Design Win

Secure manager embedded software for STM32Cube




Security is a key driver for the microcontroller market, often seen complex by the users.

The STM32Trust TEE secure manager (STM32TRUSTEE-SM) is a suite of system-on-chip security solutions that simplifies the development of embedded applications to ensure ready to use security services. With the STM32 microcontroller, the STM32Trust TEE secure manager relieves the developers of writing and validating their own code while providing security services developed according to the best practices.

The STM32Trust TEE secure manager encompasses two types of package: the STM32Trust TEE secure manager access kit (SMAK) and the STM32Trust TEE secure module development kit (SMDK).

Easy to be installed into STM32 products by the customers on their production lines, the STM32Trust TEE secure manager access kit (SMAK) offers a ready to use, high performance, and certified solution to support the Secure Boot, root of trust, cryptographic, internal trusted storage, initial attestation, and firmware update functions as defined by the Arm® PSA specifications.

The STM32Trust TEE SMAK binary code is isolated by the Arm® TrustZone® hardware, which protects its capabilities and all the OEM applicative secure credentials it manages and stores. OEMs can simply develop, debug, and protect their applicative firmware as usual and call STM32Trust TEE SMAK secure functionalities as defined into the STM32Trust TEE SMAK nonsecure reference source code provided by STMicroelectronics.

The STM32Trust TEE secure manager solution is supported by the global STM32 ecosystem tools with the STM32CubeMX initialization code generator, the STM32CubeIDE integrated development environment, and the STM32CubeProgrammer (STM32CubeProg) ST-LINK programmer.

STM32Trust TEE SMAK can be complemented by new secure functions, called secure software modules, developed by STMicroelectronics, OEMs, or ST Partners who want to sell and protect their software intellectual property.

The STM32Trust TEE secure module development kit (SMDK) is dedicated to the development of these new STM32Trust TEE SMAK secure software modules. A software module is a simple or a complex function, which can access to the STM32 peripherals and interfaces and is limited in code size. The STM32Trust TEE SMDK allows OEMs and ST Partners to develop, debug with traces, and distribute their own software module to be installed, updated, and executed under the STM32Trust TEE SMAK rules and isolation.

The list of applicable products is provided in the corresponding section of the data brief.

  • 特徴

    • Arm® PSA standard compliancy
    • Arm® PSA services
      • Secure Boot
      • Root of trust (RoT) with chip diversified keys
      • Cryptography functions
      • Internal trusted storage (ITS)
      • Initial attestation (IAT)
      • Firmware update (FWU)
    • Software IP protection (PSA isolation level 3)
      • Sandboxed secure services
    • Security hardware
      • Arm® Cortex®-M33 with Arm® TrustZone®
      • Option bytes OB-Key secure system key storage (STiRoT, STuRoT, and attestation keys)
      • Side-channel-resistant cryptographic accelerators SAES and SPKA
      • Internal and external event tampers detections
      • TRNG NIST SP800-90B
      • Debug authentication with certificate
    • Security certification (target)
      • PSA Certified level 3
      • GlobalPlatform SESIP3