STMicroelectronics Introduces STM32Trust and New Updates to X-CUBE-SBSFU

Aug 8, 2019

On July 30, the world's leading semiconductor supplier STMicroelectronics launched STM32Trust, a new initiative that focuses on all the software and hardware solutions bring to improve the security of devices. 

STMicroelectronics is one of the industry's broadest semiconductor product lines, from discrete diodes and transistors to complex system-on-a-chip (SoC) devices to complete platform solutions including reference designs, application software, manufacturing tools and specifications. Its main product types are more than 3,000.

The STM32 series is the world's leading Arm Cortex CPU architecture SoC portfolio, with more than 800 products for smart devices, IoT gateways, remote sensors, electronic medical devices, wearable devices, payment terminals, access control IoT devices such as memory. Depending on the model, hardware network protection features include custom secure boot, random number generators that prevent hackers from observing signal patterns, dedicated cryptographic coprocessors, and key secure storage units. STMicroelectronics also built tamper detection, firewall code isolation mechanisms on the chip, and implemented ArmTorrentZone security technology to provide additional protection for the most vulnerable code.

STM32Trust is an energetic program that will grow with more packages and products over time, thus serving as an excellent hub for engineers looking to learn more and stay up to date. 

To celebrate the launch of this program, STMicroelectronics has made a new update to X-CUBE-SBSFU. The 2.2.0 version now supports STM32WB, the first wireless microcontroller with embedded Bluetooth LE 5.0 and 802.15.4 stack, and the new STM32H7 that the first dual-core architecture for MCU.

X-CUBE-SBSFU is an extension package that enables developers to implement a secure boot and offer a secure firmware update system. It is one of the main pillars of STM32Trust, bringing secure boot and secure firmware updates to STM32Trust.

X-CUBE-SBSFU is available for STM32F4, STM32F7, STM32H7, STM32L0, STM32L1, STM32L4, STM32G0, STM32G4 and STM32WB. 

When a server sends the partial or complete encrypted firmware image that serves as an update, the embedded system transmits it via UART to the MCU, and the system checks its authenticity, then decrypts it and installs it. Moreover, the code from X-CUBE-SBSFU that runs on STM32L4 received a PSA Level 1 certification. Developers will thus be able to receive the same certification much more quickly, shortening their time to market.

In addition, the package helps developers take advantage of other STM32Trust tools. For instance, it uses X-CUBE-CRYPTOLIBlibrary to optimize cryptographic operations, and version 2.2.0 supports STSAFE-A100, a tamper-resistant secure element that stores various keys and certificates.

Developers encrypt their firmware with the Trusted Package Creator tool available within STM32CubeProgrammer utility and place their firmware secure credentials in a hardware module that takes the form of a smart card. They can then ship the encrypted binary and smart card to the OEM. The assembly line will upload the firmware and keys over UART, I²C, USB, or JTAG by also using STM32CubeProgrammer. The smart card contains a complex system that authenticates the MCU and gets a unique key from that component before sending the firmware secure credentials necessary to decrypt the binary into the MCU and generate an individual license for each STM32 component. This license enables the upload system to keep track of the precise number of installs, allowing companies to quickly see if the firmware is on components that are now missing.