Secure Manager for STM32H5

Revision as of 16:59, 18 August 2023 by Registered User (→‎Getting started with Secure Manager)
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

1. Introduction

On top of Secure Manager, STM32H5 MCUs are equipped with new security features, such as Product life cycle, Isolation, Debug Authentication, Secure Storage and Secure Boot.

To use these features on a stand-alone basis, solid security skills are required. However, STMicroelectronics offers a full solution owned and maintained by STMicroelectronics, the Secure Manager, who offer a full set of security features targeting SESIP and PSA Level 3 certification.

2. Secure Manager overview

The Secure Manager is a STMicroelectronics trusted execution environment security framework that is compliant with Arm® Platform Security Architecture (PSA) specifications for Cortex®-M (Armv8-M).

The Secure Manager is aiming at simplifying the security development cycle of embedded applications, by providing ready to use security services developed according to best practices.

Easy to install on STM32 products, the Secure Manager offers a ready-to-use, high-performance and certified solution, supporting Secure Boot, root of trust, cryptography, internal trusted storage, initial attestation, as well as firmware update functions defined by the Arm® PSA specifications.

The Secure Manager main features are the following:

  • Arm PSA standard and API compliancy
  • Arm PSA services
    • Secure Boot
    • Cryptography
    • Internal trusted storage
    • Initial attestation
    • Firmware update
  • Multiple-tenant software IP protection
    • Sandboxed secure services (PSA isolation level 3)
  • Security certified (target)
    • PSA Certified L3
    • GlobalPlatform SESIP3

3. Secure Manager ecosystem

In order to manage the Product life cycle, a complete ecosystem is delivered with the Secure Manager. Such ecosystem is composed of the following:

  • Secure Manager access kit (SMAK): The SMAK is used to develop non-secure applications using the Secure Manager services
  • Secure Module development kit (SMDK): The SMDK is used to develop secure modules and associated APIs to access these modules from NS applications

4. To go further

For more details to develop nonsecure applications using the Secure Manager services, refer to SMAK for STM32H5.
For more details about Secure Manager manufacturing, refer to SMAK for STM32H5.
For more details to develop Secure Modules, refer to SMDK for STM32H5.

For more information about the generic Secure Manager solution, refer to Secure Manager.

5. References

  • RM0481 STM32H5x3/562 reference manual
  • UM2237 STM32CubeProgrammer software description
  • UM2238 STM32TrustedPackageCreator tool software description
  • AN5054 Secure programming using STM32CubeProgrammer
  • AN2606 STM32 microcontroller system memory boot mode
  • AN4992 STM32 MCUs secure firmware install (SFI) overview


Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:Secure_Manager_for_STM32H5&oldid=38973"