Table of Contents
Advertisement
•
Guarantee unique boot entry on SB application:
–
–
-
3.3 Securely update the firmware in the field.
•
Implement a SFU application with cryptography.
•
Apply relevant secure memory protection around the SFU secret data (refer to previous sections).
4. Communication and authentication: cryptography
4.1 Communicate securely.
•
Use or implement secure communication stacks relying on cryptography for confidentiality and authentication
(such as TLS for Ethernet).
4.2 Use the ST AES/DES/SHA cryptographic functions with STM32 devices.
•
Use only official software implementation by ST with STM32 X-CUBE-CRYPTOLIB.
4.3 Accelerate AES/DES/SHA cryptographic functions.
•
Use device with cryptographic hardware peripheral together with official STM32 X-CUBE-CRYPTOLIB.
•
Use OTFDEC to access AES-ciphered code in the external memory without latency penalty.
4.4 Generate random data.
•
Use RNG embedded in the STM32 devices.
-
4.5 Uniquely identify ST microcontrollers.
•
Use STM32 96-bit unique ID.
4.6 Authenticate a product device.
•
Embed a shared encryption key in the device, and exchange encrypted message.
4.7 Uniquely authenticate a device.
•
Embed a device private key and its certificate in the device, and exchange encrypted message.
4.8 Authenticate communication servers.
•
Embed a shared encryption key in the device, and exchange encrypted message.
•
Embed server public key in the device, and exchange encrypted message.
AN5156 - Rev 8
Use HDP if available.
Use RDP level 2 and disable boot pin selection.
AN5156
Guidelines
page 43/56
Advertisement
Table of Contents
Need help?
Do you have a question about the STM32C0 Series and is the answer not in the manual?
Questions and answers