Secure Installation And Secure Preparation Of The Operational Environment (Agd_Pre.1.2C); Hardware Setup; Software Setup - ST STM32CubeL5 User Manual

• How to check the complete TOE once implemented on STM32L5 Chip: by comparing values in the Security
Target and the values that TOE provides through the PSA Initial Attestation services
(psa_initial_attest_get_token function):
– HW version: contains value of DBGMCU_IDCODE register that allow to identify the STM32L5 HW.
– Implementation ID: contains SHA256 value computed on the immutable SW code part of the TOE
(TFM_SBSFU code binary data). Once TOE is configured, this value is fixed as it corresponds to the
immutable part of the TOE (excluding TOE personalization data). This value will change in case
Integrator changes the Flash memory layout of the regions managed by the TOE (refer to section 3.3.3
"SW programing into STM32L5 chip internal Flash memory" to get information about Flash memory
layout regions).
– Measurement values:
◦
◦
Note: To get the values mentioned in the Security Target, the firmware package containing the TOE code shall be
installed at the following path: "C:/Data/"
3.2 Secure installation and secure preparation of the operational environment
(AGD_PRE.1.2C)
Installation of the TOE corresponds to generating the binary image and loading it into the MCU memory. In case
of the STM32L562E-DK development board, this can be done using the STM32CubeProgrammer via USB and
connecting to the target. Before this installation is possible, the integrator must implement some drivers that are
required by the TOE. In case of the STM32L562E-DK this implementation is already provided in the
STM32CubeL5 package
This section describes the hardware and software setup procedures.
3.2.1

Hardware setup

To set up the hardware environment, STM32L562E-DK board shall be connected to a personal computer via a
USB cable. This connection with the PC allows the user:
• Flashing the board
• Interacting with the board via a UART console
• Debugging when the protections are disabled
3.2.2

Software setup

This section lists the minimum requirements for the developer to setup the SDK on a Windows 10 host, run the
sample scenario, and customize applications delivered in STM32Cube_FW_L5_V1.1.0 SW package.
STM32Cube_FW_L5_V1.1.0 SW package
Copy STM32Cube_FW_L5_V1.1.0 SW package on your Windows host hard disk at the following location
"C:\data"
Development toolchains and compilers
TFM tests will be done using CubeIDE projects delivered in the STM32CubeL5 SW Package, so STM32CubeIDE
tool (version: 1.2.0.19w47 Build: 4750_20191121_1215 or version: 1.2.0 Build: 5034_20300108_0926) shall be
installed on the host.
Refer to [AN5394] to get details about the system requirements and setup information.
UM2745 - Rev 1

Secure installation and secure preparation of the operational environment (AGD_PRE.1.2C)

contains SHA256 value computed on the up-datable SW code part of the TOE (secure image
code). This value is related to the TOE and can be verified only if secure application code is not
changed (customized by the integrator at first installation or updated through the secure update
procedure). Any code changes in the code running in secure/privilege domain (included in the
TOE scope) and any code changes in the code running in secure/unprivileged domain (not
included in the TOE scope) will change the value.
contains SHA256 value computed on the non-secure image code. This value is not related to the
TOE and will be changed as soon as the non-secure image code is changed (customized by the
integrator at first installation or updated through the secure update procedure).
UM2745
page 6/36