Secure Manager for STM32H5

Revision as of 21:25, 31 July 2023 by Registered User (→‎Secure Manager overview)
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

1. Introduction

STM32H5 MCUs are equipped with new security features, such as product life cycle, isolation, debug authentication, secure storage and secure boot.
Solid security skills are required to individually use these features.

STMicroelectronics offers a full solution to use these security features, owned and maintained by STMicroelectronics, which are SESIP 3 and PSA certification ready.

2. Secure Manager overview

The Secure Manager is targeting a certification based on PSA level 3 and SESIP3.

The Secure Manager is an STMicroelectronics trusted execution environment security framework that is compliant with Arm® Platform Security Architecture (PSA) specifications for Cortex®-M (Armv8-M).

The Secure Manager is aiming at simplifying the security development cycle of embedded applications by providing ready to use security services developed according to best practices.

Easy to be installed into STM32 products by the customers on their production lines, the Secure Manager package offers a ready-to-use, high-performance, and certified solution to support the Secure Boot, root of trust, cryptography, internal trusted storage, initial attestation, and firmware update functions as defined by the Arm® PSA specifications.

Main features are:

  • Arm PSA standard and API compliancy
  • Arm PSA services
    • Secure Boot
    • Cryptography
    • Internal trusted storage
    • Initial attestation
    • Firmware update
  • Multiple-tenant software IP protection
    • Sandboxed secure services (PSA isolation level 3)
  • Security certified (target)
    • PSA Certified L3
    • GlobalPlatform SESIP3

3. Secure Manager package ecosystem

The Secure Manager package is delivered with an ecosystem used to handle its life cycle.

This ecosystem is composed of:

  • The Secure Manager access kit (SMAK): used to develop NS applications using Secure Manager services.
  • The secure module development kit (SMDK): used to develop secure modules and associated APIs to access these modules from NS applications.

4. To go further

For more details about Secure Manager please see Secure Manager.

For details about SMAK for STM32H5, please see SMAK for STM32H5.
For details about SMDK for STM32H5, please see SMDK for STM32H5.
For details about Secure Manager manufacturing for STM32H5, please see SFI for STM32H5.

5. Getting started with Secure Manager

Refer to these following pages for an example on getting started with Secure Manager for STM32H5 MCUs

Secure Manager STM32H5 How to Intro : Brief summary of Secure Manager mechanism to make the How to start article

How to start with Secure Manager on STM32H573 Step by step lab to practice


Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:Secure_Manager_for_STM32H5&oldid=37739"