The STM32HSM-V1 hardware security module (HSM) is used to secure the programming of STM32 products, and to avoid product counterfeiting at contract manufacturers' premises.
The SFI feature allows secure loading of customer firmware to STM32 products embedding a secure bootloader.
After defining the firmware encryption key and encrypting their firmware, the original equipment manufacturer (OEM) stores the encryption key to one or more STM32HSM-V1 HSMs and sets the number of authorized SFI operations (counter value) using the STM32CubeProgrammer and STM32 Trusted Package Creator software tools. Contract manufacturers must utilize the STM32HSM-V1 HSMs to load encrypted firmware to STM32 devices: each HSM only allows the OEM-defined number of programming operations before being irreversibly deactivated.
- Genuine firmware identification (firmware identifier)
- Identification of STM32 products with secure firmware install (SFI) functionality
- Management of ST public keys associated with the supported STM32 products
- License generation using a customer-defined firmware encryption key
- Secure counter that generates a predefined number of licenses
- Direct support for the STM32CubeProgrammer software (STM32CubeProg) including the STM32 Trusted Package Creator tool.
(**) The Material Declaration forms available on st.com may be generic documents based on the most commonly used package within a package family. For this reason, they may not be 100% accurate for a specific device. Please contact our sales support for information on specific devices.