STM32Trust

Overview
Resources
Featured content
Image for STM32Trust

STM32Trust offers a robust multi-level strategy to enhance security in new product designs based on our STM32 microcontrollers utilizing our STM32 Microcontrollers enriched with STSAFE secure elements.

STM32Trust is the security framework combining our knowledge, ecosystem and security services. The solution offers a complete toolset for code and execution protection, ensures IP protection, data secured, and validated credentials are used, and helps to get firmware authenticity and secure firmware update.

STM32Trust brings 12 Security Functions to align with Customer Use Cases and Security Standards. 

 

The 12 Security Functions-Summary Definitions

1. Secure boot

Ability to ensure the authenticity and integrity of an application that is inside a device

2. Isolation

Isolation between trusted and non-trusted parts of an application

3. Secure Install/Update

Installation or update of firmware with initial checks of integrity and authenticity before programming

4. Abnormal situations handling

Ability to detect abnormal situations (both hardware and software) and to take adapted decisions like secrets removals

5. Secure Storage

Ability to securely store secrets like data or keys (and use them without being able to see them)

6. Crypto Engine

Ability to process cryptographic algorithms, as recommended by a security assurance level

7. Identification / Authentication / Attestation

Unique identification of a device and/or software, and ability to detect its authenticity, inside the device or externally

8. Audit/Log

Keep trace of security events in an unchangeable way

9. Silicon Device Lifecycle

Control states to securely protect silicon device assets through a constrained path

10. Application Lifecycle

Define unchangeable incremental states to securely protect application states and assets

11. Software IP Protection

Ability to protect a section or the whole software against external or internal reading. Can be multi-tenant

12. Secure Manufacturing

Initial device provisioning in unsecured environment with overproduction control. Potential secured personalization

 

 

X-CUBE-SBSFU

Application codes are most vulnerable when being transferred into boot memory or updated in the field.

The X-CUBE-SBSFU Secure Boot and Secure Firmware Update is a set of software reference source codes for secure firmware and upgrade of STM32 microcontroller built-in applications, adding new features and correcting potential issues. The update process is performed in a secure way to prevent unauthorized updates and access to confidential on-device data.

The X-CUBE-SBSFU shows how to set up all STM32 memory-protection mechanisms to isolate Secure Boot and Firmware Update functions from the main application.

There is also a reference implementation of ST’s secure element STSAFE, which maximizes the security level of the final application.

X-CUBE-CRYPTOLIB

This ECCN 5D002-classified software is based on STM32Cube architecture package and includes a set of crypto algorithms based on firmware implementation. Ready to use in all STM32 microcontrollers.

SFI

The Secure Firmware Installation solution, available on STM32L4, STM32H7 and STM32L5 microcontrollers and soon to be extended to additional STM32 platforms, provides protection when devices are being programmed for the first time.

The solution offers a complete toolset to encrypt OEM binaries with the Trusted Package Creator software, the CUBE Programmer to securely flash the STM32 and the STM32HSM to transfer OEM credentials to the programming partner.

After firmware development and validation, designers can securely encrypt binary files using the Trusted Package Creator software and store all their credentials into a dedicated smart card, such as the hardware security module STM32HSM.

The STM32CubeProgrammer or SFI recommended partner programming tools can then be implemented to securely program STM32 MCUs in untrusted environments, such as manufacturing lines.

STM32CubeProgrammer

The STM32CubeProgrammer includes the STM32TrustedPackage Creator tool which allows the generation of SFI and SMI encrypted images for STM32 devices embedding SFI. It is available in both CLI and GUI modes free of charge.

The SFI format is an encryption format for firmware created by STMicroelectronics. It uses AES algorithm to transform a firmware in Elf, Hex, Bin or Srec formats into an encrypted and authenticated firmware in SFI format. An SFI firmware image is composed of a header, plus several areas. The areas are usually contiguous firmware areas. The last area is the configuration area containing the option byte values to be programmed when the SFI is complete.

STM32HSM

The STM32HSM-V1 is used to secure the programming of STM32 products to avoid product counterfeiting on contract manufacturers' premises.

Resources

PRODUCT SPECIFICATIONS
00 Files selected for download
Description Version Size Action
DB2641
Proprietary code read-out protection (PCROP), software expansion for STM32Cube
3.0.0
139 KB
PDF
APPLICATION NOTES
Description Version Size Action
AN5056
Integration guide for the X-CUBE-SBSFU STM32Cube Expansion Package
3.0.0
3MB
PDF
AN5156
Introduction to STM32 microcontrollers security
2.0.0
3MB
PDF
AN4729
STM32L0/L4 FIREWALL overview
1.2.0
114KB
PDF
AN4730
Using the FIREWALL embedded in STM32L0/L4/L4+ Series MCUs for secure access to sensitive parts of code and data
2.0.0
114KB
PDF
AN2606
STM32 microcontroller system memory boot mode
38.0.0
3.9MB
PDF
AN4701
Proprietary code read-out protection on microcontrollers of the STM32F4 Series
3.0
893.7KB
PDF
AN4758
Proprietary code read-out protection on microcontrollers of the STM32L4 Series
2.0
994.8 KB
PDF
AN4968
Proprietary code read out protection (PCROP) on STM32F72xxx and STM32F73xxx microcontrollers
1.0
1.1MB
PDF
AN4230
STM32 microcontrollers random number generation validation using NIST statistical test suite
2.0
517.0 KB
PDF
AN3371
Using the hardware real-time clock (RTC) in STM32 F0, F2, F3, F4 and L1 series of MCUs
5.2
418.0 KB
PDF
AN4992
Overview secure firmware install (SFI)
3.0
1.2MB
PDF
AN5054
Secure programming using STM32CubeProgrammer
2.0
2.9MB
PDF
AN4838
Managing memory protection unit (MPU) in STM32 MCUs
3.0.0
219.8 KB
PDF
AN4246
Proprietary Code Read Out Protection on STM32L1 microcontrollers
1.2.0
283.7 KB
PDF
USER MANUAL
Description Version Size Action
UM2262
Getting started with the X-CUBE-SBSFU STM32Cube Expansion Package
4.0
2.8 MB
PDF
UM2237
STM32CubeProgrammer software description
7.0
3.2 MB
PDF
UM2238
STM2 Trusted Package Creator tool software description
3.0
1.7 MB
PDF
    For customers or partners who want to develop secure programming solution based on STM32 SFI, additional technical documents are available under NDA (contact sales office)
  • AN5243 Bootloader SFI security extension for STM32H7 Series
  • AN2428 Hardware secure module (HSM) for STM32CubeProgrammer secure firmware install (SFI)
PRODUCT SPECIFICATIONS
DB2641

Proprietary code read-out protection (PCROP), software expansion for STM32Cube

APPLICATION NOTES
AN5056

Integration guide for the X-CUBE-SBSFU STM32Cube Expansion Package

AN5156

Introduction to STM32 microcontrollers security

AN4729

STM32L0/L4 FIREWALL overview

AN4730

Using the FIREWALL embedded in STM32L0/L4/L4+ Series MCUs for secure access to sensitive parts of code and data

AN2606

STM32 microcontroller system memory boot mode

AN4701

Proprietary code read-out protection on microcontrollers of the STM32F4 Series

AN4758

Proprietary code read-out protection on microcontrollers of the STM32L4 Series

AN4968

Proprietary code read out protection (PCROP) on STM32F72xxx and STM32F73xxx microcontrollers

AN4230

STM32 microcontrollers random number generation validation using NIST statistical test suite

AN3371

Using the hardware real-time clock (RTC) in STM32 F0, F2, F3, F4 and L1 series of MCUs

AN4992

Overview secure firmware install (SFI)

AN5054

Secure programming using STM32CubeProgrammer

AN4838

Managing memory protection unit (MPU) in STM32 MCUs

AN4246

Proprietary Code Read Out Protection on STM32L1 microcontrollers

USER MANUAL
UM2262

Getting started with the X-CUBE-SBSFU STM32Cube Expansion Package

UM2237

STM32CubeProgrammer software description

UM2238

STM2 Trusted Package Creator tool software description

Evaluations & Certifications

Trainings

X-CUBE-PCROP firmware Proprietary code read-out protection (PCROP) software expansion for STM32Cube (AN4701, AN4758 and AN4968)
STM32 online training about “Security & Safety Full range of STM32 training courses (STM32G4, STM32F7, STM32L4, STM32L4+, STM32G0, STM32WB, STM32H7 and STM32MP1) available on line
STM32 MOOC - Basics of security in STM32 STM32 security basics MOOC with hands-on exercises

Partners

Featured content

STM32Trust: Secure Boot, Update, and Install Under One Roof

We are launching today STM32Trust, a new initiative that focuses on all the software and hardware solutions we bring to improve the security of our devices.

Getting started with STM32H747 Discovery Kit

The STM32H747I-DISCO Discovery kit is a complete demonstration and development platform for STMicroelectronics STM32H747XIH6 microcontroller, designed to simplify user application development.

Get involved in the STM32 Community

Ask questions, share projects and collaborate with your fellow community members.

Follow us on Facebook

Be the first informed about our STM32 products and solutions and share your ideas on our dedicated Facebook page

Support & Feedback