Getting started with STM32U3 security

This message will disappear after all relevant tasks have been resolved.

Semantic MediaWiki

There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

Practical examples are proposed to provide an overview and to help to understand the STM32U3 security solution.
These examples are based on the board, tools, and codes provided by ST.
In the guides listed below, each step to follow is described in detail.
It is advised to get familiar with the available tools by using these examples before making your own developments.

Product Series	STM32U3x
Board	NUCLEO-U385RG-Q
OEMiRoT how to	Link to article
CCB KW ECDSA Signature introduction article	Link to article
CCB KW ECDSA Signature how to	Link to article

The focus for the security of this product is on the secure boot and simple, but hardened protection of assets.
The platform security certifications are targeting SESIP3, which is a stand-out feature for such a small product.
Password protected regression is another differentiating feature of the STM32U3 series.

1. RDP regression↑

The important feature of the STM32U3 is the ability to lock regression from RDP1 to RDP0 using password and allow password-protected regression from RDP2 to RDP1.
Further reading:

Main RDP regression article: Using RDP regression on the STM32U3

2. OEMiRoT - Root of Trust↑

An OEM can develop its own customized Immutable Root of Trust (OEMiRoT).
The STM32CubeU3 provides examples configuration files, codes, data files and scripts.

The OEMiRoT for STM32U3 wiki article gives an overview to be read before executing the getting started.
The How to start with OEMiRoT on STM32U3 wiki article is a step-by-step guide for the STM32Cube OEMiRoT example.

3. CCB (Coupling and Chaining Bridge)↑

The Coupling and Chaining Bridge is a new feature introduced for this product.
It allows to avoid the access from the CPU to the private keys and some critical security operations done by hardware.

A tutorial is proposed showing how the private key wrapping is done, how the wrapped key is used and also how the public key is generated from this wrapped private key.

The Introduction for How to start with CCB on STM32U3 wiki article must be read before starting the step by step.
The How to start with CCB on STM32U3 wiki article is a step-by-step guide using the Elliptic Curve Digital Signature and signature verification (ECDSA) example proposed in the STM32CubeFW.

Pages in category "Getting started with STM32U3 security"↑

The following 4 pages are in this category, out of 4 total.

0↑

1↑

Security:CCB KW ECDSA Signature STM32U3 How to Introduction

H↑

Security:How to start with CCB KW ECDSA Signature on STM32U3