Design Win

Secure boot and upgrade of embedded applications

Solution Description

This solution implements stringent hardware and software security measures to defend STM32 microcontrollers against the risk of attack in untrusted environments. It is based on the X-CUBE-SBSFU, which implements secure boot and secure firmware update procedures, and the STSAFE hardware element with authentication keys stored in protected and isolated memory.

Working together on an STM32 MCU, they implement secure boot and firmware update protocols, and manage embedded applications in order to prevent unauthorized code modification and access to confidential on-device data.

New firmware versions intended to add or improve the functionality or address known bugs in IoT field devices are generally deployed from centralized server or cloud services. The Secure Firmware Update application verifies the authenticity of any encrypted firmware images it receives and checks the integrity of the code before installing it. To accommodate wireless deployment of new firmware, which is a common necessity in IoT applications, the software also supports Over the Air Firmware (FOTA) updates.

The Secure Boot application instead runs immediately after any STM32 microcontroller reset to check status and activate run-time protections included as part of the STM32Trust collection of strategies to protect STM32 MCUs. This application verifies the authenticity and integrity of user software before every execution to block any invalid or malicious code.

  • Key Product Benefits

    STM32 Microcontrollers

    All STM32 microcontrollers are part of the STM32Trust ecosystem to ensure robust security across 12 specific strategies, including secure boot and update, memory protection, tamper detection, cryptography, authentication, and others, in order to ensure varying levels of compliance with recognized certification schemes for IoT platforms, such as SESIP and PSA by ARM®.

    X-CUBE-SBSFU Secure Boot Firmware

    The X-CUBE-SBSFU Secure Boot and Secure Firmware Update software ensures immutable Root of Trust service code is always executed after a system reset to check and activate STM32 static and runtime protections and verify the authenticity and integrity of user application code, and checks the authenticity and integrity of any firmware updates before they are installed. The software also provides secure key management and cryptographic services to user applications.

    STSAFE-A110 tamper-resistant secure element

    STSAFE-A110 is a tamper-resistant secure element (Hardware Common Criteria EAL5+ certified) used to host X509 certificates and keys and perform verifications that are used for firmware image authentication during Secure Boot and Secure Firmware Update procedures.

  • All Features

    • Status and activation of static and run-time STM32Trust security measures on every STM32 boot up instance
    • STSAFE secure element hardware for higher grade security than possible with software only
    • Secure Firmware Update with anti-rollback and partial image update capabilities for Over-the-Air or local firmware image update