Table 8. Basic feature differences of TrustZone-based secure software
Feature SBSFU for TrustZone® TF-M
RoT services Immutable RoT Immutable RoT + updatable RoT
Cryptographic key management Static keys only Key storage hierarchy with HUK root key
Secure storage Absent Internal and external
NV counter No Yes
Both alternatives are based on TF-M and MCU boot, but while SBSFU intends to replicate familiar features of
X-CUBE-SBSFU while retaining most flash memory space for user code, TF-M offers more functionality. Some
of that can be dropped to gain memory space. For the STM32H57x line, the Secure manager, a closed-source
implementation of TF-M, offers a convenient and express way to adopt certified secure solutions.
5.5 Product certifications
Different secure applications often require certain certifications, proving their capability to perform in a secure
manner. Independent or government agencies grant the certification status to either an MCU application or a
combination of MCUs with secure firmware after testing it against the evaluation goals.
The certifications and evaluations related to STM32 microcontrollers include, but are not limited to:
• PSA certified (platform security architecture), governed by Arm, focused on IoT security, MCU certification,
three levels of assessment
– STM32L4 devices are certifiable up to Level 1.
– STM32L5 devices with TF-M are certifiable up to Level 2.
– STM32U5 and STM32H5 devices with TF-M are certifiable up to Level 3.
– To achieve Arm PSA certifiable security level, refer to the user manual STM32U585 security
guidance for PSA Certified™ Level 3 with SESIP Profile (UM2852).
• SESIP (security evaluation standard for IoT platforms), international methodology adopted by several major
security evaluation labs, five levels
– Systems using SBSFU or TF-M are compliant to Level 3 with STM32L4, STM32L4+, STM32L5,
STM32H5, and STM32U5 devices.
• PCI (payment card information), important security standard focusing on point of sale (POS) applications
– Good record of successful evaluation of systems using for example STM32L4 devices
AN5156
Product certifications
AN5156 - Rev 8
page 26/56
To Next Page
Loading...
Need help?
General
