ST STM32WB Series

To Next Page

To Previous Page

8 Conclusion

No system can be made secure by simply enabling security features in the hardware. Security must be rooted

in the architecture of the complete solution.

The threats must be identified, the countermeasures correctly designed and implemented in synergy with other

security features.

As security demands considerable resources, it is important to correctly evaluate the risks, and spend

the resources efficiently, keeping in mind the cost of attack and the value of the protected asset.

The concept of root of trust is pivotal because it uses a more hierarchic and centralized approach, as opposed to

attempting to apply security ad hoc.

With the STM32 microcontrollers, the embedded and IoT security is very cost-effective and robust.

AN5156

Conclusion

AN5156 - Rev 8

page 44/56

Main Page

General Information2
Table 2. Glossary2
Overview5
Security Purpose5
Figure 1. Corrupted Connected Device Threat5
Table 3. Assets to be Protected6
Attack Types7
Introduction to Attack Types7
Software Attacks8
Table 4. Attacks Types and Costs8
Hardware Attacks9
Non-Invasive Attacks10
Silicon Invasive Attacks11
Iot System Attack Examples12
Figure 2. Iot System12
List of Attack Targets13
Device Protections16
Configuration Protection16
Trustzone ® for Armv8-M Architecture16
Dual-Core Architecture17
Figure 3. Armv8-M Trustzone® Execution Modes17
Figure 4. Simplified Diagram of Dual-Core System Architecture17
Memory Protections18
Figure 5. Memory Types18
System Flash Memory19
User Flash Memory19
Embedded SRAM19
External Flash Memories20
STM32 Memory Protections21
Software Isolation21
Debug Port and Other Interface Protection21
Boot Protection22
System Monitoring22
Secure Applications23
Secure Firmware Install (SFI)23
Root and Chain of Trust23
Stmicroelectronics Proprietary SBSFU Solution23
Secure Boot (SB)23
Secure Firmware Update (SFU)24
Figure 6. Secure Boot FSM24
Configurations25
Arm TF-M Solution25
Figure 7. Secure Server/Device SFU Architecture25
Product Certifications26
Table 8. Basic Feature Differences of Trustzone-Based Secure Software26
STM32 Security Features27
Overview of Security Features27
Static and Dynamic Protections27
Security Features by STM32 Devices27
Table 10. Security Features for STM32L0/1/4/4+, STM32WB, STM32WL Devices28
Readout Protection (RDP)29
Table 11. Security Features for STM32L5, STM32U5, STM32H503/5, Stm32H72X/73/74X/75, Stm32H7Ax/7Bx, STM32F7 Devices29
Figure 8. Example of RDP Protections (STM32L4 Series)30
Lifecycle Management-Product State31
Table 12. RDP Protections31
One-Time Programmable (OTP)32
Trustzone32
Core State33
Secure Attribution Unit (SAU)33
Figure 9. Trustzone® Implementation at System Level33
Memory and Peripheral Protections34
Flash Memory Write Protection (WRP)34
Execute-Only Firmware (PCROP)34
Secure Hide Protection (HDP)35
Firewall35
Figure 10. HDP Protected Firmware Access35
Figure 11. Firewall FSM36
Figure 12. Firewall Application Example36
Memory Protection Unit (MPU)37
Table 13. Attributes and Access Permission Managed by MPU37
Customer Key Storage (CKS)38
Table 14. Process Isolation38
Figure 13. Dual-Core Architecture with CKS Service38
Antitamper (Tamp)/Backup Registers (BKP)39
Clock Security System (CSS)39
Power Monitoring (PVD)39
Memory Integrity Hardware Check39
Independent Watchdog (IWDG)40
Device ID40
Cryptography40
Hardware Accelerators40
Cryptolib Software Library40
On-The-Fly Decryption Engine (OTFDEC)41
Figure 14. Typical OTFDEC Configuration41
Guidelines42
Table 15. Security Use Cases42
Conclusion44
Appendix A Cryptography - Main Concepts45
Secret Key Algorithms45
Figure 15. Symmetric Cryptography45
Public Key Algorithms (PKA)46
Figure 16. Signature46
Figure 17. PKA Encryption46
Hash Algorithms47
MAC or Signature and Certificate47
Figure 18. Message Hashing47
Figure 19. MAC Generation with Secrete Key Algorithm47
Figure 20. Signature Generation with Public Key Algorithm48
Revision History49
Table 1. Applicable Products49
Table 16. Document Revision History49
Table 5. Memory Types and Associated Protection50
Table 6. Scope of STM32 Embedded Memory Protection Features50
Table 7. Software Isolation Mechanism50
Table 9. Security Features for STM32C0, STM32F0/1/2/3/4, STM32G0/4 Devices50

Table of Contents

Other manuals for ST STM32WB Series

Related product manuals