Download
Share
Print this page
ST STM32U5 Series User Manual
  1. Manuals
  2. Brands
  3. ST Manuals
  4. Computer Hardware
  5. STM32U5
  6. User manual
ST STM32U5 Series User Manual

ST STM32U5 Series User Manual

Security guidance for sesip level 3 certification
Hide thumbs Also See for STM32U5 Series:

Advertisement

Quick Links

Download this manual
STM32U5x-STM32WBA5x security guidance for SESIP level 3 certification
Introduction
This document describes the preparative procedures and operational user guidance of STM32 general-purpose microcontrollers
to make a secure system solution according to SESIP level 3 certification.
This security guidance applies to any boards based on the devices in the table below.
Reference
STM32U5x
STM32U585x, STM32U5Ax, STM32U5Gx, STM32U545x
STM32WBA5x
STM32WBA5xx
UM3387 - Rev 1 - November 2024
For further information contact your local STMicroelectronics sales office.
Table 1.
Applicable products
Products
UM3387
User manual
www.st.com

Advertisement

loading
Need help?

Need help?

Do you have a question about the STM32U5 Series and is the answer not in the manual?

Questions and answers

Related Manuals for ST STM32U5 Series

Summary of Contents for ST STM32U5 Series

  • Page 1 This security guidance applies to any boards based on the devices in the table below. Table 1. Applicable products Reference Products STM32U5x STM32U585x, STM32U5Ax, STM32U5Gx, STM32U545x STM32WBA5x STM32WBA5xx UM3387 - Rev 1 - November 2024 www.st.com For further information contact your local STMicroelectronics sales office.
  • Page 2 UM3387 General information General information ® This document applies to STM32U5x and STM32WBA5x Arm -based MCUs. Note: Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere. Table 2. Specific acronyms Acronym Description Command-line interface Hide protection Hardware unique key Hardware...
  • Page 3 Reference Document title and revision [ST] Technical note STM32U5x-STM32WBA5x Product Family SESIP Security Target (TN1545), Rev 1 [RM_U5] Reference manual STM32U5 Series Arm®-based 32-bit MCUs (RM0456), Rev 5 ® Reference manual Multiprotocol wireless Bluetooth Low Energy and IEEE802.15.4, STM32WBA5xxx [RM_WBA5] ®...
  • Page 4 During the secure acceptance process, it is the responsibility of the Integrator to obtain the correct software package as described in Section 3.2.2. The Integrator accepts a microcontroller part of the STM32U5 series by reading, with STM32CubeProgrammer, the DBGMCU_IDCODE register value as defined in [RM_U5] and below. Supported part numbers are listed in...
  • Page 5 The STM32Cube firmware package includes necessary drivers, middleware, template projects, example applications, and the compiler toolchain for software development on the target STM23 microcontroller. Download and install the latest STM32CubeU5 MCU package release for the STM32U5 series of devices from: •...
  • Page 6 WRP1A_PSTRT or WRPA_PSTRT (see next). – Set BOOT_LOCK=1. • For the STM32U5 series: – Program the hidden protection area (HDP) of the platform located in the secure area: ◦ Program FLASH_SECWM1R1.SECWM1_PSTRT[6:0] = 0 (internal flash memory base address).
  • Page 7 UM3387 TOE preparative procedures A detailed programming procedure is provided in the Annex, based on the secure boot code example available in the STM32Cube firmware package defined in Section 3.2.2. Certified configuration After achieving the three secure installation steps, the platform is in its secured configuration, summarized in Figure Figure 1.
  • Page 8 Isolation lifecycle hardware operation This [ST] evaluation scope Follow the procedures described in Section 3.1: Secure acceptance to check if the TOE is acceptable for the secure configuration. The secure configuration of the TOE might be impacted when changing some parts of the TOE but also when changing some parts located outside the TOE scope.
  • Page 9 The platform is certified with the HDP securable memory enabled. The Integrator must link the immutable Root of Trust of the product firmware inside the securable memory area and configure the associated options bytes as follows: • For the STM32U5 series: – HDP1EN= 1 –...
  • Page 10 UM3387 Operational user guidance True random number generator For the device to generate random numbers as specified in NIST SP800-90B, the Integrator must use the TRNG peripheral with the configuration A. Refer to the validation conditions subsection of the RNG section in the [RM_U5] [RM_WBA5] for details.
  • Page 11 UM3387 Operational user guidance Antitamper peripheral The platform resets with internal and external tamper sources deactivated in the TAMP peripheral. To meet the platform resistance against physical attackers, the Integrator should configure the TAMP peripheral with anti‑tamper methods available in the device when using the following functions: •...
  • Page 12 STM32WBA5 series) Actions: • Set the HDP1_ACCDIS bit (for STM32U5 series) or the HDP_ACCDIS bit (for STM32WBA5 series). • Verify TOE HDP activation by reading anywhere in the TOE HDP area a 32-bit word that is programmed with a nonzero value. The returned value must be zero.
  • Page 13 UM3387 Operational user guidance JTAG/SWD debug interface The standard JTAG/SWD interface allows debugging of the TOE and the Integrator application. It is used according to [IEEE1149] and [IHI0031]. When RDP is Level 2 (certified configuration), all debug features are disabled. If the OEM2KEY is provisioned, the JTAG/SWD interface remains enabled on reset to inject the OEM2KEY as part of the regression request to RDP level 1.
  • Page 14 This section describes, as the user role of the Integrator, the security measures to be followed to fulfill the security objectives for the operational environment as described in [ST] Section 2.1. To achieve TRUSTED_INTEGRATOR and LIFECYCLE, the following measures must be taken: •...
  • Page 15 To achieve UNIQUE_ID and KEY_MANAGEMENT, the following measures must be taken: • The Integrator must protect the integrity of the Immutable Root of Trust of the nonplatform required firmware ([ST] Section 1.4.5) until it is programmed and properly protected inside the securable memory area for each device. •...
  • Page 16 The following steps describe the operation to build a secure boot example code with its demonstration application ® and its loader application based on the STM32CubeU5 MCU Package for the STM32U5 series under Windows For more details on STM32CubeIDE, refer to [UM2609].
  • Page 17 UM3387 Annex STM32WBA5 series 5.2.1 Software build The following steps describe the operation to build a secure boot example code with its demonstration application and its loader application based on the STM32CubeWBA MCU Package for the STM32WBA series under ® Windows .
  • Page 18 UM3387 Revision history Table 4. Document revision history Date Revision Changes 19-Nov-2024 Initial release. UM3387 - Rev 1 page 18/22...
  • Page 19 STM32U5 series ........
  • Page 20 UM3387 List of tables List of tables Table 1. Applicable products ..............1 Table 2.
  • Page 21 UM3387 List of figures List of figures Figure 1. TOE certified configuration ............7 Figure 2.
  • Page 22 ST’s terms and conditions of sale in place at the time of order acknowledgment. Purchasers are solely responsible for the choice, selection, and use of ST products and ST assumes no liability for application assistance or the design of purchasers’...

This manual is also suitable for:

Stm32wba5 series