Getting started with STM32WBA security

Practical examples provide an overview and help users understand the STM32WBA security solutions.
These examples use the boards, tools, and codes provided by ST.
The guides listed below describe each step to follow in detail.
It is recommended to become familiar with the available tools by using these examples before starting your own developments.

Product Series STM32WBAx
Development Boards NUCLEO-WBA55CG NUCLEO-WBA65RI STM32WBA55G-DK1 STM32WBA65I-DK1
TrustZone® how to Link to article
OEMiRoT and Secure FOTA how to Link to article


The device is designed with a comprehensive set of security features, some of which are based on the standard Arm® TrustZone® technology.

These features simplify the process of evaluating IoT devices against security standards. They also significantly reduce the cost and complexity of software development for OEMs and third-party developers, by facilitating reuse, improving interoperability, and minimizing API fragmentation.

The Security with STM32WBA wiki page explains the different security features available on the device, such as Trusted firmware-M, OEMiROT, and OEMuROT.

1. RDP regression

The key feature of the STM32WBA is the ability to lock regression from RDP1 to RDP0 using a password and to allow password-protected regression from RDP2 to RDP1.
Further reading:

2. TrustZone - Resource isolation

TrustZone introduces hardware isolation, allowing developers to split their applications into Secure and NonSecure parts.

The core of TrustZone's isolation is identifying critical code and data (such as keys, private user data) and isolating them from the rest of the application, which does not contain valuable assets.

3. OEMiRoT and OEMuRoT - Root of Trust

An OEM can develop a customized immutable root of trust (OEMiRoT) or updatable root of trust (OEMuRoT).
STM32CubeWBA provides example configuration files, codes, data files and scripts.