SFI STM32H5 How to Intro

SFI Step-by-step on STM32H573_DK MB167775min

Target description

This tutorial shows how to use SFI for installing an OEM application developed with STM32TRUSTEE on STM32H573_DK MB1677.

The process goes through three 'steps' at the Original Equipment Manufacturer (OEM) and Contract Manufacturer (CM) sites.

• Development @ OEM: the application code that runs on STM32 is generated.
• Secure Room @ OEM: code prepared during the development is encrypted and packaged to be sent for manufacturing. The Secure Room is isolated, and its resources are not visible outside of it.
• Manufacturing @ CM: the encrypted code received by the OEM Secure Room is installed using SFI tools.

Prerequisites

• Knowledge of STM32CubeProgrammer
• Knowledge of JTAG

Hardware

• STM32H573_DK MB1677^[1] Discovery kit with STM32H573IIK3Q MCU

• STM32-HSM^[2] SAM for Secure Firmware Installation
• Smartcard Reader
  • Laptop Built-in
  • External

• 1 x USB cable Type-A to Micro-C

Software

• STM32CubeProgrammer^[3] Software programming tool for STM32 (v2.13 min)
  • Including STM32TrustedPackageCreator
• STM32CubeH5^[4] STM32Cube MCU Package for STM32H5 series
• X-CUBE-SEC-M-H5^[5] STM32Cube Expansion Package STM32TRUSTEE-SM for STM32H5 series

Literature

• AN4992 STM32 MCUs secure firmware install (SFI) overview
• UM2237 STM32CubeProgrammer software description
• UM2238 STM32 Trusted Package Creator tool software description
• AN5054 Secure programming using STM32CubeProgrammer
• AN2606 STM32 microcontroller system memory boot mode
• RM0481 STM32H563/H573 and STM32H562 Arm®-based 32-bit MCUs
• UM2448 STLINK-V3SET debugger/programmer for STM8 and STM32

Go step by step now How to start with SFI on STM32H5
Please follow How to start with SFI on STM32H5 to perform SFI procedure step by step.