Secure Manager for STM32H5

Revision as of 18:33, 3 August 2023 by Registered User
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

1. Introduction

STM32H5 MCUs are equipped with new security features, such as Product life cycle, Isolation, Debug Authentication, Secure Storage and Secure Boot.

To use these features on a stand-alone basis, solid security skills are required. However, STMicroelectronics offers a full solution, owned and maintained by STMicroelectronics, to use these security features, which are targeting SESIP and PSA Level 3 certification.

2. Secure Manager overview

The Secure Manager is an STMicroelectronics trusted execution environment security framework that is compliant with Arm® Platform Security Architecture (PSA) specifications for Cortex®-M (Armv8-M).

The Secure Manager is aiming at simplifying the security development cycle of embedded applications, by providing ready to use security services developed according to best practices.

Easy to install on STM32 products, the Secure Manager package offers a ready-to-use, high-performance and certified solution, supporting Secure Boot, root of trust, cryptography, internal trusted storage, initial attestation, as well as firmware update functions defined by the Arm® PSA specifications.

The Secure Manager main features are the following:

  • Arm PSA standard and API compliancy
  • Arm PSA services
    • Secure Boot
    • Cryptography
    • Internal trusted storage
    • Initial attestation
    • Firmware update
  • Multiple-tenant software IP protection
    • Sandboxed secure services (PSA isolation level 3)
  • Security certified (target)
    • PSA Certified L3
    • GlobalPlatform SESIP3

3. Secure Manager package ecosystem

In order to manage the Secure Manager lifecycle, a complete ecosystem is delivered with the Secure Manager package. Such ecosystem is composed of the following:

  • Secure Manager access kit (SMAK): The SMAK is used to develop NS applications using the Secure Manager services.
  • Secure Module development kit (SMDK): The SMDK is used to develop secure modules and associated APIs to access these modules from NS applications.

4. To go further


For details about the Secure Manager generic solution, refer to Secure Manager. For details about tSMAK for STM32H5, refer to SMAK for STM32H5.
For details about SMDK for STM32H5, refer to SMDK for STM32H5.
For details about Secure Manager manufacturing for STM32H5, refer to SFI for STM32H5.

5. Getting started with Secure Manager

For an example on getting started with Secure Manager for STM32H5 MCUs, refer to the following pages:

Secure Manager STM32H5 How to Intro : Brief summary of the Secure Manager mechanism.

How to start with Secure Manager on STM32H573 Step by step guidance on your first steps with the Secure Manager package.

6. References

  • RM0481 STM32H5x3/562 reference manual
  • UM2237 STM32CubeProgrammer software description
  • UM2238 STM32TrustedPackageCreator tool software description
  • AN5054 Secure programming using STM32CubeProgrammer
  • AN2606 STM32 microcontroller system memory boot mode
  • AN4992 STM32 MCUs secure firmware install (SFI) overview



Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:Secure_Manager_for_STM32H5&oldid=38057"