STiRoT for STM32H7S

This message will disappear after all relevant tasks have been resolved.

Semantic MediaWiki

There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

STiRoT Overview

STiRoT stands for ST Immutable (unchangeable) Root of Trust. This is a ROM code developed by STMicroelectronics, which targets a SESIP level 3 certified implementation. Since the STiRoT requires hardware cryptographic features, it is only available on STM32H7Sxx product lines.

A detailed description of STiRoT is provided in ANXXXX.

1. STiRoT services

The STiRoT^[1] provides two services.

The Secure Boot (root of trust services) is an immutable code, which is always executed after a system reset. It activates runtime protections and then, it verifies the authenticity and integrity of the application code before every execution.

The Secure Firmware Update application is an immutable code that detects that a new firmware image is available. It checks its authenticity, then checks the integrity of the code before installing it after decryption.

2. STiROT activation

STiROT is activated in two different use cases:

One boot stage: The STiROT integrated inside the STM32H7Sxx directly manages the user application.

Two boot stages: The STiROT integrated inside the STM32H7Sxx manages an updatable boot stage (uROT) located in the external flash memory which manages the user application. The updatable boot stage can be customized to fit customer needs.

Please refer to ANXXXX to get all the details on on the STiROT provisioning process including the STiRoT configuration and the user application image generation. An example of one boot stage configuration is provided through How_to_start_with_STiRoT_on_STM32H7S article.

3. References

↑ STiROT

[1] STiROT

[1]