February 2020 UM2262 Rev 6 1/94
1
UM2262
User manual
Getting started with the X-CUBE-SBSFU
STM32Cube Expansion Package
Introduction
This user manual describes how to get started with the X-CUBE-SBSFU STM32Cube
Expansion Package.
The X-CUBE-SBSFU Secure Boot and Secure Firmware Update
solution allows the update
of the STM32 microcontroller built-in program with new firmware versions, adding new
features and correcting potential issues. The update process is performed in a secure way
to prevent unauthorized updates and access to confidential on-device data.
The Secure Boot (Root of Trust services) is a
n immutable code, always executed after a
system reset, that checks STM32 static protections, activates STM32 runtime protections
and then verifies the authenticity and integrity of user application code before every
execution in order to ensure that invalid or malicious code cannot be run.
The Secure Firmware Update application receives the
firmware image via a UART interface
with the Ymodem protocol, checks its authenticity, and checks the integrity of the code
before installing it. The firmware update is done on the complete firmware image, or only on
a portion of the firmware image. Examples are provided for single firmware image
configuration in order to maximize firmware image size, and for dual firmware image
configuration in order to ensure safe image installation and enable over-the-air firmware
update capability commonly used in IoT devices. Examples can be configured to use
asymmetric or symmetric cryptographic schemes with or without firmware encryption.
The secure key management services provide cryptog
raphic services to the user
application through the PKCS #11 APIs (KEY ID-based APIs) that are executed inside a
protected and isolated environment. User application keys are stored in the protected and
isolated environment for their secured update: authenticity check, data decryption and data
integrity check.
STSAFE-A100 is a tamper-resistant secure eleme
nt (HW Common Criteria EAL5+ certified)
used to host X509 certificates and keys, and perform verifications that are used for firmware
image authentication during Secure Boot and Secure Firmware Update procedures.
X-CUBE-SBSFU is built on top of STM32Cube software technology
, making the portability
across different STM32 microcontrollers easy. It is provided as reference code to
demonstrate best use of STM32 security protections.
X-CUBE-SBSFU is classified ECCN 5D002.
www.st.com
To Next Page
Need help?
General
