- Last edited one month ago ago
STiRoT for STM32H5
STiRoT stands for ST Immutable (unchangeable) Root of Trust. This is a ROM code developed by STMicroelectronics that targets a SESIP Level-3-certified implementation. Because STiRoT requires hardware cryptographic features, it is only available on STM32H57x product lines.
A detailed description of STiRoT is provided in AN6007
List of applicable products:
|STM32H573ZI, STM32H573VI, STM32H573RI, STM32H573OI, STM32H573MI, STM32H573IIU, STM32H573II, STM32H573AI
1 STiRoT services
STiRoT provides two services:
- The Secure Boot (root of trust services) is an immutable code that is always executed after a system reset. First, it activates runtime protections, after which it verifies the authenticity and integrity of the application code and data before every execution.
- The Secure Firmware Update application is an immutable code that detects whether a new application code or data image is available. First, it verifies the authenticity of the code or data, after which it checks the integrity of the new image before installing it after decryption.
2 STiRoT activation
STiRoT is activated in two different use cases:
- One boot stage: STiRoT directly manages the user application, as illustrated in the schematic below.
- Two boot stages: STiRoT manages an updatable boot stage (OEMuRoT), which manages the user application, as illustrated in the schematic below. The updatable boot stage can be personalized to customer needs.
Refer to AN6007 for more details on the STiRoT activation use cases.
An example of the one-boot-stage configuration is provided in the How to start with STiRoT on STM32H573 article.
An example of the two-boot-stages configuration is provided in the How to start with STiRoT-OEMuRoT on STM32H573 article.
3 STiRoT configuration
The STiRoT configuration provides the possibility to:
- Define the user flash memory mapping: select the location and the size of each area.
- Configure the authentication and encryption keys.
- Activate the optional management of a data image.
- Allow the jump in the bootloader (external access) when no valid image is installed.
The product provisioning to activate and configure STiRoT is done following the three steps below when executing provisionning.bat:
- STiRoT configuration. At this stage, the number of managed images (firmware images only, or firmware and data images), the location of the images, and the cryptographic keys are defined.
- Image generation.
- Programming the option bytes, OBKeys, and image(s) in the device.
These three stages are illustrated in the figure below.
Refer to AN6007 for more details on the STiRoT provisioning process, including OBkey configuration files and image generation.