Table of Contents
Advertisement
5
Secure applications
In order to create a secure system, the hardware features must be used in a secure firmware architecture
implementation. An industry standard solution is the PSA, proposed by Arm for the IoT ecosystem. The
STMicroelectronics proprietary solution is Secure boot (SB) and Secure firmware update (SFU). It is possible
to use Secure firmware installation (SFI) to securely provision blank devices in manufacturing.
This section defines the root and chain of trust concept before presenting the following typical secure
applications implementing the features listed below:
•
Secure boot
•
Secure firmware update
•
Secure storage
•
Cryptographic services
These applications have a close link with cryptography. All cryptographic schemes are based on the three
concepts of secret key, public key, and hashing. Basics of cryptography are explained in
Cryptography - Main
Note:
•
The document
‑ cube ‑ sbsfu).
x
•
The user manual 'Getting started with STM32CubeL5 TF-M application' (UM2671) describes an example
of TF-M implementation with the STM32L5 Series MCU.
•
The user manual 'Getting started with STM32CubeU5 TF-M application' (UM2851) describes an example
of TF-M implementation with the STM32U5 Series MCU.
5.1
Secure firmware install (SFI)
In a mass production scenario, there may be concerns to get secure binaries to the parts without exposing them
to an untrusted environment.
In the SFI scenario, the binaries are encrypted using STM32 Trusted Package Creator software tool and sent to
HSM within the production facility, to install the code in the microcontrollers.
Note:
See AN5391, AN5054, and AN4992 for more information.
SFI is supported on STM32L4, STM32L5, STM32U5, STM32H5, and STM32H7 series.
5.2
Root and chain of trust
The principle of root and chain of trust is common to many secure systems. It is obviously scalable ad libitum,
inherently efficient and also flexible.
A chain of trust is built as a set of applicative components in which the security of each component is guaranteed
by another component. The root of trust is the anchor at the beginning of the chain on which the overall security
depends.
The secure boot implementation must be the single entry point to the device, start after reset with immutable code
in secure mode. It then authenticates a subsequent functionality and executes the next part of the firmware that
enables the additional functionality required to securely attest the following chain link. For example, it configures
volatile memory protection, so that a secure storage service can use it.
5.3
STMicroelectronics proprietary SBSFU solution
Secure boot and secure firmware update are complementary security concepts. The associated model
implementation can be found in the X-CUBE-SBSFU package.
5.3.1
Secure boot (SB)
The SB application is executed at reset before the user application. It provides first stages of security, and is then
responsible for ensuring the global chain of trust of the system.
AN5156 - Rev 8
concepts.
[9]
provides an implementation example of SB and SFU (www.st.com/en/product/
AN5156
Secure applications
Appendix
A.
page 23/56
Advertisement
Table of Contents
Need help?
Do you have a question about the STM32C0 Series and is the answer not in the manual?
Questions and answers