SFI STM32H5 How to Intro

SFI Step-by-step on STM32H573_DK MB167775min

Target description

This tutorial shows how to use SFI for installing an OEM application developed with STM32TRUSTEE on STM32H573_DK MB1677.

The process goes through three 'steps' at the Original Equipment Manufacturer (OEM) and Contract Manufacturer (CM) sites.

• Development @ OEM: the application code that runs on STM32 is generated.
• Secure Room @ OEM: code prepared during the development is encrypted and packaged to be sent for manufacturing. The Secure Room is isolated, and its resources are not visible outside of it.
• Manufacturing @ CM: the encrypted code received by the OEM Secure Room is installed using SFI tools.

Prerequisites

• Knowledge of STM32CubeProgrammer
• Knowledge of JTAG

Hardware

• STM32H573_DK MB1677^[1] Discovery kit with STM32H573IIK3Q MCU

• STM32-HSM^[2] SAM for Secure Firmware Installation
• Smartcard Reader
  • Laptop Built-in
  • External

• 1 x USB cable Type-A to Micro-C

Software

• STM32CubeProgrammer^[3] Software programming tool for STM32 (v2.13 min)
  • Including STM32TrustedPackageCreator
• STM32CubeH5^[4] STM32Cube MCU Package for STM32H5 series
• X-CUBE-SEC-M-H5^[5] STM32Cube Expansion Package STM32TRUSTEE-SM for STM32H5 series

Literature

• AN4992 STM32 MCUs secure firmware install (SFI) overview
• UM2237 STM32CubeProgrammer software description
• UM2238 STM32 Trusted Package Creator tool software description
• AN5054 Secure programming using STM32CubeProgrammer
• AN2606 STM32 microcontroller system memory boot mode
• RM0481 STM32H563/H573 and STM32H562 Arm®-based 32-bit MCUs
• UM2448 STLINK-V3SET debugger/programmer for STM8 and STM32

===> Go step by step now How to start with SFI on STM32H5