1. What is the Secure Manager
In the world of microcontroller security necessitated by the requirements of an IoT application, the PSA (platform security architecture) defined under leadership of ARM emerged. Secure Manager is a proprietary implementation of the PSA.
PSA is associated with an security certification scheme, and it is not limited to ARM architecture, with open source implementation available. Using the open source implementation grants API compatibility with the the standard, but no security certification. Anybody can use the source code to improve security of their IoT application, but only the certification can holds a proof to the outside world that the security is implemented correctly.
There are many certified implementations, but only handful are certified to the highest mark - level 3. Level 3 PSA certification evaluates API conformance, resistance to software attacks and also complete hardware protection of the security functions. This is the Secure Manager.
Using the Secure manager the customer gets a complete level 3 solution with no extra cost or effort.
The idea is simple:
- All secure functions are provided using the PSA API and certified, offering high level of confidence.
- Application development proceeds on TZ-Closed product state.
- The application relies on the secure API for authentication, confidentiality, firmware update, secure storage etc.
- Product is then shipped in Closed state, applications are protected by the Secure Manager services.
- Regression is only possible in conditions set during the provisioning.
2. SMAK and SMDK
In it's base form, the Secure Manager Application Kit, is quite straightforward. All the security functions are under control of the Secure Manager and the user application uses the certified services of the Secure Manager to get services in cryptography, secure storage, attestation an firmware upgrade. Since the whole secure part, which is the target of PSA evaluation, is fixed, the whole solution is PSA level 3 secure, regardless of what's the non-secure code executed on top of it.
It's always better if the application takes the advantage of secure services provided by the PSA API, because otherwise the whole exercise makes little sense, but it's not mandatory to do so.
The SMDK allows the developer to add secure code to the Secure Manager package in form of Modules. The modules would have their own API and work side by side with the PSA API modules of the Secure Manager.
3. Installation
This section will walk you through provisioning with Secure Manager from product state open with clean STM32H57x (either a virgin or after full regression) and state where the Secure Manager is installed and the product is in TZ-Closed, ready for non-secure application with PSA API calls development.
There are several ways to install the Secure Manager, ranging from step-by-step meticulously following a checklist to simply executing a prepared batch. Very little is configurable in the SMAK form, only the arrangement of the non-secure application image slots.
3.1. Prerequisites
To use the Secure manager a compatible STM32 MCU is needed. At this moment only the STM32H573 line supports the Secure Manager.
On software side the STM32CubeMX toolset is needed, complete with STM32CubeProgrammer and the Trusted Package Creator. The STM32CubeMX will download the STM32H5 cube package, containing the HAL and examples.
There is not extra cost or licensing hurdle for the SMAK. To use SMDK the customer must contact ST to get qualified for signing an NDA.
3.2. SMAK Keys configuration
First step would be to transition the product state to "Provisioning" and prepare the OB and OBK contents. The Secure Manager will
3.3. DA configuration
Provisioning the Debug authentication keys and certificate is highly recommended step. Details of the process can be found (TODO)