Getting started with STM32WBA security

This message will disappear after all relevant tasks have been resolved.

Semantic MediaWiki

There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.

Practical examples provide an overview and help users understand the STM32WBA security solutions.
These examples use the boards, tools, and codes provided by ST.
The guides listed below describe each step to follow in detail.
It is recommended to become familiar with the available tools by using these examples before starting your own developments.

Product Series	STM32WBAx
Development Boards	NUCLEO-WBA55CG	NUCLEO-WBA65RI	STM32WBA55G-DK1	STM32WBA65I-DK1
TrustZone® how to	Link to article
OEMiRoT and Secure FOTA how to				Link to article

The device is designed with a comprehensive set of security features, some of which are based on the standard Arm® TrustZone® technology.

These features simplify the process of evaluating IoT devices against security standards. They also significantly reduce the cost and complexity of software development for OEMs and third-party developers, by facilitating reuse, improving interoperability, and minimizing API fragmentation.

The Security with STM32WBA wiki page explains the different security features available on the device, such as Trusted firmware-M, OEMiROT, and OEMuROT.

1. RDP regression

The key feature of the STM32WBA is the ability to lock regression from RDP1 to RDP0 using a password and to allow password-protected regression from RDP2 to RDP1.
Further reading:

Main RDP regression article: Using RDP regression on the STM32WBA

2. TrustZone - Resource isolation

TrustZone introduces hardware isolation, allowing developers to split their applications into Secure and NonSecure parts.

The core of TrustZone's isolation is identifying critical code and data (such as keys, private user data) and isolating them from the rest of the application, which does not contain valuable assets.

The How to start with TrustZone on STM32WBA wiki article provides a step-by-step guide to incorporating TrustZone's resource isolation into your project.

3. OEMiRoT and OEMuRoT - Root of Trust

An OEM can develop a customized immutable root of trust (OEMiRoT) or updatable root of trust (OEMuRoT).
STM32CubeWBA provides example configuration files, codes, data files and scripts.

The OEMiRoT & OEMuRoT for STM32WBA wiki article offers an overview to be read before getting started.
The How to start with OEMiRoT on STM32WBA wiki article is a step-by-step guide for the STM32Cube OEMiRoT example.