Secure Boot for STM32H5
Target description
1. Intro
The secure boot ensures that applications are executed only after authentication and integrity verifications.
2. The different possible bootpaths for STM32H5
The possible bootpaths are depending on the chosen device, if it supports the embedded hardware cryptography and if Trust Zone is activated or not.
- The STM32H57 is supporting TrustZone and hardware cryptography, so all bootpathes are possible with this device
- The STM32H56 is supporting TrustZone but not the hardware cryptography (without export control constraints), so the STiROT (ST immutable Root of Trust) and the secure manager are not supported.
- The STM32H503 is not supporting TrustZone and not supporting the hardware cryptography (without export control constraints), limiting the possible use cases as explained in next sections.
The bootpath is selected through option bytes programming, as explained in next sections.
2.1. STM32H57 Bootpaths
The STM32H57x devices support services available in the embedded system flash and services that can be installed. (add link to secure manager intro)
The figure below shows the possible bootpaths selected through the related user option bytes.
2.2. STM32H56 Bootpaths
The STM32H6x is not supporting the STiROT and STuROT because the cryptographic hardware accelerator is not supported.
The figure below shows the remaining possible bootpaths.
2.3. STM32H50x Bootpaths
The STM32H50x is not supporting the STiROT and STuROT because the cryptographic hardware accelerator is not supported.
The activation of TrustZone is not supported with consequence that a secure user application is not possible.