SL-SSISE011401V1

Solution Description

This solution implements stringent hardware and software security measures to defend STM32 microcontrollers against the risk of attack in untrusted environments. It is based on the X-CUBE-SBSFU, which implements secure boot and secure firmware update procedures, and the STSAFE hardware element with authentication keys stored in protected and isolated memory.

Working together on an STM32 MCU, they implement secure boot and firmware update protocols, and manage embedded applications in order to prevent unauthorized code modification and access to confidential on-device data.

New firmware versions intended to add or improve the functionality or address known bugs in IoT field devices are generally deployed from centralized server or cloud services. The Secure Firmware Update application verifies the authenticity of any encrypted firmware images it receives and checks the integrity of the code before installing it. To accommodate wireless deployment of new firmware, which is a common necessity in IoT applications, the software also supports Over the Air Firmware (FOTA) updates.

The Secure Boot application instead runs immediately after any STM32 microcontroller reset to check status and activate run-time protections included as part of the STM32Trust collection of strategies to protect STM32 MCUs. This application verifies the authenticity and integrity of user software before every execution to block any invalid or malicious code.

Key Product Benefits

STM32 Microcontrollers

All STM32 microcontrollers are part of the STM32Trust ecosystem to ensure robust security across 12 specific strategies, including secure boot and update, memory protection, tamper detection, cryptography, authentication, and others, in order to ensure varying levels of compliance with recognized certification schemes for IoT platforms, such as SESIP and PSA by ARM®.

X-CUBE-SBSFU Secure Boot Firmware

The X-CUBE-SBSFU Secure Boot and Secure Firmware Update software ensures immutable Root of Trust service code is always executed after a system reset to check and activate STM32 static and runtime protections and verify the authenticity and integrity of user application code, and checks the authenticity and integrity of any firmware updates before they are installed. The software also provides secure key management and cryptographic services to user applications.

STSAFE-A110 tamper-resistant secure element

STSAFE-A110 is a tamper-resistant secure element (Hardware Common Criteria EAL5+ certified) used to host X509 certificates and keys and perform verifications that are used for firmware image authentication during Secure Boot and Secure Firmware Update procedures.

Read more Read less

All Features
Status and activation of static and run-time STM32Trust security measures on every STM32 boot up instance

STSAFE secure element hardware for higher grade security than possible with software only

Secure Firmware Update with anti-rollback and partial image update capabilities for Over-the-Air or local firmware image update
Read more Read less

Kit Description

Distributor availability of B-L475E-IOT01A2

Distributor Name	Region	Stock	Min. Order	Third party link

Distributor reported inventory date:

Distributor Name

Distributor reported inventory date:

The B-L4S5I-IOT01A Discovery kit for IoT node enables a wide range of applications thanks to the low-power multilink communication, multiway sensing and Arm^® Cortex^®-M4 core-based STM32L4+ Series features.

Running the X-CUBE-SBSFU extension software on the Discovery kit adds ARM PSA Level 1 and SESIP Level 3 security certification to the STM32L4+ microcontroller and provides reference code to demonstrate the intended use of STM32 security protections:

Secure Boot module
- Execution with Root of trust service
- Application authentication and Integrity check before execution
Secure Firmware Update module
- Detect new FW version to install
- Manage FW version (check unauthorized updates or unauthorized installation)
Secure Engine module
- Code isolated from main Firmware Secure execution
- Dedicated to executing cryptographic algorithms
- Manage secure key storage

Get the Software

All Evaluation Features

Ultra-low-power STM32L4+ Series STM32L4S5VIT6 microcontroller based on the Arm® Cortex®-M4 core with 2 Mbytes of Flash memory and 640 Kbytes of RAM in LQFP100 package

64-Mbit Quad-SPI Flash memory

Higher security with secure element companion chip (STSAFE-A110)

Bluetooth® 4.1 module (SPBTLE-RF)

802.11 b/g/n compliant Wi-Fi® module (ISM43362-M3G-L44, Inventek Systems)

Dynamic NFC tag based on ST25DV04K with its printed NFC antenna

2 digital omnidirectional microphones (MP34DT01)

Capacitive digital sensor for relative humidity and temperature (HTS221)

High-performance 3-axis magnetometer (LIS3MDL)

3D accelerometer and 3D gyroscope (LSM6DSL)

260-1260 hPa absolute digital output barometer (LPS22HB)

Time-of-flight and gesture-detection sensor (VL53L0X)

USB OTG FS with Micro-AB connector
Read more Read less

Microcontrollers & microprocessors

Part number	Description
STM32L4S5VI	Ultra-low-power with FPU Arm Cortex-M4 MCU 120 MHz with 2048 kbytes of Flash memory, USB OTG, DFSDM, CHROM-ART, AES-256, HASH

Part number

STM32L4S5VI

Ultra-low-power with FPU Arm Cortex-M4 MCU 120 MHz with 2048 kbytes of Flash memory, USB OTG, DFSDM, CHROM-ART, AES-256, HASH

Secure MCUs

Part number	Description
STSAFE-A110	Authentication, state-of-the-art security for peripherals and IoT devices

Part number

STSAFE-A110

Authentication, state-of-the-art security for peripherals and IoT devices

Secure boot and upgrade of embedded applications

Solution Description

Key Product Benefits

STM32 Microcontrollers

X-CUBE-SBSFU Secure Boot Firmware

STSAFE-A110 tamper-resistant secure element

All Features

Kit Description

Estimated cost

Something went wrong with the server request. Please try again in a few moments.

Project Title:

Project Description:

Application:

End Application:

Nature of Business:

Military Related:

Country/Region where the Software will be used:

Comment:

Request for software successfully submitted. The approval process may take up to 48 hours. After you have been approved, you should receive a link to the requested software via email.

Get the Software

All Evaluation Features

Microcontrollers & microprocessors

Secure MCUs

Did you know?