STM32Trust

Overview
Firmware
Certifications
Resources
Trainings
Partners
Featured content
 
Image for STM32Trust

STM32Trust offers a robust multi-level strategy to enhance security in new product designs based on our STM32 microcontrollers and microprocessors augmented with STSAFE secure elements.

STM32Trust is the security framework combining our knowledge, ecosystem and security services. The solution offers a complete toolset for code and execution protection and ensures IP protection, firmware authenticity and secure firmware update, as well as secure data and the use of validated credentials.

STM32Trust builds on multiple customer use-cases and the security features they require. Three examples illustrating how STM32Trust addresses key security needs are highlighted below.

Secure manufacturing
Secure boot & Secure update
Brand protection and identification
 
 
 
Your company designs smart toys.

    Key requirements
  • No firmware stealing at production
  • No over-production by manufacturer
  • Ensure firmware does not program devices not owned by the company
  • No firmware stealing in the field
  • Detection of attacks in the field

The Security Functions you need

  • Secure Manufacturing
  • Software IP Protection
  • Secure Install and Update
  • Silicon Device Lifecycle
  • Abnormal Situation Handling
  • Audit and Log
Your company sells technical equipment and would like to offer a firmware updated service.

    Key requirements
  • Ensure firmware update targets only your equipment
  • Be aware of product state at all times
  • Ensure the update is handled with integrity and that authenticity checks are carried out
  • Authenticity of firmware running on devices

The Security Functions you need



  • Identification Authentication Attestation
  • Secure Install and Update
  • Secure Boot
You control a fleet of devices from a remote server

    Key requirements
  • That every device shows a unique identity
  • Authenticate single devices
  • Attest device access rights
  • Secure device communication
  • Ensure that identities and access right secrets cannot be leaked even at the manufacturing stage

The Security Functions you need



  • Identification Authentication Attestation
  • Crypto Engine
  • Secure Storage and Secure Manufacturing (Secure Personalization)

STM32Trust brings 12 Security Functions to align with Customer Use Cases and Security Standards.

1. Secure boot

Ability to ensure the authenticity and integrity of an application that is inside a device

2. Secure Install/Update

Installation or update of firmware with initial checks of integrity and authenticity before programming

3. Secure Storage

Ability to securely store secrets like data or keys (and use them without being able to see them)

4. Isolation

Isolation between trusted and non-trusted parts of an application

5. Abnormal situations handling

Ability to detect abnormal situations (both hardware and software) and to take adapted decisions like secrets removals

6. Crypto Engine

Ability to process cryptographic algorithms, as recommended by a security assurance level

7. Audit/Log

Keep trace of security events in an unchangeable way

8. Identification / Authentication / Attestation

Unique identification of a device and/or software, and ability to detect its authenticity, inside the device or externally

9. Silicon Device Lifecycle

Control states to securely protect silicon device assets through a constrained path

10. Software IP Protection

Ability to protect a section or the whole software against external or internal reading. Can be multi-tenant

11. Secure Manufacturing

Initial device provisioning in unsecured environment with overproduction control. Potential secured personalization

12. Application Lifecycle

Define unchangeable incremental states to securely protect application states and assets

Mapping Security Functions versus STM32 and STSAFE portfolio

Firmware to be developed by user

 

Reference firmware proposed by ST

 

STM32 microcontrollers feature many security ingredients, bringing benefit to the coverage of a Security Function: RDP (Read Protection), WRP (Write Protection), MPU (Memory Protection Unit), UBE (Unique Boot Entry), HDP (Hide Protect), OTP zones, TrustZone, Firewall, PcRoP (Proprietary code Read out Protection), Anti-tamper mechanisms with sensors, Crypto Accelerators, True RNG (Random Number Generator), Unique IDs, SSP (Secure Secret Provisioning), etc. Please check exact features list within products documentation.

On top of these, ST brings firmware/tools solutions to cover better the Security Functions.

 

Firmware & SW Tools

Secure Boot and Secure Firmware Update (SBSFU)

Application codes are most vulnerable when being transferred into boot memory or updated in the field.

A Secure Boot and Secure Firmware Update is a set of software for secure firmware and upgrade, ensuring update process is performed in a secure way to prevent unauthorized updates and access to confidential on-device data.

ST provides two different implementations as reference source codes on STM32 microcontrollers:

  • X-CUBE-SBSFU, implementing the SBSFU mechanisms and showing how to set up all STM32 memory-protection mechanisms to isolate Secure Boot and Firmware Update functions from the main application. There is also a reference implementation of ST's secure element STSAFE, which maximizes the security level of the final application. STM32L4 implementation also includes Secure storage and used, via the "KMS" flavor.
  • TFM_SBSFU, implementing same mechanism on devices coming with TFM (Trusted Firmware-M), and delivered within STM32Cube packages

Trusted Firmware-M (TFM)

The Trusted Firmware-M software implementation contained is designed to be a reference implementation of the Platform Security Architecture (PSA) for Cortex-M ARMv7-M and Armv8-M. TFM is an open source software project providing, for STM32 microcontrollers:

  • A Secure FW with support for PSA Level 1 and 2 isolation on Armv8-M;
  • The Interfaces exposed by the Secure Firmware to non-secure side.
  • A secure fw model with non-secure application example.
  • Secure services running within the secure environment:
    • Secure Storage Service
    • Attestation
    • Crypto Service
    • Audit Log
    • And more

TFM is delivered within STM32Cube MCU packages by ST.

Open Portable Trusted Execution Environment (OPTEE)

OPTEE is a Trusted Execution Environment (TEE), a software designed as companion to a non-secure Linux kernel running on Arm Cortex-A cores using the TrustZone technology. OPTEE APIs are defined in the GlobalPlatform API specifications.

The main design goals for OP-TEE are:

  • Isolation - the TEE provides isolation from the non-secure OS and protects the loaded Trusted Applications (TAs) from each other using underlying hardware support,
  • Small footprint - the TEE should remain small enough to reside in a reasonable amount of on-chip memory as found on Arm based systems,
  • Portability - the TEE aims at being easily pluggable to different architectures and available HW and has to support various setups such as multiple client OSes or multiple TEEs.

OP-TEE is delivered a part of OpenSTLinux distribution packages, available for STM32 Microprocessors.

Crypto Libraries

ST proposes several cryptographic libraries for STM32 Microcontrollers, to match customer cases:

  • X-CUBE-CRYPTOLIB: This ECCN 5D002-classified software is based on STM32Cube architecture package and includes a set of crypto algorithms based on firmware implementation. Ready to use in all STM32 microcontrollers.
  • TFM Crypto: Cryptographic service, as delivered within TFM reference code
  • DPA Resistant Crypto Lib: ST is able to propose a DPA-resistant implementation of cryptographic algorithms. On demand on some specific part numbers. Contact nearest sales office

Secure Firmware Installation (SFI)

The Secure Firmware Installation solution, available on STM32L4, STM32H7 and STM32L5 microcontrollers and soon to be extended to additional STM32 platforms, provides protection when devices are being programmed for the first time.

The solution offers a complete toolset to encrypt OEM binaries with the Trusted Package Creator software, the CUBE Programmer to securely flash the STM32 and the STM32HSM to transfer OEM credentials to the programming partner.

After firmware development and validation, designers can securely encrypt binary files using the Trusted Package Creator software and store all their credentials into a dedicated smart card, such as the hardware security module STM32HSM.

The STM32CubeProgrammer or SFI recommended partner programming tools can then be implemented to securely program STM32 MCUs in untrusted environments, such as manufacturing lines.

STM32CubeProgrammer

The STM32CubeProgrammer includes the STM32TrustedPackage Creator tool which allows the generation of SFI and SMI encrypted images for STM32 devices embedding SFI. It is available in both CLI and GUI modes free of charge.

The SFI format is an encryption format for firmware created by STMicroelectronics. It uses AES algorithm to transform a firmware in Elf, Hex, Bin or Srec formats into an encrypted and authenticated firmware in SFI format. An SFI firmware image is composed of a header, plus several areas. The areas are usually contiguous firmware areas. The last area is the configuration area containing the option byte values to be programmed when the SFI is complete.

STM32HSM

The STM32HSM-V1 is used to secure the programming of STM32 products to avoid product counterfeiting on contract manufacturers' premises.

X-CUBE-PCROP firmware

The goal of this X-CUBE-PCROP firmware is to illustrate the practical usage of the PCROP protection feature on microcontrollers of the STM32F4, STM32F7 and STM32L4 Series.

Evaluations & Certifications

Resources

PRODUCT SPECIFICATIONS
00 Files selected for download
Description Version Size Action
DB2641
Proprietary code read-out protection (PCROP), software expansion for STM32Cube
3.0.0
139 KB
PDF
APPLICATION NOTES
Description Version Size Action
AN5056
Integration guide for the X-CUBE-SBSFU STM32Cube Expansion Package
3.0.0
3MB
PDF
AN5156
Introduction to STM32 microcontrollers security
2.0.0
3MB
PDF
AN4729
STM32L0/L4 FIREWALL overview
1.2.0
114KB
PDF
AN4730
Using the FIREWALL embedded in STM32L0/L4/L4+ Series MCUs for secure access to sensitive parts of code and data
2.0.0
114KB
PDF
AN2606
STM32 microcontroller system memory boot mode
38.0.0
3.9MB
PDF
AN4701
Proprietary code read-out protection on microcontrollers of the STM32F4 Series
3.0
893.7KB
PDF
AN4758
Proprietary code read-out protection on microcontrollers of the STM32L4 Series
2.0
994.8 KB
PDF
AN4968
Proprietary code read out protection (PCROP) on STM32F72xxx and STM32F73xxx microcontrollers
1.0
1.1MB
PDF
AN4230
STM32 microcontrollers random number generation validation using NIST statistical test suite
2.0
517.0 KB
PDF
AN3371
Using the hardware real-time clock (RTC) in STM32 F0, F2, F3, F4 and L1 series of MCUs
5.2
418.0 KB
PDF
AN4992
Overview secure firmware install (SFI)
3.0
1.2MB
PDF
AN5054
Secure programming using STM32CubeProgrammer
2.0
2.9MB
PDF
AN4838
Managing memory protection unit (MPU) in STM32 MCUs
3.0.0
219.8 KB
PDF
AN4246
Proprietary Code Read Out Protection on STM32L1 microcontrollers
1.2.0
283.7 KB
PDF
USER MANUAL
Description Version Size Action
UM2262
Getting started with the X-CUBE-SBSFU STM32Cube Expansion Package
4.0
2.8 MB
PDF
UM2237
STM32CubeProgrammer software description
7.0
3.2 MB
PDF
UM2238
STM2 Trusted Package Creator tool software description
3.0
1.7 MB
PDF
    For customers or partners who want to develop secure programming solution based on STM32 SFI, additional technical documents are available under NDA (contact sales office)
  • AN5243 Bootloader SFI security extension for STM32H7 Series
  • AN2428 Hardware secure module (HSM) for STM32CubeProgrammer secure firmware install (SFI)
PRODUCT SPECIFICATIONS
DB2641

Proprietary code read-out protection (PCROP), software expansion for STM32Cube

APPLICATION NOTES
AN5056

Integration guide for the X-CUBE-SBSFU STM32Cube Expansion Package

AN5156

Introduction to STM32 microcontrollers security

AN4729

STM32L0/L4 FIREWALL overview

AN4730

Using the FIREWALL embedded in STM32L0/L4/L4+ Series MCUs for secure access to sensitive parts of code and data

AN2606

STM32 microcontroller system memory boot mode

AN4701

Proprietary code read-out protection on microcontrollers of the STM32F4 Series

AN4758

Proprietary code read-out protection on microcontrollers of the STM32L4 Series

AN4968

Proprietary code read out protection (PCROP) on STM32F72xxx and STM32F73xxx microcontrollers

AN4230

STM32 microcontrollers random number generation validation using NIST statistical test suite

AN3371

Using the hardware real-time clock (RTC) in STM32 F0, F2, F3, F4 and L1 series of MCUs

AN4992

Overview secure firmware install (SFI)

AN5054

Secure programming using STM32CubeProgrammer

AN4838

Managing memory protection unit (MPU) in STM32 MCUs

AN4246

Proprietary Code Read Out Protection on STM32L1 microcontrollers

USER MANUAL
UM2262

Getting started with the X-CUBE-SBSFU STM32Cube Expansion Package

UM2237

STM32CubeProgrammer software description

UM2238

STM2 Trusted Package Creator tool software description

Partners

Featured content

STM32Trust: Secure Boot, Update, and Install Under One Roof

We are launching today STM32Trust, a new initiative that focuses on all the software and hardware solutions we bring to improve the security of our devices.

Get involved in the STM32 Community

Ask questions, share projects and collaborate with your fellow community members.

Follow us on Facebook

Be the first informed about our STM32 products and solutions and share your ideas on our dedicated Facebook page