Available Interfaces And Method Of Use (Agd_Ope.1.2C & Agd_Ope.1.3C) - ST STM32CubeL5 User Manual

Secure Storage size change
The integrator can also choose to change the size of secure storage areas located in the TOE (size of the
protected Storage area used by the Protected Storage API of the TOE and/or size of the Internal Trusted Storage
area used by the Internal Trusted Storage API). However, the flexibility for an integrator to increase size of the
secure storage areas managed by the TOE without compromising the TOE security falls within the scope of this
evaluation but it is not the certified configuration as Flash memory layout changes will impact the security
configuration of the TOE (Implementation ID value will be changed as described in
acceptance).
Non-secure application change
The integrator can also choose to change the non-secure application by its own non-secure application without
changing the Flash memory layout as defined in
memory. The flexibility for an integrator to change the non-secure application code without compromising the TOE
security falls within the scope of this evaluation and remains the certified configuration.
Non-secure application size change
The integrator can also choose to change the size of the non-secure application (i.e changing the global internal
Flash/SRAM layout defined in
The flexibility for an integrator to change the size of the non-secure application without compromising the TOE
security falls within the scope of this evaluation but it is not the certified configuration as Flash memory layout
changes will impact the security configuration of the TOE (Implementation ID value will be changed as described
in Section 3.1 Secure
External memories use
The integrator can also choose to use external memories (Flash and/or SRAM) for its non-secure application.
However, the flexibility for an integrator t to use external memories for its non-secure application without
compromising the TOE security falls within the scope of this evaluation but it is not the certified configuration as
Flash memory layout changes will impact the security configuration of the TOE (Implementation ID value will be
changed as described in
TOE functions changes
Finally, the integrator can choose to modify functions implemented in software in the TOE (such as replacing
some cryptographic functionality by a different implementation or such as removing some functions of the TOE
that are not used by the application in order to save memory). Any changes in the software code of the TOE
cannot and does not fall within the scope of this evaluation and it is not the certified configuration.
4.2.2 Available interfaces and method of use (AGD_OPE.1.2C & AGD_OPE.1.3C)
Integrator can access different interfaces to develop its product:
• Physical chip interface
• Secure image secondary slot interface
• Non-Secure image secondary slot interface
• PSA API interface
• JTAG interface
There are no particular instructions regarding effective use or security parameters under control of the user, as
these are functional interfaces not directly related to security functionality. TOE implements several mechanisms
to validate inputs received to ensure that secure/privilege data/code are well protected. However, the integrator is
warned that extending the secure services in the secure/unprivileged domain (so-called Application RoT services)
could compromise any other secure services or any HW resources configured in secure/unprivileged domain as
there is no isolation between each secure service inside the secure/unprivileged domain. Therefore:
• Any input received from a IoT application should be validated within the Application RoT services API (e.g.
bounds checking).
• The integrator must be aware what data is sent to the IoT application and must ensure that there is no
unintentional leak of sensitive information.
• Properly handle errors - always check a result/status code returned by a function.
UM2745 - Rev 1
Section 3.3.3 SW programing into STM32L5 chip internal Flash
Section 3.3.3 SW programing into STM32L5 chip internal Flash
acceptance).
Section 3.1 Secure acceptance).
Operational guidance for the role integrator
Section 3.1 Secure
memory).
UM2745
page 23/36