A set of practical examples is proposed to get an overview and to understand the STM32H7RS security solutions.
These practical examples are based on the boards, tools and code examples provided by ST.
For the examples listed below, each step to be followed is described in detail.
It is advised to start with these examples before making your own trials or using other security related examples available in the STM32CubeH7RS
Product Series | STM32H7Sx | STM32H7Sx | Prerequisite | Introduction article | ||
---|---|---|---|---|---|---|
Development Boards | NUCLEO H7S3L8 (MB1737) | DISCOVERY H7S78 (MB1167 | - | - | ||
Embedded flash size | 64k | 64k | - | - | ||
On board external flash size | NA | 1-Gbit | - | - | ||
Debug Authentication | ||||||
Debug Authentication and Firmware update example | - | Link to How To | STM32CubeH7RS | Link | ||
Immutable Root of Trust (iRoT) | ||||||
STiRoT example | NA | Link to How To | STM32CubeH7RS | Link | ||
STiRoT-OEMuRoT example | NA | Link to How To | STM32CubeH7RS | Link | ||
OEMiRoT example | NA | Link to How To | STM32CubeH7RS | Link | ||
STM32CubeMX STiRoT example | NA | tbd | STM32CubeMx_Vx.x.x or later | tbd | ||
STM32CubeMX OEMiRoT example | NA | tbd | STM32CubeMx_Vx.x.x or later | tbd |
- Note:
- TZ: Trust Zone
- NA: Not Applicable
- - : supported but no dedicated wiki article example available
1. Secure Boot
The secure boot and related root of trust is implicitly used in all the proposed " How to start" step by step examples.
A bootpath can be defined from scratch and a related firmware frame is generated using the STM32CubeMx.
The example on this topic is based on the STM32CubeMx.
- The Secure Boot for STM32H7RS wiki article explains the possible bootpaths.
- To be defined if an example of secure boot setting using CubeMx is needed
2. Debug Authentication
It is key to well understand how to set the Debug Authentication (DA) in order to define the appropriate rights to reopen the debugger once closed.
- It is strongly advised to read the Debug Authentication for STM32H7RS wiki article.
- The Debug Authentication and Firmware update on H7S how to Introduction wiki article summarizes all the technical know-how to be read before executing the getting started.
- The How to start with Debug Authentication and Firmware Update on STM32H7S wiki article explains step by step how to perform a Debug opening and Firmware Update.
- Two examples are described in this article
- The first example, starting with a device provisioned using the STiRoT example provided in the STM32CubeFW.
- The second example, starting with a device provisioned using the OEMiRoT example provided in the STM32CubeFW.
- Two examples are described in this article
3. OEMiRoT
An OEM can develop its own customized Immutable Root Of Trust (OEMiRoT).
It is advised to read the Secure Boot for STM32H7RS wiki article to understand the different possible Root of Trust.
- The OEMiRoT STM32H7S How to Introduction wiki article gives a short technical introduction to be read before executing the getting started.
- The How to start with OEMiRoT on STM32H7S article provides a step by step example based on the STM32CubeH7RS
4. STiRoT
An immutable root of trust defined by ST is included natively for the STM32H57x series.
It is an embedded firmware stored in the system flash and that cannot be modified.
It is advised to read the Secure Boot for STM32H7RS wiki article to understand the different possible Root of Trust.
- The STiRoT STM32H5 How to intro wiki article gives a short technical introduction to be read before executing the getting started.
- The How to start with STiRoT on STM32H573 article provides an example based on the STM32CubeH5.
- Two getting started dedicated to the OEMiRoT based on the STM32CubeH5 are proposed: