1 Introduction
During the product development process, the original equipment manufacturers (OEMs) can subcontract the manufacturing to an OEM contract manufacturing (OEM CM). The OEM CM can manage the programming tools or call for a third party programmer.
The manufacturing therefore takes place in a untrusted environment putting proprietary assets at risk.
Since the OEM CM works with the OEM intellectual property (IP), IPs might be exposed or be appropriated by other customers. This is referred to as Untrusted Manufacturing.
To meet the new market security requests and protect customers against any leakage of their IPs, STMicroelectronics introduces new security concepts and tools. These new security concepts and tools enable the safe programming of an OEM firmware into the STM32 MCU internal Flash memory or external non-volatile memories (including confidentiality, authentication and integrity checks).
On the other hand, when the OEM owns the full chain of development and manufacturing, it is called Trusted Manufacturing. However, even products manufactured in such an environment can still be vulnerable to security threats once deployed in the field. To enhance the device resistance to such threats, the STM32H5 Series provides solutions that enable firmware authentication and secure firmware updates using cryptography and memory protection mechanisms. These measures help protect critical operations and data from unauthorized access.
2 Trusted Manufacturing
2.1 STiRoT
The devices deployed in the field operate in an untrusted environment and are susceptible to various security risks. To mitigate these risks, it is crucial to ensure that only an authentic firmware runs on the device. While updating firmware is a common practice for connected devices, it can also introduce security vulnerabilities if not done securely. It is essential to execute firmware updates in a secure manner to prevent security breaches.
To address these issues, STMicroelectronics developed the STiRoT which stands for ST immutable (unchangeable) Root Of Trust and acts as a first boot stage. This is a ROM code targeting a SESIP level 3 certified implementation.
STiRoT provides two services:
- The Secure Boot (root of trust services) is an immutable code, which is always executed after a system reset. It activates runtime protections and verifies the integrity of the application code and data before every execution.
- The Secure Firmware Update application is an immutable code that detects if a new application code or data image is available. It checks authenticity, then the integrity of the new image before installing it after the decryption phase allowing the confidentiality.
The STiRoT activation is done by configuring the related option byte and defining the STiRoT configuration. STiRoT is activated in two different use cases :
- One boot stage: The STiROT directly manages the user application.
- Two boot stages: The STiROT manages an updatable boot stage (uROT) located in the user flash memory which, in turn, manages the user application. The updatable boot stage can be customized to fit customer needs.
The STiRoT configuration gives the possibility to define the number of managed images (firmware images, or firmware and data images), the location of the images, and the cryptographic keys.
Once the configuration done, an image is generated and the device can be programmed with the option bytes, the OBKeys and the generated image.
For more general information about the STiRoT, refer to the dedicated chapter and for more information on the STM32H5 series, refer to the STiRoT for STM32H5 article.
2.2 OEMiRoT
Instead of using the Root of Trust provided by STMicroelectronics, the STM32H5 series allows the OEM to develop and use their own Root of Trust solution.
OEMiRoT which stands for OEM immutable (unchangeable) Root of Trust is an example based on the MCUboot open-source software (refer to mcuboot) provided with STM32CubeH5. The OEMiRoT can be modified by the OEM to be tailored to their own application.
The given example also features the Secure Boot and the Secure Firmware Update as for the STiRoT.
An OEM updatable RoT (OEMuRoT) can be generated from the OEMiRoT to act as a second boot stage after STiRoT.
For more information about the OEMiRoT for STM32H5, refer to the dedicated chapter.
3 Untrusted Manufacturing
3.1 SFI / SFIx
The secure firmware install (SFI) solution provides security when programming devices in a non-trusted facility owned by a Contract Manufacturer (CM).
The SFI addresses the two main issues at a non-trusted facility:
- OEM application confidentiality against CM during STM32 programming.
- Avoid CM overproduction of OEM devices.
Without the use of Secure Firmware Install (SFI), the STM32 is programmed with unencrypted code and data, leaving the application code vulnerable to security breaches or unauthorized copying.
To avoid theft, application code tamper and the unauthorized production of devices, the OEM must rely on the trustworthiness of the Contract Manufacturer (CM).
SFI offers a complete solution:
- the STM32 Trusted Package Creator software package encrypts the OEM application (including code and data)
- the STM32CubeProgrammer flashes the STM32 securely
- the STM32-HSM transfers the OEM credentials to the programming partner (CM).
For more general information about the secure firmware install, refer to the SFI dedicated chapter.
The STM32CubeProgrammer software package is delivered under the SLA0048.
The STM32H5 series provides a security framework with a trusted execution environment: the Secure Manager, simplifies the security development cycle of embedded applications. The OEM chooses to develop its application using the Secure Manager or not, the later choice impacting the SFI procedure to be followed.
The two procedures are described in the SFI for STM32H5 dedicated article.
SFIx extends the SFI solution to support external memories connected to the STM32 device, using the same tools as the regular SFI.
3.2 Secure Manager
The Secure Manager is an STMicroelectronics trusted execution environment security framework that is compliant with Arm® Platform Security Architecture (PSA) specifications for Cortex®-M (Armv8-M).
Secure Manager is an easy-to-use proprietary implementation of the PSA API, which is specifically optimized for STM32H5 MCUs. Easy to install on STM32 products, Secure Manager provides a way to manage the entire security ecosystem on the STM32 device.
During the manufacturing flow, the OEM gets the encrypted image of the Secure Manager from STMicroelectronics and prepares its encrypted firmware image containing its non secure application image, its secure module images and the OEM secrets.
The OEM configures the Secure Manager during the installation phase or after, defines parameters such as the non-secure application installation key, the number of modules, and the ITS storage size.
The Secure Manager and the firmware can then be securely installed by the OEM, using keys defined during the process.
For more general information about the Secure Manager, refer to the dedicated chapter.
The Secure Manager is delivered with a complete ecosystem to manage the product life cycle. This ecosystem is composed of :
- The Secure Manager access kit (SMAK): used to develop nonsecure applications using the Secure Manager services.
- The Secure Module development kit (SMDK): used to develop secure modules and associated APIs to access these modules from nonsecure applications.
For more information on how to develope non secure applications using the Secure Manager services, refer to SMAK for STM32H5 article.
For more information about Secure Manager manufacturing, refer to SMAK for STM32H5 article.
For more information on developing secure modules, refer to SMDK for STM32H5 article.