STM32Trust offers a robust multi-level strategy to enhance security in new product designs based on our STM32 microcontrollers utilizing our STM32 Microcontrollers enriched with STSAFE secure elements.
STM32Trust is the security framework combining our knowledge, ecosystem and security services. The solution offers a complete toolset for code and execution protection, ensures IP protection, data secured, and validated credentials are used, and helps to get firmware authenticity and secure firmware update.
STM32Trust brings 12 Security Functions to align with Customer Use Cases and Security Standards.
The 12 Security Functions-Summary Definitions
1. Secure boot
Ability to ensure the authenticity and integrity of an application that is inside a device
Isolation between trusted and non-trusted parts of an application
3. Secure Install/Update
Installation or update of firmware with initial checks of integrity and authenticity before programming
4. Abnormal situations handling
Ability to detect abnormal situations (both hardware and software) and to take adapted decisions like secrets removals
5. Secure Storage
Ability to securely store secrets like data or keys (and use them without being able to see them)
6. Crypto Engine
Ability to process cryptographic algorithms, as recommended by a security assurance level
7. Identification / Authentication / Attestation
Unique identification of a device and/or software, and ability to detect its authenticity, inside the device or externally
Keep trace of security events in an unchangeable way
9. Silicon Device Lifecycle
Control states to securely protect silicon device assets through a constrained path
10. Application Lifecycle
Define unchangeable incremental states to securely protect application states and assets
11. Software IP Protection
Ability to protect a section or the whole software against external or internal reading. Can be multi-tenant
12. Secure Manufacturing
Initial device provisioning in unsecured environment with overproduction control. Potential secured personalization
|Security Function||STM32F4/F7/L1/WB/G0/G4/H7/L0/L4||STM32MP1||STM32L5 with TrustZone||+ STSAFE|
|Secure Boot|| |
|Secure Storage|| |
SBSFU KMS (L4)
|Abnormal situations handling|
|Crypto Engine|| |
|Silicon Device LifeCycle|
|Software IP Protection|| |
|Secure Manufacturing|| |
Application codes are most vulnerable when being transferred into boot memory or updated in the field.
The X-CUBE-SBSFU Secure Boot and Secure Firmware Update is a set of software reference source codes for secure firmware and upgrade of STM32 microcontroller built-in applications, adding new features and correcting potential issues. The update process is performed in a secure way to prevent unauthorized updates and access to confidential on-device data.
The X-CUBE-SBSFU shows how to set up all STM32 memory-protection mechanisms to isolate Secure Boot and Firmware Update functions from the main application.
There is also a reference implementation of ST’s secure element STSAFE, which maximizes the security level of the final application.
This ECCN 5D002-classified software is based on STM32Cube architecture package and includes a set of crypto algorithms based on firmware implementation. Ready to use in all STM32 microcontrollers.
The Secure Firmware Installation solution, available on STM32L4, STM32H7 and STM32L5 microcontrollers and soon to be extended to additional STM32 platforms, provides protection when devices are being programmed for the first time.
The solution offers a complete toolset to encrypt OEM binaries with the Trusted Package Creator software, the CUBE Programmer to securely flash the STM32 and the STM32HSM to transfer OEM credentials to the programming partner.
After firmware development and validation, designers can securely encrypt binary files using the Trusted Package Creator software and store all their credentials into a dedicated smart card, such as the hardware security module STM32HSM.
The STM32CubeProgrammer or SFI recommended partner programming tools can then be implemented to securely program STM32 MCUs in untrusted environments, such as manufacturing lines.
The STM32CubeProgrammer includes the STM32TrustedPackage Creator tool which allows the generation of SFI and SMI encrypted images for STM32 devices embedding SFI. It is available in both CLI and GUI modes free of charge.
The SFI format is an encryption format for firmware created by STMicroelectronics. It uses AES algorithm to transform a firmware in Elf, Hex, Bin or Srec formats into an encrypted and authenticated firmware in SFI format. An SFI firmware image is composed of a header, plus several areas. The areas are usually contiguous firmware areas. The last area is the configuration area containing the option byte values to be programmed when the SFI is complete.
|STM32CubeProg||STM32CubeProgrammer software for programming STM32 products|
The STM32HSM-V1 is used to secure the programming of STM32 products to avoid product counterfeiting on contract manufacturers' premises.
Evaluations & Certifications
|Certifications||Available now||Available in 2020|
|ARM PSA ||ARM PSA Level 1 ||ARM PSA Level 2 |
|SESIP ||SESIP Level 1 ||SESIP Level 3 |
|COMMON CRITERIA ||CC EAL5+ |
|Evaluations||Available now||Available in 2020|
|PCI POS Point of Sale application|| |
|UL Solution Evaluation|| || |
|Brightsight Code Evaluation|| || |
|EDSI Robustness Evaluation|| |
|STM32L4 Security Firewall|
|STM32L4 Security Advanced Encryption Standard (AES) HW accelerator|
|STM32L4 peripheral HASH|
|STM32L4 Security memories protections|
|STM32L4 Security Random Number Generator (RNG)|
|STM32L4 Real Time Clock|
STM32Trust: Secure Boot, Update, and Install Under One Roof
We are launching today STM32Trust, a new initiative that focuses on all the software and hardware solutions we bring to improve the security of our devices.
Getting started with STM32H747 Discovery Kit
The STM32H747I-DISCO Discovery kit is a complete demonstration and development platform for STMicroelectronics STM32H747XIH6 microcontroller, designed to simplify user application development.
Get involved in the STM32 Community
Ask questions, share projects and collaborate with your fellow community members.