SFI for STM32WBA

This message will disappear after all relevant tasks have been resolved.
Semantic MediaWiki
There are 1 incomplete or pending task to finish installation of Semantic MediaWiki. An administrator or user with sufficient rights can complete it. This should be done before adding new data to avoid inconsistencies.


SFI is a secure mechanism implemented in STM32 microcontrollers that allows secure and counted installation of OEM firmware in an untrusted production environment, such as an OEM contract manufacturer. The SFI process prevents the OEM firmware code from:

  • Being accessed by the contract manufacturer
  • Being extracted
  • Being disclosed

A detailed description of SFI is provided in AN4992

List of applicable products:

Type Products
Microcontroller STM32WBA52xG, STM32WBA54xG, STM32WBA55xG, STM32WBA62xI, STM32WBA63xI, STM32WBA64xI, STM32WBA65xI


1. Introduction

The STM32WBA microcontrollers support secure firmware install (SFI) only on their internal flash memory by means of a dedicated RSSe (secure firmware extension) delivered in the X-CUBE-RSSe STM32Cube expansion package.

The SFI procedure on STM32WBA microcontrollers is similar to the SFI procedure applied to other platforms. To run the SFI procedure on STM32WBA microcontrollers, follow SFI Step-by-step on STM32 boards.

2. Preparation flow

After developing the OEM application, the OEM must prepare and test the SFI image for installation during manufacturing.

To do this, the OEM must use the STM32 Trusted Package Creator tool.

The purpose of this step is to:

  • Prepare the encrypted firmware image for installation. This image, called the SFI image, consists of the OEM application and additional components, such as OEM secrets and OEM option bytes.
  • Provision the OEM key used to encrypt the firmware image within a hardware security module (HSM).

2.1. SFI image generation

The OEM must provide the following inputs:

  • OEM application: The OEM must provide the application binary.
  • OEM secrets: The OEM secrets include the OEM data and the OEM keys.
  • OEM option bytes configuration

The Trusted Package Creator encrypts the SFI image inputs with the OEM key and generates the SFI image.

The SFI image is an encrypted image that contains the OEM application, the OEM secrets, and the OEM option bytes.

2.1. OEM key provisioning

The OEM must provide the OEM key to the contract manufacturer in a manner that prevents the contract manufacturer from reading or extracting the OEM key. Only the STM32 microcontroller can process the OEM key. In the SFI solution, the OEM provisions the OEM key by using the Trusted Package Creator in a hardware security module ( HSM). Then:

  • Only STMicroelectronics STM32 microcontrollers can securely install the SFI image.
  • The authenticity, integrity, and confidentiality of the SFI image content are ensured.

When using the hardware security module, the number of STM32 microcontrollers to program can be counted.

3. Installation flow

The installation procedure is similar to the standard SFI installation procedure that is used on other STM32 products that support SFI.


Information
For an overview of the SFI image programming, refer to the chapter 6 of AN4992 called "SFI image programming by OEMs or CMs".


Retrieved from "https://wiki.st.com/stm32mcu/index.php?title=Security:SFI_for_STM32WBA&oldid=88498"