A set of practical trainings is proposed to get an overview and to understand the STM32H5 security solutions.
These trainings are based on the boards, tools and code examples provided by ST.
This article gives an overview of these proposed trainings.
For the examples listed below, each step to be done is described in detail.
It is advised to start with these examples before making your own trials or using other security related examples available in the STM32Cube_FW_H5.
In this article you will access the following security features of the STM32H5
Security functions embedded on: | ![]() |
![]() |
![]() |
---|---|---|---|
Secure boot and firmware update | YES | YES | YES |
SBSFU legacy | YES | NO | NO |
SBSFU by mcuboot | NO | YES | YES |
STiROT | NO | YES | YES |
Isolation | YES | YES | YES |
HDP | YES | YES | YES |
TF-M | NO | YES | YES |
Secure manager | NO | NO | YES |
IP protection | YES | YES | YES |
Secure provisioning | YES | YES | YES |
Initial attesation | YES | YES | YES |
SMAK | NO | NO | YES |
SMDK | NO | NO | YES |
Cryptography | YES | YES | YES |
ST crypto lib | YES | YES | YES |
Crypto libraries | YES | YES | YES |
Crypto lib usage | YES | YES | YES |
Silicon device life cycle | YES | YES | YES |
Legacy RDP | NO | NO | NO |
Secure manufacturing | YES | YES | YES |
SFI | YES | YES | YES |
SFIx | YES | YES | YES |
Provisioning | YES | YES | YES |
Secure storage | NO | YES | YES |
Attestation | YES | YES | YES |
1. Secure Boot
The Secure_Boot_for_STM32H5 wiki article explains the possible bootpaths for the different STM32H5 series. The STM32CubeMX can be used to set the wanted bootpath and to generate the related firmware frame. A
The STM32CubeMX
1.1. Debug Authentication
pppppppp
1.2. OEMiROT
1.3. STiROT
2. Secure Manager
rrrr