STiRoT STM32H7S How to Intro

Revision as of 13:16, 23 February 2024 by Registered User
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

STiRoT stands for ST immutable (unchangeable) Root Of Trust. The STiRoT is embedded in all STM32H7S devices.

1. Introduction

The purpose of this article is to provide the necessary background to understand and execute the related How to start with STiRoT on STM32H7S wiki article. This article describes STiRoT process steps developed in STM32CubeH7RS firmware provided by ST.


For more information about STiRoT please refer to STiRoT for STM32H7S

2. STiRoT services

The two STiRoT services that are provided are used in the How to start with STiRoT on STM32H7S.

1) The Secure Boot (Root of Trust services):
It is an immutable code that runs after every system reset. It activates STM32 runtime protections and verifies the authenticity and integrity of the application code before every execution.
  • Integrity: to ensure that no corrupted or maliciously modified firmware is about to run.
  • Authenticity: to verify that firmware comes from a trusted and known source to prevent unauthorized entities from installing and executing code.
2) The Secure Firmware Update:
It is an immutable code that detects if a new firmware image is available, checks its authenticity and verifies the integrity of the code before installing it after decryption.

3. STiRoT use cases and processes



STiRoT can be used in two configurations :

  • One boot stage : STiRoT directly manages the user application installation and execution.



‏‏‎‎‎puce1.png In CLOSED or LOCKED state the RSS jumps into STiRoT if the option byte IROT_SELECT is properly set.
‏‏‎‎puce2.png STiRoT requests the iLoader to load the new User Application image into internal RAM memory.
puce3.png The iLoader copies the new image from the download slot located in external flash memory to the internal RAM memory then generates a reset.
puce4.png After the reset STiRoT decrypts the new User Application image then controls its integrity and its authenticity. If successful, STiRoT request the iLoader to save the new User Application image to external flash memory.
puce5.png The iLoader copies the new image from internal RAM to the installation slot in external flash memory and then generates a reset. When copying, the user application code image is re-encrypted by MCE IP. The encryption key has been configured and locked in MCE by STiRoT.
Security STiRoT OneBootStage STM32H7S Download.png



Once the User Application has been installed STiRoT will manage its execution :

‏‏‎‎‎puce1.png In CLOSED or LOCKED state the RSS jumps into STiRoT if the option byte IROT_SELECT is properly set.
‏‏‎‎‎puce2.png STiRoT requests the iLoader to load the User Application image into internal RAM memory.
‏‏‎‎‎puce3.png The iLoader copies the image from the installation slot in external flash memory to the internal RAM memory then generates a reset. The image is automatically decrypted by MCE using the AES key configured and locked inside MCE by the STiRoT.
‏‏‎‎‎puce4.png After the reset STiRoT controls the integrity and authenticity of the image. If successful, STiRoT jumps into the User Application code.
Security STiRoT OneBootStage STM32H7S Execution.png



  • Two boot stages: STiRoT manages an updatable boot stage (OEMuRoT) which manages the user application. The updatable boot stage can be customized to fit the customer needs.



‏‏‎‎‎puce1.png In CLOSED or LOCKED state the RSS jumps into STiRoT if the option byte IROT_SELECT is properly set.
‏‏‎‎‎puce2.png After executing the secure firmware update process, STiRoT requests the iLoader to load the OEMuROT image into internal RAM.
‏‏‎‎‎puce3.png he iLoader copies the image from the installation slot to the internal RAM.
‏‏‎‎‎puce4.png STiRoT controls the integrity and authenticity of the image. If successful, STIRoT executes OEMuROT in internal RAM.
‏‏‎‎‎puce5.png OEMuROT checks if a new user application is stored in the download slot. If any, OEMuROT decrypts it and controls its integrity and its authenticity. If successful, the image is copied in the user application installation slot. The image is re-encrypted by the MCE with OEMuROT encryption keys.
‏‏‎‎‎puce6.png OEMuROT controls the integrity and the authenticity of the user application from the installation slot. If successful, OEMuROT executes it from external flash memory. The user application can also be executed from external RAM memory.
Security STiRoT TwoBootStages STM32H7S.png


4. STiRoT configuration preliminary stage

4.1. Product state definition

The product states define the security level of the product. Four levels are available :

  • Open:
  • Debug entirely open.
  • Bootloader available.
  • State mainly used during development.
  • Provisioning:
  • Debug access only available if DA-Config is previously provisioned. Full-Regression and Intrusive Debug are the only allowed regressions.
  • Bootloader available.
  • Secure Firmware Install (SFI) can be initiated. It is not possible in Closed and Locked states.
  • State defined during the product provisioning and is therefore not a selectable state.
  • Closed:
  • Debug closed but can be still opened through Debug Authentication.
  • State defined when the product is entirely provisioned.
  • Locked:
  • Final and immutable product state.
  • Debug definitively closed even through Debug Authentication.
  • Regression is not possible anymore.
  • State used for the fully provisioned product.



The product state must be chosen depending on the user application development phase and the security level needed.
In the STM32CubeH7RS firmware the script provisioning.bat allows the user to select a product state and sets it by modifying the right option bytes.

4.2. Debug Authentication configuration

The Debug Authentication allows the user to securely re-open the debug access or perform regressions.


Two methods are available to use the Debug Authentication :

  • Password authentication allows only full regression to OPEN state.
  • Certificate authentication allows regression and debug opening.

For more details about debug authentication mechanism please refer to Debug Authentication for STM32H7RS.

4.3. iLoader compilation

The STiRoT never accesses the external flash memory and relies on an immutable loader installed in the user flash to handle the transfers between internal RAM and the external flash memory.

The iLoader is an example of an immutable loader application provided in the STM32Cube_FW_H7RS including functions to manage the iLoader features.


5. Configuration management

5.1. STiRoT configuration

STM32TrustedPackageCreator tool is used to generate the STiRoT configuration file (.obk) based on the template STiROT_Config.xml provided in STM32CubeH7RS software package.
Multiple parameters can be set by the user :

  • The start address of the firmware area (internal RAM).
  • The size of the firmware area.
  • The start address of the firmware installation area (external flash).
  • The start address of the firmware download area (external flash).
  • The minimal product state allowed for the firmware execution.

Two keys are configurable :

  • The encryption key allows to encrypt the firmware image.
  • The authentication key allows to authenticate the firmware image.

For STiRoT use case STiRoT configuration file.obk is encrypted and saved in HDPL1 OBkeys.

For the two boot stage use case, other parameters can be updated in the OEMuRoT boot firmware (in this use case the OEMiRoT boot application will act as the OEMuRoT). This firmware must be able to perform the authenticity and integrity checks of the user application and data images. It also configures the number of user applications and images.

5.2. Debug Authentication configuration

STM32TrustedPackageCreator also generates the Debug Authentication configuration file (.obk) based on template provided in STM32CubeH7RS software package. This file configures the conditions to reopen a protected device and the debugger.


For more details about debug authentication mechanisms, please refer to Debug authentication for STM32H7RS MCUs.

6. Images generation

STM32CubeH7RS FW package delivers Boot firmware and User firmware projects for OEMiRoT use case in Applications\ROT folder.

During this step the firmware STiRoT_Appli is compiled and image generation of the user application is automatically done (STM32TrustedPackageCreator is called in a postbuild script). For the two boot stage use case, the OEMiRoT firmware (used as the OEMuRoT firmware) will also be compiled and image generation of the user application is automatically done.

7. Provisioning

During this step the script will automatically provision the option bytes and flash the images generated in the previous step. The product state is then set to the selected one.

8. Regression

A regression can be performed through the graphic interface of the STM32CubeProgrammer or through the regression script provided in the STM32CubeH7RS software package.

9. How to start with STM32H7S and STiRoT

For getting started examples of STiRoT you can refer to the following pages :

Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:STiRoT_STM32H7S_How_to_Intro&oldid=50317"