STM32trust

Marketing Presentation

V1.3
 Agenda

# STM32Trust Overview # Security functions & offer

# Security Assurance # Focus on SFI and SBSFU

# Live examples # Security functions by product

2
 What security means for us?

Security is protecting Customer Assets

Protection
Customer
requirements
Assets

• Assets guaranty our customer revenues

• Customers value their assets
• ST need to provide means to help our customers secure these assets
3
 Security is a threat’ mitigation model

Threats exploit
Vulnerabilities and damage
Assets.

Protections mitigate
Vulnerabilities and therefore
might mitigate Threats.
Customer Assets Threats Vulnerabilities
Security
functions
Mitigate

Identify Assets, Threats and Vulnerabilities to

define Protections and Countermeasures
mitigating them to an acceptable level 4
 What is STM32trust ?

A security framework proposal

1 Identify threats according to customer assets categories

2 Propose mitigations via Security Functions & Services

3 Rely on recognized Security Assurance levels

To help customers protect their assets and

reach the required Security Assurance levels
5
 Our goal:
protect our customer’s assets
Data Connectivity
Confidentiality Regulations
Secrets Network access
Regulations Data transfer
Authenticity Confidentiality
Availability

IP System trust
Software Regulations
Data Reliability
Processes Availability
Secrets Authentication
Confidentiality

6
 From assets to security functions

STM32Trust simplifies the mitigation model analysis with: STM32Trust Security Functions
• Pre-analyzed threats and vulnerabilities Identification / Authentication / Attestation

• Mitigation with ready to use Security Functions & Services Application Life Cycle

Secure Manufacturing

Data Software IP Protection

Silicon Device Life Cycle

Connectivity
Treats Vulnerabilities Secure Install / Update

IP Secure Storage

Isolation
System trust
Abnormal Situations Handling

Secure Boot

Crypto Engine

Audit / Log

Mitigate 7
 From device to application
security assurance level
• STM32Trust focusing on 2 de-facto product certification schemes:

Security Evaluation Standard for IoT Platforms (SESIP)

Published by Global Platform for IoT devices

Platform Security Assurance by ARM® (PSA)

Focusing to protect IoT devices

• Aligned to multiple national & applicative security standards

• Fitting most customers application Security Assurance requirements

EN 303 645

IEC 62443

8
Security assurance & certifications
 Product certification status

Certifications Available Now

ARM PSA ARM PSA Level 1 ARM PSA Level 2
• Level 1 (Self Assessment) • STM32L4 • STM32L5 (TF-M)
• Level 2 (White box – Time Limited) • STM32L5
ARM PSA API Compliant
• Level 3 (Physical attack) • STM32L5 (TF-M)

SESIP SESIP Level 1 SESIP Level 3

• Level 1 (Self Assessment) • STM32L4 (SBSFU) • STM32L4 (SBSFU)
• Level 2 (Black box) • STM32L5 (TF-M)
• Level 3 (White box – Time Limited)
• Level 4 (White box)
• Level 5 (Smartcard-like EAL4+)

CC EAL5+ FIPS-140-2 TCG GSMA

• STSAFE-A110 • STSAFE-TPM • STSAFE-TPM • ST4SIM
• STSAFE-TPM
• ST4SIM

Evaluations Available Now

PCI POS Point of Sale application • STM32L4

• Certification documents and links available at www.st.com/stm32trust

• Evaluations material is not public 10
 STM32U5, the new flagship of STM32 ULP series
Memory size (Bytes)
C-M33
4M
C-M4
2M
C-M4 STM32U5

STM32U5
1M

STM32 L4+
C-M3 C-M33
512 K
STM32 L4

STM32
384 K

L5
STM32 L1

256 K
C-M0+
128 K
Highest DMIPS
STM32 L0

64 K Best ULP
32 K
16 K
8K
233 155 447 285 370 535 ULPMark-CP

30 33.6 100 150 165 230 Dmips

(32MHz) (32MHz) (80MHz) (120MHz) (110MHz) (160MHz) (Fmax CPU)

11
 Enhanced security

Extensive functionality to protect your assets

Security assurance
Isolation Cryptography
level
Side channel AES, PKA
TrustZone® L3 L3
Additional AES, PKA, SHA,
Secure Peripherals
TRNG
1st MCU
Secure DMA
CAVP certified CryptoLib to reach Level 3

Lifecycle Memory protections Active tamper Trust anchor

OTP, HDP, WRP, RDP, MPU
RDP: 4 protection level states
Ext. Flash encryption OTFDec
Password based regression
Secure Debug
4x active pair of tamper pins. TF-M, Secure Boot,
Volt. &Temp. monitoring (Vbat) Secure Firmware Install
Total tamper I/Os: 8 Hardware Unique Keys

New features for STM32 in bold

12
Live examples
 Customer example (1/6)
focus on secure manufacturing
My Asset Bob is a company designing toys.
is my He needs to be protected against fake copies or clones
Product

What Bob needs to achieve Bob Required Security Functions

• No firmware stolen during production • Secure Manufacturing

• No over-production by manufacturer
• No mean to program other devices
• No firmware stolen in the field
• Software IP Protection
• Secure Install / Update
IP Protection
• Silicon Device Lifecycle

14
 Customer example (2/6)
focus on isolation and IP protection
Jon has a company selling firmware
My Asset
His firmware is of highest value, as mainstream royalties' revenue
is my IP
It features user enable application options

What Jon wants to achieve The Security Functions needed by Jon

• Protect its firmware • Software IP Protection

• Isolate his firmware from customer one • Code Isolation

• Ensure independent firmware updates • Secure Install/Update

IP Protection
• Set application macro-state in a way • Application Lifecycle
which cannot be altered
15
 Customer example (3/6)
focus on secure maintenance & update
My Asset Mark’ company sells costly equipment.
is the He wants to offer remote maintenance and updates.
Product He cares to only update his equipment and would like to
Trust make sure only his firmware runs on his devices.

What Mark wants to achieve The Security Functions needed by Mark

• Ensure he connects to his equipment • Identification/Authentication/

• Ensure connection is liable Attestation
Secure
• Ensure the update is handled with Connectivity
integrity and authenticity • Secure Install/Update

• Authenticity and integrity of firmware • Secure Boot

running on devices System integrity • Memory protections 16
 Customer example (4/6)
focus on data management
Oliver is selling devices that report sensitive data to servers.
My Asset
Oliver needs to make sure the data cannot be exposed
is my Data
outside of his company.

What Oliver wants to achieve The Security Functions needed by Oliver

• Ensure transmitted data is not exposed • Crypto Engine

Data
• Ensure secret on data encryption keys • Secure storage

• Ensure data is sent from

authenticated devices
• Identification/Authentication/
• Ensure data is sent to authenticated Secure
Attestation
servers Connectivity 17
 Customer example (5/6)
focus on remote access & control
Rose controls her device fleet remotely.
My Asset
She wants to be sure no malicious devices are there
is Device and would like to have full control over the devices.
Trust Ensuring device access control at anytime is key

What Rose wants to achieve The Security Functions needed by Rose

• That every device shows a unique identity

• Be able to authenticate the device • Identification/Authentication/
• Be able to attest the device access rights Attestation
Secure
Connectivity
• Secure device communication • Crypto Engine

• Ensure that identities and access • Secure Storage and Secure

right secrets cannot be leaked even Data Manufacturing (Secure Personalization)
at the manufacturing stage Storage 18
 Customer example (6/6)
focus on data protection
Jack is collecting user data within his devices
My Asset
Jack’s devices and large-scale systems needs to be in line with
is my Data
regulations (such as GDPR) to be able to promote & sell devices.

What Jack wants to achieve The Security Functions needed by Jack

• Ensure platform integrity • Secure Boot

• Abnormal Situations Handling
System integrity

• Ensure user data integrity • Crypto Engine

• Identification/Authentication/Attestation
Secure Connectivity

• Ensure user data is stored securely • Secure Storage

19
Secure Storage
Security functions and ST offer
 From assets to security functions

STM32Trust simplifies the mitigation model analysis with: STM32Trust Security Functions
• Pre-analyzed threats and vulnerabilities Identification / Authentication / Attestation

• Mitigation with ready to use Security Functions & Services Application Life Cycle

Secure Manufacturing

Software IP Protection
Treats Vulnerabilities
Silicon Device Life Cycle
Data confidentiality Device identity
Data Secure Install / Update
Data integrity Software & Updates

Denial of Service Debug access Secure Storage

Connectivity
Impersonation Secret storage Isolation
Software integrity Lifecycle
IP Abnormal Situations Handling
Malware Intrusion Open Communication
Secure Boot
System trust Software copy Monitoring
Crypto Engine
License fraud Shared memories
Audit / Log
Cloning Untrusted environment
21
 The 12 security functions
• STM32Trust brings 12 Security Functions to align with Customer Use Cases and Security Assurance
• STM32Trust brings material (Documentation, Software, Tools…) to cover those 12 Security Functions
• Security functions to embed support of companion STSAFE secure elements

Application Life Cycle Secure Boot

Secure Manufacturing Secure Install / Update

Software IP Protection Secure Storage

Silicon Device Life Cycle Isolation

Identification / Authentication /
Abnormal Situations Handling
Attestation

Audit / Log Crypto Engine

22
www.st.com/STM32Trust

1- Secure Boot
Ensure device application
authenticity and integrity
5- Abnormal Situations
Handling
Ability to detect and react to
abnormal hardware and
software situations
9- Silicon Device Lifecycle
Control states to securely
protect silicon device assets
through its lifetime
2- Secure Install / Update
Secure Firmware Installation &
Update
Integrity & Authenticity checks
License management
6- Crypto engine
Cryptographic libraries
supported by hardware
10- Software IP Protection
Ability to protect a section or
the whole software against
illegal access.
Can be multi-tenant
The 12 security functions
definitions
3- Secure Storage 4- Isolation
Isolation between trusted and
Ability to securely store
non-trusted parts of an
secrets like data or keys
application
8- Identification /
7- Audit / Log
Authentication / Attestation
Unique identification of a
Keep trace of security events
device and/or software, and
in an unchangeable way
ability to detect its authenticity
11- Secure Manufacturing 12- Application Lifecycle
Device provisioning or
personalization in untrusted Protect application lifecycle
environment with states and assets
overproduction control
23
Focus on secure firmware installation &
secure boot
 Focus
embedded secure firmware install - SFI
Manage STM32 authentication, firmware decryption and installation

Customer premises Untrusted environment Secure Loader

ST ecosystem
SFI embedded services
with
Encrypted provisioned by ST
FW Encrypted FW Encryption, HSM and
FW Transfer  Mass Market
programming tools
Store encryption
key in HSM
HSM SFI approach
Physical transfer Authenticate target STM32
Trusted Package Creator Generate installation license
ST Hardware Secure
Module (HSM)

STM32
3rd Party premises

SMI
SMI Firmware cloning
Encrypted
Authenticate target STM32
Generate installation license protection on the first Protect 3rd party
Module Encrypted Module
Module transfer installation Software IP
Store encryption via (SMI)
key in HSM HSM
Physical transfer UART / SPI / USB
Trusted Package Creator
ST Hardware Secure
Module (HSM)

25
 Focus
secure boot secure FW update - SBSFU
Reference library source code for
In-application Programming

Demonstrate SW modules for:

• Secure Boot
• Secure Engine for Crypto and key
• Firmware Update image management

Ensure authentication and secure programing of in

the field products

Reference implementation of STM32 hardware

memory protections

26
Security functions by product
 Security functions by product
STM32F4/F7/L1/WB/G0/G4/H7/L0/L4 STM32MP1 STM32L5/U5 with TrustZone + STSAFE-A/TPM
Security Function
Silicon Firmware Silicon Firmware Silicon Firmware Silicon

Secure Boot √ √ √ √
TF-A
TFM_SBSFU
SBSFU
Secure Install/Update √ √ √ √
OPTEE
(WB)
Secure Storage (L0/L4/H7/G0/G4) √ OPTEE √ TF-M SPE √
SBSFU KMS (L4)

Isolation √ √ √ √
OPTEE TFM
Abnormal situations
√ √ √
handling
Crypto Libraries
Crypto Engine √ Crypto Libraries √ OPTEE √ √
TF-M
Audit/Log √ TF-M
ID/Auth/Attestation √ √ √ TF-M Attestation √
Silicon Device LifeCycle √ √ √

Software IP Protection √ √ √ TF-M

OPTEE
Secure Manufacturing SFI (H7/L4) with STM32HSM SSP with STM32HSM SFI with STM32HSM √
Application LifeCycle √ √ √ √

Firmware to be developed by user

28
Reference firmware proposed by ST
Q&A (5 min)
Takeaways
 STM32Trust security ecosystem
the one stop shop solution to implement security
First solution on the market certified PSA Level 2
First solution on the market certified SESIP Level 3

Isolation Strong certification

Secure Boot
Secure Storage
STM32L5+TFM:
Crypto Engine Level 2
STM32
Identification/Authentication
Secure Manufacturing
…
STM32L4+SBSFU:
Level 3
12 core
Customer Implementation on
security functions STSAFE
security needs STM32 and STSAFE
to address needs
EAL5+

PSA = Platform Security Architecture, by ARM

SESIP = Security Evaluation Standard for IoT Platforms, by Global Platform 31
 Thank you
Up-to-date information available
at www.st.com/stm32trust

© STMicroelectronics - All rights reserved.

ST logo is a trademark or a registered trademark of STMicroelectronics International NV or its affiliates in the EU and/or other countries.
For additional information about ST trademarks, please refer to www.st.com/trademarks.
All other product or service names are the property of their respective owners.