Introduction to STM32H5 security

Revision as of 17:00, 20 February 2023 by Registered User (Article introducing new security features of the STM32H5 series, especially the STM32H5 and changes compared to older STM32 also based on the Cortex-M33.)
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

STM32H5 was designed to radically improve STM32 security, taking into account experience with previous Cortex-M33 microcontrollers, customer feedback and requirements to achieve highest PSA certification levels. This article is intended for readers who already know previous STM32 MCU's and their security features and want to focus on the specific updates and changes introduced to STM32H5.
For general STM32 security see or AN5156.

There are 3 distinct STM32H5 lines:

STM32H5 MCU line Security features
STM32H503 Product state management with provisioning, temporal isolation, boot lock, write protection
STM32H563 STM32H503 + TrustZone
STM32H573 STM32H563 + Cryptography, SAES and secure (key) storage

This article focuses on the most featured sales type, but important differences in the former two will be highlighted.

1. Secure hardware architecture

In contrast to STM32L5 and STM32U5 the security configuration is now concentrated around protected registers in the SBS (system configuration, boot and security) block. Concentrating the security related configuration to a single place reduces the attack surface and makes the protection more efficient.
This block takes care of:

  1. system configuration - including register access control
  2. boot control - interpreting settings from option bytes an managing the temporal isolation
  3. debug control - making sure only legitimate debug access is allowed
  4. hardware storage control - managing the secure storage components (EPOCH, SAES, OBK, HUK)

2. Product state

Product state is a system that replaces the old RDP (read protection) mechanism of life cycle management. The STM32L5 introduced the RDP0.5 and the STM32U5 also the much needed rollback mechanism for debug authentication, but more radical change was necessary.
The new basic progression now looks like this:

Product state Description Transitions possible
Open State intended for unrestricted development. HUK is hidden, user is free to experiment Provisioning, Provisioned
Provisioning (and Provisioned) States in which no development is possible, used just to establish security Closed, Locked, TZ-Closed, Regression
TZ-Closed State in which secure environment is fixed in place and developers work only with the non-secure domain Regression, Closed, Locked
Example Example Example
Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:Introduction_to_STM32H5_security&oldid=28577"