Design Win

Secure manager embedded software for STM32Cube

Get Software Download databrief

Product overview

Key Benefits

Speed up your qualification process with system-level certifications

Security services developed according to the best practices: PSA Certified Level 3 and SESIP3 target certifications


Security is a key driver for the microcontroller market, often perceived as complex by the users.

The STM32Trust TEE secure manager (STM32TRUSTEE-SM) is a suite of system-on-chip security solutions that simplifies the development of embedded applications to ensure ready to use security services. With the STM32 microcontroller, the STM32Trust TEE secure manager relieves the developers of writing and validating their own code while providing security services developed according to the best practices.

The STM32Trust TEE secure manager encompasses two types of packages: the STM32Trust TEE secure manager access kit (SMAK) and the STM32Trust TEE secure module development kit (SMDK).

The STM32Trust TEE secure manager access kit (SMAK) is installed easily into STM32 products by the customers on their production lines. It offers a ready to use, high performance, and certified solution to support the Secure Boot, root of trust, cryptographic, internal trusted storage, initial attestation, and firmware update functions as defined by the Arm® PSA specifications.

The STM32Trust TEE SMAK binary code is isolated by the Arm® TrustZone® hardware, which protects its capabilities and all the OEM applicative secure credentials it manages and stores. OEMs develop, debug, and protect their applicative firmware as usual, and call STM32Trust TEE SMAK secure functionalities as defined in the STM32Trust TEE SMAK nonsecure reference source code provided by STMicroelectronics (refer to the "Development kits" section of the data brief).

The STM32Trust TEE secure manager solution is supported by the global STM32 ecosystem tools with the STM32CubeMX initialization code generator, the STM32CubeIDE integrated development environment, and the STM32CubeProgrammer (STM32CubeProg) ST-LINK programmer.

The STM32H573xx microcontrollers are the first products to support the STM32Trust TEE secure manager solution. Download the documentation and software package from the STM32TRUSTEE-SM web page. Retrieve additional operational and functional descriptions from the STMicroelectronics wiki security pages at The reference of the STM32Trust TEE secure manager access kit (SMAK) binary software package for STM32H573xx microcontrollers is X-CUBE-SEC-M-H5. This software package is under export control conditions. Read the "Get Software" description before downloading it.

The STM32Trust TEE SMAK binary can be complemented by new secure functions, called secure software modules, developed by STMicroelectronics, OEMs, or ST Partners who want to sell and protect their software intellectual property.

The STM32Trust TEE secure module development kit (SMDK) is dedicated to the development of these new secure software modules. A software module is a simple or a complex function, which has access to the STM32 peripherals and interfaces and is limited in code size. The STM32Trust TEE SMDK allows OEMs and ST Partners to develop, debug with traces, and distribute their own software module to be installed, updated, and executed under the STM32Trust TEE SMAK rules and isolation (refer to the "Development kits" section of the data brief).

The STM32Trust TEE secure module development kit (SMDK) for STM32H573xx microcontrollers is not available to mass market usage. It is provided under a specific license agreement. Contact STMicroelectronics sales office for additional information. For usage information, refer to the security section of the STMicroelectronics wiki at

The list of applicable products is provided in the corresponding section of the data brief.

  • All features

    • Arm® PSA standard and API compliancy
    • Arm® PSA services
      • Secure Boot
      • Root of trust (RoT) with chip diversified keys
      • Cryptography functions
      • Internal trusted storage (ITS)
      • Initial attestation (IAT)
      • Firmware update (FWU)
    • Software IP protection (PSA isolation level 3)
      • Sandboxed secure services
    • Security hardware
      • Arm® Cortex®-M33 with Arm® TrustZone®
      • Option bytes OB-Key secure system key storage (STiRoT, STuRoT, and attestation keys)
      • Side-channel-resistant cryptographic accelerators SAES and SPKA
      • Internal and external event tampers detections
      • TRNG NIST SP800-90B
      • Debug authentication with certificate
    • Security certification (target)
      • PSA Certified™ Level 3
      • GlobalPlatform SESIP3

Get Software

On-demand webinar: Simplify your security journey with the STM32Trust TEE Secure Manager solution