ST X-CUBE-SBSFU User Manual
ST X-CUBE-SBSFU User Manual

ST X-CUBE-SBSFU User Manual

Getting started with the stm32cube expansion package
Table of Contents

Advertisement

UM2262
User manual
Getting started with the X-CUBE-SBSFU
STM32Cube Expansion Package
Introduction
This user manual describes how to get started with the X-CUBE-SBSFU STM32Cube
Expansion Package.
The X-CUBE-SBSFU Secure Boot and Secure Firmware Update solution allows the update
of the STM32 microcontroller built-in program with new firmware versions, adding new
features and correcting potential issues. The update process is performed in a secure way
to prevent unauthorized updates and access to confidential on-device data.
The Secure Boot (Root of Trust services) is an immutable code, always executed after a
system reset, that checks STM32 static protections, activates STM32 runtime protections
and then verifies the authenticity and integrity of user application code before every
execution in order to ensure that invalid or malicious code cannot be run.
The Secure Firmware Update application receives the firmware image via a UART interface
with the Ymodem protocol, checks its authenticity, and checks the integrity of the code
before installing it. The firmware update is done on the complete firmware image, or only on
a portion of the firmware image. Examples are provided for single firmware image
configuration in order to maximize firmware image size, and for dual firmware image
configuration in order to ensure safe image installation and enable over-the-air firmware
update capability commonly used in IoT devices. Examples can be configured to use
asymmetric or symmetric cryptographic schemes with or without firmware encryption.
The secure key management services provide cryptographic services to the user
application through the PKCS #11 APIs (KEY ID-based APIs) that are executed inside a
protected and isolated environment. User application keys are stored in the protected and
isolated environment for their secured update: authenticity check, data decryption and data
integrity check.
STSAFE-A100 is a tamper-resistant secure element (HW Common Criteria EAL5+ certified)
used to host X509 certificates and keys, and perform verifications that are used for firmware
image authentication during Secure Boot and Secure Firmware Update procedures.
X-CUBE-SBSFU is built on top of STM32Cube software technology, making the portability
across different STM32 microcontrollers easy. It is provided as reference code to
demonstrate best use of STM32 security protections.
X-CUBE-SBSFU is classified ECCN 5D002.
February 2020
UM2262 Rev 6
1/94
www.st.com
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the X-CUBE-SBSFU and is the answer not in the manual?

Questions and answers

Summary of Contents for ST X-CUBE-SBSFU

  • Page 1 Getting started with the X-CUBE-SBSFU STM32Cube Expansion Package Introduction This user manual describes how to get started with the X-CUBE-SBSFU STM32Cube Expansion Package. The X-CUBE-SBSFU Secure Boot and Secure Firmware Update solution allows the update of the STM32 microcontroller built-in program with new firmware versions, adding new features and correcting potential issues.
  • Page 2: Table Of Contents

    Contents UM2262 Contents General information ......... 9 Terms and definitions .
  • Page 3 ST-LINK disable ........
  • Page 4 Contents UM2262 A.2.1 Principle ..........63 A.2.2 Constraints .
  • Page 5 UM2262 Contents STSAFE-A100 ordering........87 Appendix H STM32WB Series specificities .
  • Page 6 List of tables UM2262 List of tables Table 1. List of acronyms ............9 Table 2.
  • Page 7 UM2262 List of figures List of figures Figure 1. Secure Boot Root of Trust ..........15 Figure 2.
  • Page 8 List of figures UM2262 Figure 48. KMS menu ............. 83 Figure 49.
  • Page 9: General Information

    STM32 and STSAFE-A100, which demonstrates HW Secure Element protections for secure authentication services and secure data storage. X-CUBE-SBSFU is a starting point for OEMs to develop their own SBSFU as a function of their product security requirement levels.
  • Page 10: Table 2. List Of Terms

    General information UM2262 Table 1. List of acronyms (continued) Acronym Description Integrated development environment Initialization vector IWDG Independent watch dog Firmware FWALL Firewall Key management services Message authentication code Microcontroller unit Memory protection unit NONCE Number used only once OTFDEC On-the-fly decryption PCROP Proprietary code read out protection...
  • Page 11: References

    General information References STMicroelectronics related documents Public documents are available on line from STMicroelectronics web site at www.st.com. Contact STMicroelectronics when more information is needed. Integration guide for the X-CUBE-SBSFU STM32Cube Expansion Package (AN5056) Introduction to STM32 microcontrollers security application note (AN5156)
  • Page 12: Stm32Cube Overview

    STM32Cube overview UM2262 STM32Cube overview What is STM32Cube? STM32Cube is an STMicroelectronics original initiative to significantly improve designer's productivity by reducing development effort, time and cost. STM32Cube covers the whole STM32 portfolio. STM32Cube includes: • A set of user-friendly software development tools to cover project development from the conception to the realization, among which: –...
  • Page 13 UM2262 STM32Cube overview The package includes different sample applications to provide a complete SBSFU solution: • SE_CoreBin application: provides a binary including all the "trusted" code. • Secure Boot and Secure Firmware Upgrade (SBSFU) application: – Secure Boot (Root of Trust) –...
  • Page 14: Secure Boot And Secure Firmware Update (Sbsfu)

    Secure Boot and Secure Firmware Update (SBSFU) UM2262 Secure Boot and Secure Firmware Update (SBSFU) Product security introduction A device deployed in the field operates in an untrusted environment and it is therefore subject to threats and attacks. To mitigate the risk of attack, the goal is to allow only authentic firmware to run on the device.
  • Page 15: Secure Firmware Update

    UM2262 Secure Boot and Secure Firmware Update (SBSFU) Figure 1. Secure Boot Root of Trust Secure Firmware Update Secure Firmware Update (SFU) provides a secure implementation of in-field firmware updates, enabling the download of new firmware images to a device in a secure way. As shown in Figure 2, two entities are typically involved in a firmware update process:...
  • Page 16: Cryptography Operations

    Cryptography operations The X-CUBE-SBSFU STM32Cube Expansion Package is delivered with four cryptographic schemes using both asymmetric and symmetric cryptography. The default cryptographic scheme demonstrates ECDSA asymmetric cryptography for firmware verification and AES-CBC symmetric cryptography for firmware decryption.
  • Page 17: Table 3. Cryptographic Scheme Comparison

    UM2262 Secure Boot and Secure Firmware Update (SBSFU) Table 3. Cryptographic scheme comparison X509 certificate-based Asymmetric Asymmetric Symmetric Features asymmetric without with AES encryption without encryption (AES-GCM) encryption AES-CBC encryption, or AES-CTR encryption for STM32 AES-GCM encryption Confidentiality None: the user FW is in clear format. MCUs supporting (FW binary) OTFDEC processing...
  • Page 18: Key Management Services

    Key management services UM2262 Key management services Key management services (KMS) middleware provides cryptographic services through the standard PKCS #11 APIs (specified by OASIS) allowing to abstract the key value to the caller (using object ID and not directly the key value). KMS is executed inside a protected/isolated environment in order to ensure that key value cannot be accessed by an unauthorized code running outside the protected/isolated environment.
  • Page 19: Figure 3. Kms Functions Overview

    UM2262 Key management services Figure 3. KMS functions overview For more details regarding the OASIS PKCS #11 standard, refer to [5]. UM2262 Rev 6 19/94...
  • Page 20: Protection Measures And Security Strategy

    Protection measures and security strategy UM2262 Protection measures and security strategy Cryptography ensures integrity, authentication and confidentiality. However, the use of cryptography alone is not enough: a set of measures and system-level strategy are needed for protecting critical operations and sensitive data (such as a secret key), and the execution flow, in order to resist possible attacks.
  • Page 21: Stm32L4 Series And Stm32L0 Series

    Figure 5. SBSFU security IPs vs. STM32 Series (2 of 2) STM32L4 Series and STM32L0 Series Figure 6 illustrates how the system, the code, and the data are protected in the X-CUBE-SBSFU application example for the STM32L4 Series and STM32L0 Series. UM2262 Rev 6 21/94...
  • Page 22: Figure 6. Stm32L4 And Stm32L0 Protection Overview During Sbsfu Execution

    Protection measures and security strategy UM2262 Figure 6. STM32L4 and STM32L0 protection overview during SBSFU execution 22/94 UM2262 Rev 6...
  • Page 23 UM2262 Protection measures and security strategy Protections against outer attacks Outer attacks refer to attacks triggered by external tools such as debuggers or probes, trying to access the device. In the SBSFU application example, RDP, tamper, DAP and IWDG protections are used to protect product against outer attacks: •...
  • Page 24: Stm32F4 Series, Stm32F7 Series And Stm32L1 Series

    STM32F4 Series, STM32F7 Series and STM32L1 Series Figure 7 illustrates how the system, the code, and the data are protected in the X-CUBE-SBSFU application example for the STM32F4 Series, STM32F7 Series, and STM32L1 Series. Figure 7. STM32F4, STM32F7 and STM32L1 protection overview during SBSFU execution...
  • Page 25 UM2262 Protection measures and security strategy Protections against outer attacks Outer attacks refer to attacks triggered by external tools such as debuggers or probes, trying to access the device. In the SBSFU application example, RDP, tamper, DAP and IWDG protections are used to protect product against outer attacks: •...
  • Page 26: Stm32G0 Series, Stm32G4 Series And Stm32H7 Series

    STM32G0 Series, STM32G4 Series and STM32H7 Series Figure 8 illustrates how the system, the code, and the data are protected in the X-CUBE-SBSFU application example for the STM32G0 Series, STM32G4 Series and STM32H7 Series. For the specificities of STM32H7B3 devices, refer to appendix I.3 External Flash on...
  • Page 27 UM2262 Protection measures and security strategy Protections against outer attacks Outer attacks refer to attacks triggered by external tools such as debuggers or probes, trying to access the device. In the SBSFU application example, RDP, tamper, DAP and IWDG protections are used to protect product against outer attacks: •...
  • Page 28: Table 5. Mpu Regions In The Stm32G0 Series, Stm32G4 Series And Stm32H7 Series

    Protection measures and security strategy UM2262 • PCROP (proprietary code readout protection): a section of Flash is defined as execute- only applying PCROP protection on it: it is not possible to access this section in reading nor writing. Being an execute-only area, a key is protected with PCROP only if it is "embedded"...
  • Page 29: Figure 9. Stm32G0, Stm32G4, And Stm32H7 Protection Overview During User Application Execution

    UM2262 Protection measures and security strategy Figure 9. STM32G0, STM32G4, and STM32H7 protection overview during user application execution UM2262 Rev 6 29/94...
  • Page 30: Stm32Wb Series

    Protection measures and security strategy UM2262 STM32WB Series Figure 10 illustrates how the system, the code, and the data are protected in the X-CUBE-SBSFU application example for the STM32WB Series. Figure 10. STM32WB protection overview during SBSFU execution 30/94 UM2262 Rev 6...
  • Page 31 UM2262 Protection measures and security strategy Protections against outer attacks Outer attacks refer to attacks triggered by external tools such as debuggers or probes, trying to access the device. In the SBSFU application example, RDP, tamper, DAP and IWDG protections are used to protect product against outer attacks: •...
  • Page 32: Stm32L4 Series Combined With Stsafe-A100

    STM32L4 Series combined with STSAFE-A100 Figure 10 illustrates how the system, the code, and the data are protected in the X-CUBE-SBSFU application example featuring the STM32L4 Series combined with STSAFE-A100. Figure 11. STM32L4 / STSAFE-A100 protection overview during SBSFU execution...
  • Page 33 UM2262 Protection measures and security strategy STM32 microcontroller protections against outer attacks Outer attacks refer to attacks triggered by external tools such as debuggers or probes, trying to access the device. In the SBSFU application example, RDP, tamper, DAP and IWDG protections are used to protect product against outer attacks: •...
  • Page 34 Protection measures and security strategy UM2262 • PCROP (proprietary code readout protection): a section of Flash is defined as execute- only applying PCROP protection on it: it is not possible to access this section in reading nor writing. Being an execute-only area, a key is protected with PCROP only if it is "embedded"...
  • Page 35: Package Description

    UM2262 Package description Package description This section details the X-CUBE-SBSFU package content and the way to use it. General description X-CUBE-SBSFU is a software package for STM32 microcontrollers. It provides a complete solution to build Secure Boot and Secure Firmware Update applications: •...
  • Page 36: Architecture

    B-L475E-IOT01A board. The STSAFE-A100 feature is available on the STM32L4 Series with example provided on the B-L475E-IOT01A board Architecture This section describes the software components of the X-CUBE-SBSFU package illustrated Figure Figure 12. Software architecture overview SBSFU sample application Secure...
  • Page 37: Stm32Cubehal

    UM2262 Package description 6.2.1 STM32CubeHAL The HAL driver layer provides a generic multi instance simple set of APIs (application programming interfaces) to interact with the upper layers (application, libraries and stacks). It is composed of generic and extension APIs. It is directly built around a generic architecture and allows the layers that are built upon, such as the middleware layer, implementing their functionalities without dependencies on the specific hardware configuration for a given microcontroller unit (MCU).
  • Page 38: Stsafe-A Middleware

    Package description UM2262 6.2.6 STSAFE-A middleware STSAFE-A middleware provides a complete set of APIs to access all the STSAFE-A100 device features from STM32 microcontrollers. It integrates both low-level communication drivers to interface with the STSAFE-A100 hardware, and a higher-level processing exporting a set of command APIs to easily access the device features from the STM32 microcontroller.
  • Page 39: Secure Boot And Secure Firmware Upgrade (Sbsfu) Application

    UM2262 Package description 6.2.7 Secure Boot and Secure Firmware Upgrade (SBSFU) application Secure Boot (Root of Trust) • Checks and applies the security mechanisms of STM32 platform to protect critical operations and secrets from attacks • Authenticates and verifies the user application before each execution Local download via UART Virtual COM •...
  • Page 40: User Application

    ® UART (Over The Air download mechanisms, such as BLE, Wi-Fi or others, can be implemented in the user application but are not provided as examples in the X-CUBE-SBSFU application example). • Provides examples testing the protections mechanisms. • Provides an example for using some of the functionalities exported by SE such as getting information about the current firmware image.
  • Page 41: Folder Structure

    UM2262 Package description Folder structure A top-level view of the folder structure is shown in Figure 13 Figure Figure 13. Project folder structure (1 of 2) UM2262 Rev 6 41/94...
  • Page 42: Apis

    Package description UM2262 Figure 14. Project folder structure (2 of 2) APIs Detailed technical information about the APIs is provided in a compiled HTML file located in the STM32_Secure_Engine, STM32_Key_Management_Services, and STSAFE_A1xx folders of the software package where all the functions and parameters are described. Application compilation process with IAR™...
  • Page 43: Figure 15. Application Compilation Steps

    UM2262 Package description • Step 2: SBSFU This step compiles the SBSFU source code implementing the state machine and configuring the protections. In addition, it links the code with the SECore binary generated at step 1 in order to generate a single SBSFU binary including the SE trusted code.
  • Page 44: Hardware And Software Environment Setup

    Refer to the STSW-LINK004 STM32 ST-LINK Utility software on www.st.com. Caution: Make sure to use an up-to-date version of ST-LINK (V2.J29 or later). STM32CubeProgrammer STM32CubeProgrammer (STM32CubeProg) is an all-in-one multi-OS software tool for programming STM32 microcontrollers.
  • Page 45: Terminal Emulator

    (Ymodem protocol support is required). 7.2.4 X-CUBE-SBSFU firmware image preparation tool The X-CUBE-SBSFU Expansion Package for STM32Cube is delivered with the prepareimage tool handling the cryptographic keys and firmware image preparation. The prepareimage tool is delivered in two formats: ®...
  • Page 46: Step-By-Step Execution

    Step-by-step execution UM2262 Step-by-step execution The following steps describe a dual-image SBSFU scenario executed on NUCLEO-L476RG board with the default cryptographic scheme, further illustrated in Figure Download SBSFU application SBSFU is running : download UserApp #A UserApp #A is installed UserApp #A is running, download UserApp #B UserApp #B is installed then running The UserApp#A and UserApp#B binaries are generated on the basis of the user application...
  • Page 47: Stm32 Board Preparation

    UM2262 Step-by-step execution STM32 board preparation The target Option bytes setting is the following for the NUCLEO-L476RG board: • RDP Level 0 is set • Write protection is disabled on all Flash pages • PCROP protection is disabled • BFB2 bit disabled •...
  • Page 48: Figure 19. Stm32Cubeprogrammer Connection Menu

    Step-by-step execution UM2262 Option bytes setting is verified by means of the STM32CubeProgrammer through the following four steps: 1. Connection: Menu Target / Connect with Under reset mode selected (refer to Figure Figure 19. STM32CubeProgrammer connection menu 48/94 UM2262 Rev 6...
  • Page 49: Application Compilation

    UM2262 Step-by-step execution 2. Option bytes settings : Menu Target / Option bytes (refer to Figure Figure 20. STM32CubeProgrammer Option bytes screen The STM32CubeProgrammer Option bytes screen is specific to the STM32 microcontroller series. 3. Erase chip: Menu Target / Erase Chip Figure 21.
  • Page 50: Tera Term Connection

    COM54. Figure 22. Tera Term connection screen a. Make sure the ST-LINK debugger/programmer embedded on the board runs the proper firmware version (V2J29 or higher). If this is not the case, please upgrade this firmware first.
  • Page 51: Tera Term Configuration

    UM2262 Step-by-step execution 8.3.3 Tera Term configuration The Tera Term configuration is performed through the General and Serial port setup menus. Figure 22 illustrates the General setup and Serial port setup menus. Figure 23. Tera Term setup screen A configuration is saved using Menu Setup / Save Setup. Caution: After each plug / unplug of the USB cable, the Tera Term Serial port setup menu may have to be validated again to restart the connection.
  • Page 52: Welcome Screen Display

    Step-by-step execution UM2262 8.3.4 Welcome screen display The welcome screen is displayed on Tera Term as illustrated in Figure 24 Figure 24. SBSFU welcome screen display SBSFU application execution At each reboot, the application checks if the user has requested a new firmware download by keeping the User button pressed.
  • Page 53: Figure 25. Sbsfu Encrypted Firmware Transfer Start

    UM2262 Step-by-step execution Figure 25. SBSFU encrypted firmware transfer start Once the UserApp.sfb file is selected, the Ymodem transfer starts. Transfer progress is reported as shown in Figure Figure 26. SBSFU encrypted firmware transfer in progress The progress gauge stalls for a short time at the beginning of the procedure while SBSFU verifies the firmware header validity and erases the Flash slot where the firmware image is downloaded.
  • Page 54: File Transfer Completion

    Step-by-step execution UM2262 8.4.3 File transfer completion After the file transfer is completed, the system forces a reboot as shown in Figure Figure 27. SBSFU reboot after encrypted firmware transfer The system status that is printed as shown in Figure 27 consequently provides the following information: •...
  • Page 55: System Restart

    UM2262 Step-by-step execution 8.4.4 System restart Pressing the Reset button forces the system to restart: the user application is started by SBSFU. Note: Holding the User button during reset, triggers the forced download state instead of the user application execution. User application execution The user application is executed according to the selection illustrated in Figure 28...
  • Page 56: Figure 29. Encrypted Firmware Download Via User Application

    Step-by-step execution UM2262 Figure 29. Encrypted firmware download via user application 56/94 UM2262 Rev 6...
  • Page 57: Test Protections

    UM2262 Step-by-step execution 8.5.2 Test protections An example of the test protection menu is shown in Figure 30. The actual menu depends on the STM32 Series. Figure 30. User application test protection menu The test protection menu is printed at each test attempt of a prohibited operation or error injection as a function of the test run: •...
  • Page 58: Understanding The Last Execution Status Message At Boot-Up

    Understanding the last execution status message at boot-up UM2262 Understanding the last execution status message at boot-up Table 6 lists the main error messages together with their explanation. Table 6. Error messages at boot-up Error message Meaning No error. Success. No problem encountered.
  • Page 59 UM2262 Understanding the last execution status message at boot-up Table 6. Error messages at boot-up (continued) Error message Meaning During a local download procedure, the binary file has not been received File not correctly received. properly. At the moment this detection is minimalist. During a local download procedure, the header could not be authenticated Header authentication failed.
  • Page 60: Appendix A Secure Engine Protected Environment

    Secure Engine protected environment UM2262 Appendix A Secure Engine protected environment The Secure Engine (SE) concept defines a protected enclave exporting a set of secure functions executed in a trusted environment. The following functionalities are provided by SE to the SBSFU application example: •...
  • Page 61: Firewall-Based Secure Engine Isolation

    UM2262 Secure Engine protected environment Firewall-based Secure Engine Isolation A.1.1 SE core call gate mechanism The firewall is opened or closed using a specific "call gate" mechanism: a single entry point (placed at the 2nd word of the Code segment base address) must be used to open the gate and to execute the code protected by the firewall.
  • Page 62: Se Interface

    Secure Engine protected environment UM2262 The SBSFU code calls the call gate function in order to open the firewall and to execute protected code The call gate function check parameters and securities and then calls the requested Crypto function The SE Crypto functions calls an internal ReadKey function that moves the keys into the protected section of SRAM1 and then use them in the cryptographic operations.
  • Page 63: Mpu-Based Secure Engine Isolation

    UM2262 Secure Engine protected environment Figure 33. Secure Engine interface SE interface mechanism simplifies the control access to the call gate independent from user implementation. SE interface APIs are shared with the user application, which therefore executes sensitive operations (if not locked via the Secure Engine lock service) in a secure way using the services provided by SE.
  • Page 64: Table 7. Mpu Regions For Secure Engine Isolation

    Firewall protection). It abstracts the request to get the privileged level of software execution: this request consists in triggering a supervisor (SVC) call. In the SBSFU example delivered in the X-CUBE-SBSFU Expansion Package, the SBSFU application implements an SVC handler to catch this SVC call and process it with another...
  • Page 65: Figure 35. Sbsfu Requesting A Secure Engine Service

    UM2262 Secure Engine protected environment Figure 35. SBSFU requesting a Secure Engine service The SE call gate mechanism uses the concepts described in Section A.1.1: SE core call gate mechanism to provide a unique entry point to the Secure Engine services. The difference with Section A.1.1 is that the MPU protection replaces the Firewall protection;...
  • Page 66: Constraints

    (for instance a DMA peripheral). It is therefore required to make sure that only trusted code can program these peripherals. For instance, in the X-CUBE-SBSFU example for 32F413HDISCOVERY, an MPU region covers the DMA registers to make sure it is not possible to program these peripherals in unprivileged mode of execution: only the privileged code can configure the DMAs.
  • Page 67: Appendix B Dual-Image Handling

    UM2262 Dual-image handling Appendix B Dual-image handling Some SBSFU application examples handle two firmware images stored in internal Flash. Elements and roles • Slot #0: – This slot contains the active firmware (firmware header + firmware). This is the user application that is launched at boot time by SBSFU (after verifying its validity).
  • Page 68: Figure 37. Internal User Flash Mapping (Example Of The Nucleo-L476Rg With 512-Byte Headers)

    Dual-image handling UM2262 Figure 37. Internal user Flash mapping (example of the NUCLEO-L476RG with 512-byte headers) 68/94 UM2262 Rev 6...
  • Page 69: Mapping Definition

    UM2262 Dual-image handling Mapping definition The mapping definition is located in the Linker_Common folder for each example. Figure 38 shows how to find information such as slot size and SBSFU code size in the NUCLEO- L476RG example. To start the application, SBSFU initializes the SP register with the user application stack pointer value, then jumps to the user application reset vector (refer to Figure 38).
  • Page 70: Appendix C Single-Image Handling

    Single-image handling UM2262 Appendix C Single-image handling Some SBSFU application examples handle one single firmware image stored in internal Flash. This mode of operation allows maximizing the user firmware size by: • Reducing the SBSFU footprint in Flash • Allocating more Flash space for the user application These benefits come at the cost of some features: •...
  • Page 71: Appendix D Cryptographic Schemes Handling

    UM2262 Cryptographic schemes handling Appendix D Cryptographic schemes handling Four cryptographic schemes are provided as example to illustrate the cryptographic operations. The default cryptographic scheme uses both symmetric (AES-CBC) and asymmetric (ECDSA) cryptography. So, it handles a private key (AES128 private key) as well as a public key (ECC key).
  • Page 72: Asymmetric Verification And Symmetric Encryption Schemes

    Cryptographic schemes handling UM2262 Asymmetric verification and symmetric encryption schemes These schemes (SECBOOT_ECCDSA_WITH_AES128_CBC_SHA256, SECBOOT_ECCDSA_WITH_AES128_CTR_SHA256, SECBOOT_ECCDSA_WITHOUT_ENCRYPT_SHA256) are implemented for firmware decryption and verification as illustrated in Figure Figure 39. Asymmetric verification and symmetric encryption 72/94 UM2262 Rev 6...
  • Page 73: Symmetric Verification And Encryption Scheme

    UM2262 Cryptographic schemes handling Symmetric verification and encryption scheme This scheme (SECBOOT_AES128_GCM_AES128_GCM_AES128_GCM) is implemented for firmware decryption and verification as illustrated in Figure 40 Figure 40. Symmetric verification and encryption UM2262 Rev 6 73/94...
  • Page 74: X509 Certificate-Based Asymmetric Scheme Without Firmware Encryption

    Cryptographic schemes handling UM2262 X509 certificate-based asymmetric scheme without firmware encryption This scheme (SECBOOT_X509_ECDSA_WITHOUT_ENCRYPT_SHA256) is implemented for firmware verification as illustrated in Figure Figure 41. X509 asymmetric verification The X509 certificate-based asymmetric scheme makes use of a chain of X509 certificates to deliver the public key used to verify the firmware header signature.
  • Page 75: Figure 42. Certificate Chain

    UM2262 Cryptographic schemes handling Figure 42. Certificate chain In order to use the public key contained in the leaf certificate, the certificate chain is first verified by the SBSFU code to ensure that the delivered firmware signing public key is authentic.
  • Page 76: Secure Boot And Secure Firmware Update Flow

    Cryptographic schemes handling UM2262 Secure Boot and Secure Firmware Update flow Figure 43 Figure 44 indicate how the cryptographic operations (asymmetric cryptographic scheme with FW encryption) are integrated in the SBSFU execution boot flows. Figure 43. SBSFU dual-image boot flows 76/94 UM2262 Rev 6...
  • Page 77: Figure 44. Sbsfu Single-Image Boot Flows

    UM2262 Cryptographic schemes handling Figure 44. SBSFU single-image boot flows UM2262 Rev 6 77/94...
  • Page 78: Appendix E Firmware Image Preparation Tool

    Firmware image preparation tool UM2262 Appendix E Firmware image preparation tool The X-CUBE-SBSFU STM32Cube Expansion Package is delivered with the prepareimage firmware image preparation tool allowing: • Taking into account the selected cryptographic scheme and keys • Encrypting the firmware image when required •...
  • Page 79: Outputs

    UM2262 Firmware image preparation tool The tool uses the appropriate set of files based on the cryptographic scheme selected by means of SECBOOT_CRYPTO_SCHEME in file Applications\2_Images\2_Images SECoreBin\Inc\se_crypto_config.h. Outputs The tool generates: • The se_key.s file compiled in the SECoreBin project: this file contains the keys (private symmetric key and public ECC key when applicable) embedded in the device and the code to access them.
  • Page 80: Partial Image

    First perform a binary comparison between the two full images in clear Then apply the usual image preparation procedure Refer to the detailed procedure Example for partial update described in the readme.txt file of the prepareimage tool (Middlewares\ST\STM32_Secure_Engine\Utilities\KeysAndImages\readme.txt). 80/94 UM2262 Rev 6...
  • Page 81: Kms

    UM2262 Appendix F Key update process description PKCS #11 APIs manage keys through objects containing different type of information: • Object header: giving information about the object itself, such as attribute size, number of attributes and object ID • Object attributes: such as type, size and value Static embedded keys are embedded in the code and cannot be modified.
  • Page 82: Sbsfu Static Keys Generation

    UM2262 Figure 46. Secure update procedure SBSFU static keys generation With KMS middleware integration, SBSFU keys are no more stored in a section under PCROP protection but inside the KMS code running in the secure enclave as shown in Figure 47.
  • Page 83: Userapp Menu

    UM2262 Figure 47. KMS key storage UserApp menu A specific menu is added providing examples using KMS services exported services through a standard PKCS #11 interface: AES-GCM/CBC encryption/decryption, RSA signature/verification, key provisioning, key derivation. Figure 48. KMS menu UM2262 Rev 6 83/94...
  • Page 84: Appendix Gsbsfu With Stm32 And Stsafe-A100

    SBSFU with STM32 and STSAFE-A100 UM2262 Appendix G SBSFU with STM32 and STSAFE-A100 Introduction to STSAFE-A100 STSAFE-A100 is a tamper-resistant secure element (HW Common Criteria EAL5+ certified) used to host X509 certificates and keys, and perform verifications that are used for firmware image authentication during Secure Boot and Secure Firmware Update procedures.
  • Page 85: Figure 50. Pairing Key And Certificate Provisioning Overview

    UM2262 SBSFU with STM32 and STSAFE-A100 As explained above, the STM32, STSAFE-A100, and firmware image must be provisioned with some keys and or certificates: • STM32: pairing keys must be inserted inside the SBSFU application code (inside the part that is executed inside the protected environment) to be able to communicate securely with an STSAFE-A100 component •...
  • Page 86: Certificate Generation

    Figure 51. Batch files using openssl STSAFE-A100 provisioning To provision STSAFE-A100 with pairing keys and certificates that are used in the context of the SBSFU application example, a provisioning tools application project is provided as example in the X-CUBE-SBSFU package (2_Images_STSAFE\STSAFE_Provisioning). 86/94 UM2262 Rev 6...
  • Page 87: Stm32 And Firmware Image Provisioning

    STM32 and firmware image provisioning To provision the STM32 with the pairing keys and insert the certificates in the firmware image headers, the prepare image tool concept of the X-CUBE-SBSFU Expansion Package is used (refer to Appendix E Firmware image preparation tool for more details): •...
  • Page 88: Appendix H Stm32Wb Series Specificities

    STM32WB Series specificities UM2262 Appendix H STM32WB Series specificities Compilation process A specific project (Loader) implementing the firmware download feature (over the Ymodem protocol) is provided in order to make easier the integration of over-the-air download capability (Bluetooth Low Energy protocol for STM32WB Series). Figure 53 outlines the additional step 0 in order to compile then integrate the Loader into SBSFU during the compilation process.
  • Page 89: Appendix Istm32H7 Series Specificities

    SBSFU execution. Connecting the STM32CubeProgrammer tool (STM32CubeProg) is not possible. Connection becomes possible once UserApp is started (the hot plug mode must be selected in the ST-LINK configuration panel) only if SFU_DAP_PROTECT_ENABLE is deactivated. To mitigate this risk, the switch SFU_SECURE_USER_PROTECT_ENABLE is enabled only after the development phase with the activation of the SFU_FINAL_SECURE_LOCK_ENABLE switch.
  • Page 90: External Flash On Stm32H7B3 Devices

    STM32H7 Series specificities UM2262 Figure 55. JTAG connection capability on STM32H7B3 devices External Flash on STM32H7B3 devices The STM32H7B3xxx microcontrollers offer the possibility to store the firmware images in an external memory in case the user application requires more memory size than what it is available in internal Flash memory.
  • Page 91: Figure 57. Memory Mapping For Stm32H7B3 Devices With External Flash

    Slot #0 is stored into the internal Flash in order to be protected through the secure user memory. To illustrate this capability, an application called 2 images ExtFlash is provided for the STM32H7B3I-DK board in the X-CUBE-SBSFU Expansion Package. Figure 57 shows the typical memory mapping for such configuration.
  • Page 92: Revision History

    Revision history UM2262 Revision history Table 9. Document revision history Date Revision Changes 7-Dec-2017 Initial release. Removed references to the integration guide in Chapter 7: Understanding the last execution status message at boot-up B.2 Mapping definition. 20-Dec-2017 Updated Table 4: Error messages at boot-up Section 5.2.2: Software tools for programming STM32 microcontrollers.
  • Page 93 UM2262 Revision history Table 9. Document revision history (continued) Date Revision Changes Updated the entire document: – Product scope extended to the STM32G4 Series, STM32H7 Series, STM32L0 Series, STM32L1 Series, and STM32WB Series – Added the integration of the STSAFE-A100 –...
  • Page 94 ST products and/or to this document at any time without notice. Purchasers should obtain the latest relevant information on ST products before placing orders. ST products are sold pursuant to ST’s terms and conditions of sale in place at the time of order acknowledgement.

Table of Contents

Save PDF