0
1.2 MB
PDF
AN5054
Secure programming using STM32CubeProgrammer
2.0
2.9 MB
PDF
AN4838
Managing memory protection unit (MPU) in STM32 MCUs
3.0
219.8 KB
PDF
AN4246
Proprietary Code Read Out Protection on STM32L1 microcontrollers
1.2
283 KB
PDF
AN5421
Getting started with STM32L5 Series microcontrollers and TrustZone® development
1.0
2.70 MB
PDF
AN5347
STM32L5 Series TrustZone® features
4.0
1.19 MB
PDF
AN5447
Overview of Secure Boot and Secure Firmware Update solution on Arm® TrustZone®
1.0
374 KB
PDF
  Description Version Size Action
UM2262
Getting started with the X-CUBE-SBSFU STM32Cube Expansion Package
4.0
2.8 MB
PDF
UM2237
STM32CubeProgrammer software description
7.0
3.2 MB
PDF
UM2238
STM32 Trusted Package Creator tool software description
3.0
1.7 MB
PDF
UM2671
Getting started with STM32CubeL5 TFM application
2.0
2.05 MB
PDF
  Description Version Size Action
STM32Trust
More Trust with STM32 - A whole security ecosystem around STM32
1.0
866 KB
PDF
  Description Version Size Action
STM32Trust
Marketing presentation
1.0
4.04 MB
PDF
DB2641

Proprietary code read-out protection (PCROP), software expansion for STM32Cube

AN5056

Integration guide for the X-CUBE-SBSFU STM32Cube Expansion Package

AN5156

Introduction to STM32 microcontrollers security

AN4730

Using the FIREWALL embedded in STM32L0/L4/L4+ Series MCUs for secure access to sensitive parts of code and data

AN2606

STM32 microcontroller system memory boot mode

AN4701

Proprietary code read-out protection on microcontrollers of the STM32F4 Series

AN4758

Proprietary code read-out protection on microcontrollers of the STM32L4 Series

AN4968

Proprietary code read out protection (PCROP) on STM32F72xxx and STM32F73xxx microcontrollers

AN4230

STM32 microcontrollers random number generation validation using NIST statistical test suite

AN3371

Using the hardware real-time clock (RTC) in STM32 F0, F2, F3, F4 and L1 series of MCUs

AN4992

Overview secure firmware install (SFI)

AN5054

Secure programming using STM32CubeProgrammer

AN4838

Managing memory protection unit (MPU) in STM32 MCUs

AN4246

Proprietary Code Read Out Protection on STM32L1 microcontrollers

AN5421

Getting started with STM32L5 Series microcontrollers and TrustZone® development

AN5347

STM32L5 Series TrustZone® features

AN5447

Overview of Secure Boot and Secure Firmware Update solution on Arm® TrustZone®

UM2262

Getting started with the X-CUBE-SBSFU STM32Cube Expansion Package

UM2237

STM32CubeProgrammer software description

UM2238

STM32 Trusted Package Creator tool software description

UM2671

Getting started with STM32CubeL5 TFM application

STM32Trust

More Trust with STM32 - A whole security ecosystem around STM32

STM32Trust

Marketing presentation

Partners

Long Commercial Banner Fragment Editor

Headline
Sub-headline
Main color
Contrast color
Font color
Button type
Link
Open the link in a new window
No
Button label
Image
Sub Brand

Featured content

STM32Trust: Secure Boot, Update, and Install Under One Roof

We are launching today STM32Trust, a new initiative that focuses on all the software and hardware solutions we bring to improve the security of our devices.

Get involved in the STM32 Community

Ask questions, share projects and collaborate with your fellow community members.

Follow us on Facebook

Be the first informed about our STM32 products and solutions and share your ideas on our dedicated Facebook page

Protecting the data integrity and confidentiality on the
STM32MP1 thanks to the power of STM32Trust