This page shows an overview of the initial attestation, it shows how ST helps OEMs to use this service and how to build it using Mbed TLS, and the STM32 coupling and chaining bridge peripheral (CCB).
1. Introduction
1.1. Overview of Initial Attestation Service
Initial attestation is a security process that verifies the integrity and authenticity of a device at the time of boot or initialization. It involves generating a cryptographic proof that the device firmware and configuration are in a known good state. This proof, often in the form of a signed attestation report, can be verified by a remote party (for example a server) to ensure that the device has not been tampered with, or compromised. For detailed guidance on initial attestation service, refer to Arm PSA attestation specification Device Attestation and Entity Attestation Tokens Explained
1.2. Introduction to STM32 coupling and chaining bridge peripheral (CCB)
The STM32 CCB peripheral is a hardware component that uses the STM32 internal hardware cryptographic accelerators to perform protected cryptographic operations using a key-wrapping mechanism, ensuring that the wrapped private key is never exposed in cleartext to the CPU. For detailed guidance on the STM32 CCB peripheral, refer to the application note AN6205. This document provides an introduction to the PKA key wrapping with coupling and chaining bridge on the STM32 MCUs.
1.3. Introduction to the STM32 Mbed TLS Key Wrap Engine
The STM32 Mbed TLS Key Wrap Engine is a software component that provides a set of PSA crypto APIs to perform protected cryptographic operations on the STM32 CCB peripheral using symmetric and asymmetric wrapped keys. This software allows applications to perform protected cryptographic operations using wrapped keys that are never disclosed to the CPU in cleartext. It enables the signing of the token for initial attestation with the device attestation keys.
2. Prerequisites
2.1. Hardware Requirements
STM32 microcontroller supporting the coupling and chaining bridge (CCB) hardware crypto accelerator. For detailed guidance on the STM32 CCB peripheral, refer to the application note AN6205. This document provides an introduction to the use of PKA key wrapping with coupling and chaining bridge on STM32 MCUs.
2.2. Software Requirements
- ST Mbed TLS an open-source C library for cryptography customized by ST to support STM32 hardware crypto accelerators. Only Mbed TLS V3.6.2 or upper version supports the STM32 Mbed TLS Key wrap engine driver. The library is available on https://github.com/STMicroelectronics/stm32-mw-mbedtls
- STM32 Mbed TLS Key Wrap Engine driver a PSA opaque driver that provides a set of APIs for performing protected cryptographic operations on STM32. The library is available on the STM32Cube firmware.
- STM32 Mbed TLS Alt provides a set of alternative functions to replace Mbed TLS cryptography modules by an alternative implementation based on STM32 hardware cryptographic accelerators. The library is available on the STM32Cube firmware.
3. Initial Attestation Use Case using wrapped DUA private key
3.1. Wrapped DUA private Key export using RSSe KW
This process ensures the secure export of the DUA private key, protecting it from unauthorized access and side-channel leakage. For detailed guidance on Wrapped DUA private Key export using RSSe KW, refer to the application note AN6278. This document provides an introduction to the RSS extension for Key Wrap (RSSe KW) service on the STM32 MCUs.
3.2. Entity Attestation Token (EAT) Creation
The user application initiates an attestation request to the initial attestation service. This service generates an attestation token which includes claims (for example device identity, firmware version) and random data to ensure freshness.
The initial attestation service interacts with the STM32 CCB peripheral through the STM32 Mbed TLS Key Wrap Engine driver using the PSA (Platform Security Architecture) API. The PSA API provides functions for key management, hashing, signing, and exporting public keys.
The creation of the attestation token can be accomplished by carefully following the detailed steps illustrated in Figure 2, as outlined below:
Step1: Wrapped DUA private key import
The Wrapped DUA private key is imported into the PSA storage using the psa_import_key function and the driver location of the STM32 Mbed TLS Key Wrap Engine driver.
Step2: Compute the hash of the token
A hash of the attestation token is generated using the psa_hash_compute function.
Step3: Token signature generation
The hash is signed using the imported Wrapped DUA private key to create a digital signature.
Step4: Entity Attestation Token Generation
The signed attestation token, now known as the Entity Attestation Token, is generated. This token includes the signature and the claims, providing proof of the device identity and integrity.
Step5: Certificate Retrieval
The application retrieves the DUA certificate from the system flash memory using STM32 software utilities. The DUA certificate contains the DUA public key and a signature, which can be used to verify the authenticity of the attestation token.
The coupling and chaining bridge (CCB) and the DUA private key provide side-channel protected operations to ensure the security of the attestation token creation process.
The Figure 2 illustrates the process of initial attestation in the STM32 microcontrollers supporting the coupling and chaining bridge (CCB), focusing on the secure handling of the DUA (Device Unique Authentication) key.
4. Additional resources