Secure Manager for STM32H5

Revision as of 16:33, 31 July 2023 by Registered User (→‎Secure Manager)
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

1. Introduction

STM32H5 MCUs are equipped with numerous, new security features, such as product life cycle, isolation, Debug authentication, Secure storage, and Secure Boot. Solid security skills are required to individually use these blocks.

STMicroelectronics offers a full solution, owned and maintained by STMicroelectronics, which is SESIP 3 and PSA certified.

PSA certification is the highest level of security certification for general purpose MCUs.


2. Secure Manager

The Secure Manager is a software component encrypted, signed and delivered by STMicroelectronics aiming at simplifying the security development cycle of embedded applications. Secure Manager provides ready to use security services developed according to best practices.

The Secure Manager is targeting a certification based on PSA level 3 and SESIP3.

Easy to be installed into STM32 products by the customers on their production lines, the Secure Manager package offers a ready-to-use, high-performance, and certified solution to support the Secure Boot, root of trust, cryptography, internal trusted storage, initial attestation, and firmware update functions as defined by the Arm® PSA specifications.

Main features are:

  • Arm PSA standard and API compliancy
  • Arm PSA services
    • Secure Boot
    • Cryptography
    • Internal trusted storage
    • Initial attestation
    • Firmware Update
  • Multiple-tenant software IP protection
    • Sandboxed secure services (PSA isolation level 3)
  • Security certified (target)
    • PSA Certified L3
    • GlobalPlatform SESIP3

For more details about Secure Manager please see Secure Manager wiki article.

3. To go further

For details on SMAK, please see SMAK for STM32H5.
For details on SMDK, please see SMDK for STM32H5.
For details on Secure Manager manufacturing, please see SFI for STM32H5.

4. Links

For further details on the Secure Manager, refer to the following articles:

Secure Manager  : Theorical article about Secure Manager and description of the Secure Manager package ecosystem.

SMAK for H5 : Secure Manager Access Kit (SMAK) provides the environment to develop NS applications that use the Secure Manager services.

Secure Manager STM32H5 How to Intro : Brief summary of Secure Manager mechanism to make the How to start article

How to start with Secure Manager on STM32H573 Step by step lab to practice


Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:Secure_Manager_for_STM32H5&oldid=37712"