STM32Trust
STM32Trust offers a robust multi-level strategy to enhance security in new product designs based on our STM32 microcontrollers and microprocessors augmented with STSAFE secure elements.
STM32Trust is a security framework combining our knowledge, ecosystem, and security services. This solution offers developers a complete toolset to protect their design’s valuable assets, such as software IP and data, and to ensure secure connectivity and system integrity.
With a set of 12 security functions offering hardware, software, and design services from ST and third parties, STM32Trust complies with the requirements of the major IoT certification schemes.
To ensure best-in-class security, ST provides MCUs and MPUs with their associated security functions based on PSA and SESIP certifications.
This assurance level allows designers to build their applications using a solid security framework and to meet the requirements of their pre-defined security assurance level, such as PCI, UL-2900, IEC 62443, ETSI EN 303 645, FIPS-140-2 and many others.
To enhance the Security Assurance Level, STM32Trust also supports secure elements from the STSAFE product family. Certified Common Criteria EAL5+, the STSAFE portfolio offers multiple devices for secure connectivity which are essential for cloud communications, secure storage and authentication, and system integrity.
Developed in close collaboration with partners and customers, STM32Trust builds on several asset-protection use cases and the security features they require, as shown in the examples below. However, as a first step before using the STM32Trust framework, it is necessary to perform an in-depth analysis of your security model, based on the outcome of your threat analysis.
STM32Trust生态系统将理论知识、工具和ST原厂开箱可用软件包相结合,以便利用最佳行业实践,为新的物联网设备构建强大的信息安全保护。这有助于设计人员利用STM32单片机的内置功能来确保设备之间的可信、防止未授权访问和抵御侧信道攻击,以避免数据被盗和代码被修改。
STM32Trust生态系统集成了所有可用资源,包括STM32系列信息安全保护相关的参考资料和免费软件,并通过强大的多级策略来增强安全性。
STM32Trust解决方案提供完整的代码保护和执行保护工具套件。
STM32Trust brings 12 security functions & services to align with asset-protection use cases and to provide the right security assurance levels

1. Secure boot
Ability to ensure the authenticity and integrity of an application that runs inside a device
2. Secure Install/Update
Installation or update of firmware with initial checks of integrity and authenticity before programming
3. Secure Storage
Ability to securely store secrets like data or keys (and to access them without them being visible externally)
4. Isolation
Isolation between trusted and non-trusted parts of an application
5. Abnormal situation handling
Ability to detect abnormal situations (both hardware and software) and to take adapted decisions like the removal of secret data
6. Crypto Engine
Ability to process cryptographic algorithms, as recommended by a security assurance level
7. Audit/Log
Keep trace of security events in an unchangeable way
8. Identification / Authentication / Attestation
Unique identification of a device and/or software package, and ability to detect its authenticity, from inside the device or externally
9. Silicon device lifecycle
Control states to securely protect silicon-device assets through a constrained path
10. Software IP protection
Ability to protect a section or the whole software package against external or internal reading. Can be multi-tenant
11. Secure manufacturing
Initial device provisioning in unsecured environment with overproduction control. Potential secured personalization
12. Application lifecycle
Define unchangeable incremental states to securely protect application states and assets
Some examples are listed below, and additional product documentation is available for more accurate descriptions and information on availability: RDP (Read Protection), WRP (Write Protection), PcRoP (Proprietary code Read out Protection), MPU (Memory Protection Unit), HDP (Hide Protect), OTP zones, OTFDEC (On the fly Decryption), CRC (*Cyclic Redundancy check), *TrustZone, Firewall, Anti-tamper mechanisms, Crypto Accelerators & Libraries, RNG (Random Number Generator), Unique IDs, SSP (Secure Secret Provisioning), TF-M (Trusted Firmware Management), TF-A (Trusted Firmware for Arm Cortex-A), OPTEE (Open Portable Trusted Execution Environment), UBE (Unique Boot Entry), FSBL (First Stage Boot Loader), SBSFU (Secure Boot & Secure Firmware Update), SFI (Secure Firmware Installation) etc. Additionally, firmware & tools services will be introduced.
代码保护
STM32Trust.CodeProtection一套解决方案,以确保烧写真实stm32时,客户代码的机密性和完整性。
某些STM32 单片机型号已嵌入硬件安全保护功能,还额外实现了篡改检测、防火墙代码隔离机制和Arm TrustZone®技术,来保护最敏感的代码。
X-CUBE-SBSFU
应用程序代码在传输到Boot存储器或在现场更新时最容易受到攻击。
X-CUBE-SBSFU安全启动和安全固件更新是一组软件参考代码,用于保护固件和升级STM32单片机上应用程序(添加新功能和纠正潜在问题)。更新过程的执行非常安全,可以防止未经授权代码被更新到MCU,也能防止任何对设备上机密数据的访问。
X-CUBE-SBSFU充分利用了STM32存储器各种保护机制,将安全启动-固件升级功能与主应用程序隔离。
参考代码还包含一个采用ST安全元件STSAFE的参考实现,用于最大限度地提高最终应用程序的安全水平。
产品编号 | 状态 | 类型 |
X-CUBE-SBSFU |
Active
|
嵌入式软件 |
X-CUBE-CRYPTOLIB
这是一个受限于出口管制(ECCN 5D002)的软件包,基于STM32Cube架构,用软件实现了一组密码学算法,适用于所有STM32单片机。
产品编号 | 状态 | 类型 | 类别 | 说明 |
X-CUBE-CRYPTOLIB |
Active
|
嵌入式软件 | MCU MPU嵌入式软件 |
SFI
安全固件安装解决方案可用于STM32L4和STM32H7单片机,并且很快将扩展到其他STM32平台, 为设备的首次编程提供保护。
该解决方案提供一套完整的工具集,包含用于加密OEM二进制文件的软件(Trusted Package Creator),用于安全烧写STM32的软件(CUBE Programmer),以及用于将OEM机密凭证安全地交付给芯片烧录厂家的STM32HSM。
通过安全固件安装(SFI*)来保护您的生产流程
在固件开发和验证之后,设计人员可以使用Trusted Package Creator软件加密固件,并将所有机密凭证存储到STM32HSM硬件安全模块中,比如专用智能卡。
然后,可使用STM32CubeProgrammer或SFI推荐的合作伙伴编程工具在不受信任的环境(如生产线)中安全地对STM32 MCU进行编程。
STM32CubeProgrammer
STM32CubeProgrammer包含STM32TrustedPackage Creator工具,通过该工具可以为支持SFI功能的STM32生成SFI和SMI加密映像。该工具支持命令行(CLI)和图形界面(GUI),且都是免费的。
SFI映像的格式是STMicroelectronics定义的固件加密格式。它使用AES算法将Elf、Hex、Bin或Srec格式的固件转换为SFI格式的加密和认证固件。SFI映像由一个头部区域和多个其他区域组成。这些区域通常为连续固件区域。最后一个区域为配置区域,其中包含SFI完成时需要设置的选项字节值。
产品编号 | 说明 |
STM32CubeProg | 用于对STM32产品进行编程的STM32CubeProgrammer软件 |
STM32HSM
STM32HSM-V1用于保护STM32产品的烧写,以避免在合同制造商场所出现超量生成或盗取固件的情况。(产品的伪造)
产品编号 | 状态 | 类型 |
STM32HSM-V1 |
Active
|
开发工具 |
FASTROM
FASTROM(Factory Advanced Service Technique Read Only Memory)MCU是预编程了客户代码和选项字节的Flash工艺MCU器件。FASTROM MCU可提高大批量(10,000+)编程效率,相比ROM,具有交期更短、并允许对器件重新编程的优势。
Security Assurance & Certifications
Certifications | Available now | ||||
ARM PSA
|
ARM PSA Level 1 | ARM PSA Level 2
ARM PSA API Compliant
|
|||
SESIP
|
SESIP Level 1
|
SESIP Level 3
|
|||
CC EAL5+ |
![]()
CC EAL5+
|
FIPS-140-2
|
TCG
|
GSMA
|
|
Evaluations | Available now | ||||
PCI POS Point of Sale application |
|
执行保护
设备成为商业产品就易成为受攻击的目标,需要对信息安全攻击具有免疫力。因而需要采取信息安全防护措施,以确保固件IP受到保护,机密凭证和数据受应用程序保护,而不会被破坏。
STM32Trust.ExecutionProtection是一组STM32功能,用于确保所有者代码运行期的适当隔离、正确执行和易用性,以保证所收集数据的机密性和真实性。STM32提供不同的架构和隔离方案用于实现执行保护。
调试
通过调试端口可从外部访问所有设备资源。调试端口用于应用程序开发,是攻击者对设备进行攻击时可能会最先利用的薄弱环节。为确保用户代码的机密性和真实性,应锁定STM32调试功能。
安全启动
如X-CUBE-SBSFU软件包中所示,安全启动在每次复位时执行,检查STM32平台配置的完整性,并验证每个嵌入式固件的签名,以确保其真实性。
MPU
存储器保护单元机制可保护进程,防止不同进程间的相互访问,并允许这些进程独立运行。MPU所带来的软件隔离效果可确保各个进程彼此之间的代码和数据安全性。STM32提供受多种操作系统支持的MPU解决方案。
双核架构
双核架构允许两个应用程序在同一MCU设备中同时运行,两者通过内核ID隔离。
TrustZone
TrustZone是一套完整的硬件机制,用来定义和隔离两个主要的应用程序区:一个是所谓的可信区(用于保护关键应用程序及其相关资源),另一个是不可信区,运行主应用程序。
防火墙
防火墙是一种硬件保护外设,它控制着总线访问,并过滤对代码区(闪存)、非易失性数据区域(SRAM)以及易失性数据区域(闪存)这三个特殊区域的访问。它允许用户轻松地将关键代码的执行与主应用程序分开。
资源
培训
STM32L4安全防火墙 | ![]() |
|
STM32L4高级安全加密标准(AES)硬件加速器 | ![]() |
|
STM32L4外设HASH | ![]() |
|
STM32L4安全存储器保护 | ![]() |
|
STM32L4安全随机数发生器(RNG) | ![]() |
|
STM32L4实时时钟 | ![]() |