The STM32Trust ecosystem combines knowledge, design tools, and ready-to-use original ST software to build strong cyber-protection into new IoT devices, leveraging industry best-practices. These help designers take advantage of features built into STM32 microcontrollers to ensure trust among devices, prevent unauthorized access, and resist side-channel attacks to avert data theft and code modification.
STM32Trust integrates all available cyber-protection resources including reference material and free software for the STM32 family and offers a robust multi-level strategy to enhance security.
The STM32Trust solution offers a complete toolset for code and execution protection.
STM32Trust.CodeProtection includes a set of solutions to ensure owner code confidentiality and integrity programming on authentic STM32 devices.
Hardware cyber-protection features are already embedded on certain STM32 MCU models. Tamper detection, firewall code-isolation mechanisms and Arm TrustZone® technologies are also implemented to ensure the most sensitive codes benefit from extra protection.
Application codes are most vulnerable when being transferred into boot memory or updated in the field.
The X-CUBE-SBSFU Secure Boot and Secure Firmware Update is a set of software reference source codes for secure firmware and upgrade of STM32 microcontroller built-in applications, adding new features and correcting potential issues. The update process is performed in a secure way to prevent unauthorized updates and access to confidential on-device data.
The X-CUBE-SBSFU shows how to set up all STM32 memory-protection mechanisms to isolate Secure Boot and Firmware Update functions from the main application.
The X-CUBE-SBSFU package can also be executed to exploit the security hardware capability of the STSAFE-A certified CC EAL5+ secure element. In this configuration, STSAFE-A, brings optimized services and storage to insure correctness of the firmware executed or uploaded at the MCU level.
The STSAFE is a highly secure solution that acts as a secure element providing authentication and data management services to a local or remote host. It consists of a full turnkey solution with a secure operation system. It can be integrated in IoT devices, consumer electronics devices, consumables and accessories as well as smart-home, smart-city and industrial applications.
Trusted Firmware-M (TF-M) is the reference implementation of Platform Security Architecture (PSA) from Arm. Its open source code shows how to set up the Arm V8-M Cortex-M processor with TrustZone technology and allow to create a Trusted Execution Environment solution on STM32 MCU.
TF-M support a set of secure run time services such as Secure Storage, Cryptography, Audit Logs and Attestation. Additionally, secure boot in TFM_BOOT ensures integrity of Run time Software and supports firmware upgrade.
TF-M is delivered on STM32Cube package on supported STM32.
This ECCN 5D002-classified software is based on STM32Cube architecture package and includes a set of crypto algorithms based on firmware implementation. Ready to use in all STM32 microcontrollers.
The Secure Firmware Installation solution, available on STM32 platforms, provides protection when devices are being programmed for the first time.
The solution offers a complete toolset to encrypt OEM binaries with the Trusted Package Creator software, the CUBE Programmer to securely flash the STM32 and the STM32HSM to transfer OEM credentials to the programming partner.
- Only genuine STMicroelectronics STM32 microcontrollers can install the protected firmware.
- The number of STM32 devices on which the firmware has been installed can be counted.
- Authenticity, integrity and confidentiality of the OEM firmware and option bytes are checked and user Flash memory is programmed with decrypted firmware and option bytes.
After firmware development and validation, designers can securely encrypt binary files using the Trusted Package Creator software and store all their credentials into a dedicated smart card, such as the hardware security module STM32HSM.
The STM32CubeProgrammer or SFI recommended partner programming tools can then be implemented to securely program STM32 MCUs in untrusted environments, such as manufacturing lines.
The STM32CubeProgrammer includes the STM32TrustedPackage Creator tool which allows the generation of SFI and SMI encrypted images for STM32 devices embedding SFI. It is available in both CLI and GUI modes free of charge.
The SFI format is an encryption format for firmware created by STMicroelectronics. It uses AES algorithm to transform a firmware in Elf, Hex, Bin or Srec formats into an encrypted and authenticated firmware in SFI format. An SFI firmware image is composed of a header, plus several areas. The areas are usually contiguous firmware areas. The last area is the configuration area containing the option byte values to be programmed when the SFI is complete.
|STM32CubeProg||STM32CubeProgrammer software for programming STM32 products|
The STM32HSM-V1 is used to secure the programming of STM32 products to avoid product counterfeiting on contract manufacturers' premises.
FASTROM (Factory Advanced Service Technique Read Only Memory) MCUs are Flash devices which are pre-programmed with the customer’s code and selected options. FASTROM MCUs improve programming efficiency for large quantities (10,000+) and compared to ROM, have the advantage of shortening leadtime and allow devices to be reprogrammed.
For further information, please contact your local ST contact.
Devices become targets of cyberattacks when they are commercially implemented and need to be immune to these attacks. Cyber security measures need to be set up to make sure that firmware IPs are protected and that credentials and data are secured by the application and cannot be breached.
STM32Trust.ExecutionProtection is a set of STM32 hardware capabilities to ensure owner code proper runtime isolation, execution and ease, and which achieves confidentiality and authenticity in the collected data. STM32 offers different architectures and isolation schemes.
The debug port provides access to all the device’s resources from the outside. Used for application development, it is the first vulnerability breach to be accessed by the attacker on the device. STM32 debug function shall be locked to ensure owner code confidentiality and authenticity.
Executed after each reset, the secure boot, as shown in the X-CUBE-SBSFU software package, checks the integrity of the STM32 platform configuration and verifies each embedded firmware signature for authentication.
Temporal Isolation is an non-reversible hardware mechanism which limit the visibility and access to an application after a certain period of time. On the STM32 platforms, after reset it allows to run sensitive code and resources within a specific time windows. After that windows, all the protected resources are no more accessible by any runtime application.
Temporal Isolation defines a dedicated security domain into the STM32 memory and can be used to protect secure boot or any platform initialization codes.
The Memory Protection Unit mechanism protects different processes from each other and allows them to run independently. The resulting software isolation ensures that individual processes keep their code and data safe from each other. STM32 provides MPU solutions and is supported by several operating systems.
Dual-core architectures allow two runtime applications to run within the same device, both isolated by the core ID.
TrustZone is a complete set of hardware mechanisms to ensure the proper definition and isolation of two main security application domains: one so-called trusted domain (for critical applications with their affected resources) and one non-trusted domain for the main firmware application.
The firewall is a hardware protection peripheral which controls the bus transactions and filters accesses to three particular areas: a code area (Flash), a volatile data area (SRAM), and a non-volatile data area (Flash). It allows users to simply set the critical code execution apart from the main application firmware.
|STM32L4 Security Firewall|
|STM32L4 Security Advanced Encryption Standard (AES) HW accelerator|
|STM32L4 peripheral HASH|
|STM32L4 Security memories protections|
|STM32L4 Security Random Number Generator (RNG)|
|STM32L4 Real Time Clock|
STM32Trust: Secure Boot, Update, and Install Under One Roof
We are launching today STM32Trust, a new initiative that focuses on all the software and hardware solutions we bring to improve the security of our devices.
Getting started with STM32H747 Discovery Kit
The STM32H747I-DISCO Discovery kit is a complete demonstration and development platform for STMicroelectronics STM32H747XIH6 microcontroller, designed to simplify user application development.
Get involved in the STM32 Community
Ask questions, share projects and collaborate with your fellow community members.