-
• Guarantee unique boot entry on SB application:
– Use HDP if available.
– Use RDP level 2 and disable boot pin selection.
3.3 Securely update the firmware in the field.
• Implement a SFU application with cryptography.
• Apply relevant secure memory protection around the SFU secret data (refer to previous sections).
4. Communication and authentication: cryptography
-
4.1 Communicate securely.
• Use or implement secure communication stacks relying on cryptography for confidentiality and authentication
(such as TLS for Ethernet).
4.2 Use the ST AES/DES/SHA cryptographic functions with STM32 devices.
• Use only official software implementation by ST with STM32 X-CUBE-CRYPTOLIB.
4.3 Accelerate AES/DES/SHA cryptographic functions.
• Use device with cryptographic hardware peripheral together with official STM32 X-CUBE-CRYPTOLIB.
• Use OTFDEC to access AES-ciphered code in the external memory without latency penalty.
4.4 Generate random data.
• Use RNG embedded in the STM32 devices.
4.5 Uniquely identify ST microcontrollers.
• Use STM32 96-bit unique ID.
4.6 Authenticate a product device.
• Embed a shared encryption key in the device, and exchange encrypted message.
4.7 Uniquely authenticate a device.
• Embed a device private key and its certificate in the device, and exchange encrypted message.
4.8 Authenticate communication servers.
• Embed a shared encryption key in the device, and exchange encrypted message.
• Embed server public key in the device, and exchange encrypted message.
AN5156
Guidelines
AN5156 - Rev 8
page 43/56
To Next Page
Loading...
