1. What is the Secure Manager
In the world of microcontroller security necessitated by the requirements of an IoT application, the PSA (platform security architecture) defined under leadership of ARM emerged. Secure Manager is a proprietary implementation of the PSA. PSA is an security certification scheme, not limited to ARM architecture, with open source implementation available. Using the open source implementation grants API compatibility with the the standard, but no security certification. Anybody can use the source code to improve security of their IoT application, but only the certification can holds a proof to the outside world that the security is implemented correctly. There are many certified implementations, but only handful are certified to the highest mark - level 3. Level 3 PSA certification evaluates API conformance, resistance to software attacks and also complete hardware protection of the security functions. This is the Secure Manager. Using the Secure manager the customer gets a complete level 3 solution with no extra cost or effort.
2. SMAK and SMDK
In it's base form, the Secure Manager Application Kit, is quite straightforward. All the security functions are under control of the Secure Manager and the user application uses the certified services of the Secure Manager to get services in cryptography, secure storage, attestation an firmware upgrade. Since the whole secure part, which is the target of PSA evaluation, is fixed, the whole solution is PSA level 3 secure, regardless of what's the non-secure code executed on top of it.
It's always better if the application takes the advantage of secure services provided by the PSA API, because otherwise the whole exercise makes little sense, but it's not mandatory to do so.
3. Installation
This section will walk you through provisioning with Secure Manager from product state open with clean STM32H57x (either a virgin or after full regression) and state where the Secure Manager is installed and the product is in TZ-Closed, ready for non-secure application with PSA API calls development.