STiRoT for STM32H5

Revision as of 10:59, 24 October 2023 by Registered User
This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

STiRoT stands for ST Immutable (unchangeable) Root of Trust. This is a ROM code developed by STMicroelectronics, which targets a SESIP level 3 certified implementation. Since STiRoT requires hardware cryptographic features, it is only available on STM32H57x product lines.

A detailed description of STiRoT is provided in AN6007

1. STiRoT services

STiRoT provides two services:

  • The Secure Boot (root of trust services) is an immutable code, which is always executed after a system reset. It activates runtime protections and then, it verifies the authenticity and integrity of the application code before every execution.
  • The Secure Firmware Update application is an immutable code that detects that a new firmware image is available. It checks its authenticity, then checks the integrity of the code before installing it after decryption.

2. STiRoT activation

STiRoT is activated in two different use cases:

  • One boot stage: STiRoT directly manages the user application.

Security H5 STiRoT 1bootstage.png


  • Two boot stages: STiRoT manages an updatable boot stage (OEMuRoT) which manages the user application. The updatable boot stage can be customized to fit customer needs.

Security H5 STiRoT 2bootstages.png

In both cases, STiRoT never access the external flash memory. The control of the authenticity and the integrity as well as the execution of the user application or the OEMuRoT is always done in internal RAM memory. To do this, STiRoT relies on iLoader application to copy the user application or the OEMuRoT from external flash memory to internal RAM memory.

Please refer to AN6007 to get all the details on on the STiRoT activation use cases.
An example of one boot stage configuration is provided through How_to_start_with_STiRoT_on_STM32H573 article.
An example of two boot stages configuration is provided through How_to_start_with_STiRoT_OEMuRoT_on_STM32H573 article.

3. STiRoT configuration

STiRoT configuration provides the possibility to:

  • Define the user flash memory mapping: select the location and the size of each area.
  • Configure the authentication and encryption keys.
  • Activate the optional management of a data image.
  • Allow the jump in the bootloader (external access) when no valid image is installed.

The product provisioning to activate and configure STiRoT is done following the three steps below when executing provisionning.bat:

1- Configuration of STiRoT. At this stage, the number of images managed (firmware image only, or firmware and data images), the location of the images, and the cryptographic keys are defined.
2- Generation of the image(s).
3- Programming of the option bytes, OBKeys, and image(s) in the device.

Note: A set of scripts is provided in the STM32CubeH5 FW package (Firmware/Projects/Board/ROT_Provisioning/STiROT folder). It guides the user all along the provisioning process.

Security H5 STiRoT provisioning.png

Please refer to AN6007 to get all the details on the STiRoT provisioning process including OBkeys configuration files and image(s) generation.


Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:STiRoT_for_STM32H5&oldid=43095"