FTM / Security & Encryption / STMicroelectronics — STM32Trust Security Framework

STMicroelectronics — STM32Trust Security Framework

Security & Encryption

August 3, 2023
Security & Encryption
Issue 6 2023

Security framework for STM32 MCUs and MPUs provides comprehensive set of capabilities for protecting embedded devices

STM32Trust platform from STMicroelectronics provides hardware products, software projects, tools and training to enable OEMs to build strong security into connected products, from design through production to onboarding with popular cloud computing services.

STMicroelectronics has implemented a comprehensive framework, called STM32Trust, that enables system developers to implement strong security protection functions in embedded devices, and to comply with new and emerging security regulations.

The security implementations developed by ST are graduated to fit with the different requirements of the various industry standards governing security technology, and so to provide manufacturers with a scalable approach. STM32Trust relies on several security certification schemes to give OEMs confidence in its security implementations, including:

Platform Security Assurance (PSA), an Arm® project
Security Evaluation Standard for IoT Platforms (SESIP), defined by GlobalPlatform
In addition, the STSAFE secure elements supported by STM32Trust are Common Criteria Evaluation Assurance Level (EAL) 5+ certified

This assurance level allows designers to use the security framework with confidence, and to meet the application requirements of security standards such as PCI, UL-2900, IEC 62443, ETSI EN 303 645, FIPS-140-2, and IoXT.

The STM32Trust framework provides developers with a robust, multi-level solution for enhancing security in their new product designs. It is for implementation on STM32 microcontrollers and microprocessors, in combination with STSAFE secure elements. The framework helps OEMs to implement 12 security functions:

Secure boot
Secure installation/update
Silicon device lifecycle management
Isolation of trusted from non-trusted parts of a system
Secure storage of data and keys
Cryptography engine
Secure manufacturing
Identification/authentication/attestation
Software IP protection
Abnormal situation handling
Audit/log of security events
Application lifecycle management

To support these functions, STM32Trust offers a range of security services that are constantly evolving to make security protection easier to implement. These services include:

Secure boot and secure firmware installation, in tandem with the STM32CubeProgrammer and the STM32HSM hardware security module
Cryptography
Trust Execution Environment (TEE) Secure Manager
Trusted Firmware for Microcontrollers (TF-M) open-source software project
Trusted Firmware for Applications Processors (TF-A) open-source software project
Open Portable Trusted Execution Environment (OP-TEE)