1. Introduction
On the STM32H5 MCUs lots of new security features are provided : Product lifecycle, isolation, Debug Authentication, secure storage and secure boot.
You can use all these blocks by yourself if you have good security skills but you can also use a full solution owned and maintained by STMicroelectronics. This solution is certified SESIP 3 and also PSA certified which is the highest level of security certification that you can achieve with the general purpose MCUs.
2. Secure Manager global presentation
Secure Manager is a Trusted Execution Environment(TEE) integrating core security services.
Secure Manager is all what you see in blue. Secure Manager is composed of one software brick which is a binary encrypted and signed by STM. It is delivered by STM and user doesn't have access to this code. Secure Manager ans ST iROT is only available on STM32H573 devices.
In blue and green correspond to all what is delivered by STM. In yellow it is the user application. User can call some security services which are standards defined by the PSA ARM.
- ST iROT is the fisrt stage bootloader. It is installed inside your device when you buy it.
- ST uROT is the second stage bootloader. It is possible to update this second stage bootloader.
- Secure Manager Core is a secure OS which handle the security services that you have in your platform.
- The services accessible by the PSA API are
- Firmware update : The capability
The purpose of the How to start with Secure Manager on H573 article is to experiment, to install and to try to use Secure Manager.