1. SFI
1.1. Features
The secure firmware install (SFI) solution provides security when programming devices in a non-trusted facility owned by a Contract Manufacturer (CM).
SFI addresses the two main issues at a non-trusted facility:
- OEM application confidentiality against CM during STM32 programming.
- Avoid CM overproduction of OEM devices.
1.2. Principles
There are 2 steps:
- The application creation flow
- The application installation flow
The 2 next sections detail the flows.
1.2.1. The application creation flow
The OEM uses the STM32 Trusted Package Creator software to:
- create and manage his secret encryption key (the firmware key as indicated in the figure below).
- encrypt its application and Option bytes configuration with the firmware key. It is the SFI OEM application image (the Encrypted file in the figure below).
- program the firmware key within an HSM before locking it. Before that step, the firmware key cannot be read or extracted clearly from the HSM. Only STM32 can handle the firmware key from the HSM.
1.2.2. The application installation flow
CM uses the STM32CubeProgrammer (or any other SFI-recommended partner programming tools) to securely program STM32 MCUs in untrusted environments.
- STM32 securely extracts the firmware key from the HSM. HSM verifies the firmware key extraction request number.
- STM32 securely decrypts and programs the OEM application within the internal flash.
- OEM application is never disclosed outside STM32. The SFI process guarantees the OEM application confidentiality against CM.
2. SFI for STM32H5 with Secure Manager
This procedure must be followed if the OEM installs an application developed using the Secure Manager. In this case, there are several additional components to prepare, to test and to install.
Here is the list of applicable products:
Type | Products |
---|---|
Microcontroller | STM32H573xx |
The preparation and installation flow is described below: