1. Manuals
  2. Brands
  3. ST Manuals
  4. Motherboard
  5. STM32CubeU5 TFM
  6. User manual

Secure Boot And Secure Firmware Update Services (Psa Immutable Rot); Product Security Introduction; Secure Boot; Figure 2. Secure Boot Root Of Trust - ST STM32CubeU5 TFM User Manual

Hide thumbs
Table of Contents

Advertisement

5
Secure Boot and Secure Firmware Update services
(PSA immutable RoT)
5.1

Product security introduction

A device deployed in the field operates in an untrusted environment, and is therefore subject to threats and
attacks. To mitigate the risk of attack, the goal is to allow only authentic firmware to run on the device. Allowing
the update of firmware images to fix bugs, or introduce new features or countermeasures, is commonplace for
connected devices. However, this is prone to attack if not executed in a secure way.
The consequences may be damaging, for example firmware cloning, malicious software download, or device
corruption. Security solutions must therefore be designed in order to protect sensitive data (potentially even the
firmware itself), and critical operations.
Typical countermeasures are based on cryptography (with associated key) and on memory protection
mechanisms:
Cryptography ensures integrity (the assurance that data has not been corrupted), authentication (the
assurance that a certain entity is what it claims to be), and confidentiality (the assurance that only
authorized users can read sensitive data) during firmware transfer.
Memory protection mechanisms prevent external attacks (for example by accessing the device physically
through JTAG) and internal attacks from other embedded nonsecure processes.
The following chapters describe solutions implementing integrity and authentication services to address the most
common threats for an IoT end-node device.
5.2

Secure Boot

Secure Boot asserts the integrity and authenticity of the user firmware image that is executed: cryptographic
checks are used to prevent any unauthorized or maliciously modified software from running. The Secure Boot
process implements a root of trust: starting from this trusted component (step 1 in
component is authenticated (step 2 in
Integrity is verified so as to be sure that the image that is going to be executed has not been corrupted or
maliciously modified.
Authenticity check aims to verify that the firmware image is coming from a trusted and known source in order to
prevent unauthorized entities to install and execute code.
Reset
Firmware*
UM2851 - Rev 4

Secure Boot and Secure Firmware Update services (PSA immutable RoT)

Figure
2) before its execution (step 3 in
Figure 2.
Secure Boot root of trust
Authenticates
Secure Boot
1
Trusted
Figure
Figure
Firmware*
2
*: application code or data only
UM2851
2), every other
2).
3
Application
page 7/117

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the STM32CubeU5 TFM and is the answer not in the manual?

Related Manuals for ST STM32CubeU5 TFM

Table of Contents