SBSFU configuration AN5056
22/49 AN5056 Rev 8
Figure 16. Switching the cryptographic scheme
Note: For the B-L4S5I-IOT01A STSAFE and KMS variants, the
SECBOOT_X509_ECDSA_WITHOUT_ENCRYPT_SHA256 cryptographic scheme is
selected.
For the external Flash memory variant with on-the-fly decryption (OTFDEC), the
SECBOOT_ECCDSA_WITH_AES128_CTR_SHA256 cryptographic scheme is selected.
4.3 Security configuration
The SBSFU example is delivered with STM32 security protection configuration allowing
protection secrets against both outer and inner attacks.
STM32 security peripherals can be deactivated independently as per the user’s decision to
achieve a different protection level (For example with STM32L4 Series devices, firewall and
PCROP allow the activation of protections against inner attacks). Any STM32 security
configuration modification requires a security protection evaluation at the system product
level to ensure that protections are well set according to product constraints and
specifications.
During the development phase, the disabling of all IPs may be required for making
debugging easier.
Figure 17 shows the various security configuration solutions available in file app_sfu.h for
the STM32L4 Series and STM32L0 Series.
To Next Page
