Getting started with STM32U0 security

A practical guide to tools related to the STM32U0 security solutions. Examples are based on the boards, tools and code examples provided by ST. In the guides listed below, each step to be followed is described in detail.
It is advised to get familiar with the available tools by using these examples before making your own steps with the STM32Cube_U0.

1. Introduction

The STM32U0 small memory footprint is not suited for extensive multi-tenant secure environment with isolation. Instead, the focus is on the secure boot and simple, but hardened protection of assets. The platform security certification is ambitious for such a small product, targeting SESIP3.

2. RDP regression

Important feature of the STM32U0 is the ability to lock out regression from RDP1 to RDP0 and allow password protected regression from RDP2 to RDP1.
Further reading:

• Main RDP regression article: Using RDP regression on the STM32U0

3. Secure Boot

The secure boot example is a compact code showcasing the utilization of the boot lock feature and subsequent protections. The example is based on the STM32CubeMx.
The goal of the Secure Boot is to protect the application code and prevent execution of any other code on the device.

• The Secure Boot for STM32U0 introduction article for theoretical background.
• The Secure Boot for STM32U0 wiki how article is a step-by-step guide to practically get the example working.
  

4. OEMiRoT

The customized Immutable Root of Trust (OEMiRoT) is more complex than the secure boot, as it features a protected loader capable of securely updating the application code.
It is advised to first try the general OEMiRoT wiki article to understand the term Root of Trust.

• The OEMiRoT STM32U0 Introduction wiki article gives a short technical introduction to be read before executing the getting started.
  
• The How to start with OEMiRoT on STM32U0 wiki article is a step-by-step guide to practically get the example working.