Practical examples provide an overview and help users understand the STM32WBA security solutions.
These examples use the boards, tools, and codes provided by ST.
The guides listed below describe each step to follow in detail.
It is recommended to become familiar with the available tools by using these examples before starting your own developments.
Product Series | STM32WBAx | |||
---|---|---|---|---|
Development Boards | NUCLEO-WBA55CG | NUCLEO-WBA65RI | STM32WBA55G-DK1 | STM32WBA65I-DK1 |
TrustZone® how to | Link to article | |||
OEMiRoT and Secure FOTA how to | Link to article |
The device is designed with a comprehensive set of security features, some of which are based on the standard Arm® TrustZone® technology.
These features simplify the process of evaluating IoT devices against security standards. They also significantly reduce the cost and complexity of software development for OEMs and third-party developers, by facilitating reuse, improving interoperability, and minimizing API fragmentation.
The Security with STM32WBA wiki page explains the different security features available on the device, such as Trusted firmware-M, OEMiROT, and OEMuROT.
1. RDP regression
The key feature of the STM32WBA is the ability to lock regression from RDP1 to RDP0 using a password and to allow password-protected regression from RDP2 to RDP1.
Further reading:
- Main RDP regression article: Using RDP regression on the STM32WBA
2. TrustZone - Resource isolation
TrustZone introduces hardware isolation, allowing developers to split their applications into Secure and NonSecure parts.
The core of TrustZone's isolation is identifying critical code and data (such as keys, private user data) and isolating them from the rest of the application, which does not contain valuable assets.
- The How to start with TrustZone on STM32WBA wiki article provides a step-by-step guide to incorporating TrustZone's resource isolation into your project.
3. OEMiRoT and OEMuRoT - Root of Trust
An OEM can develop a customized immutable root of trust (OEMiRoT) or updatable root of trust (OEMuRoT).
STM32CubeWBA provides example configuration files, codes, data files and scripts.
- The OEMiRoT & OEMuRoT for STM32WBA wiki article offers an overview to be read before getting started.
- The How to start with OEMiRoT on STM32WBA wiki article is a step-by-step guide for the STM32Cube OEMiRoT example.