UM2262 Rev 6 35/94
UM2262 Package description
93
6 Package description
This section details the X-CUBE-SBSFU package content and the way to use it.
6.1 General description
X-CUBE-SBSFU is a software package for STM32 microcontrollers.
It provides a complete solution to build Secure Boot and Secure Firmware Update
applications:
• Support of symmetric and asymmetric cryptography approaches with the AES-GCM,
AES-CBC, and ECDSA algorithms for decryption, verification, or both with the use of
X-CUBE-CRYPTOLIB.
• Support of X509 certificate chain verification of firmware image and firmware
updates.
(a)
• Two modes of operation:
– The dual-image mode, which enables safe image programming, with resume
capability in case of an interruption of the installation procedure
– The single-image mode, which maximizes the user application size
• Integration of security peripherals and mechanisms in order to implement a SBSFU
Root of Trust. RDP, WRP, PCROP, firewall, MPU, secure user memory, tamper, and
IWDG are combined to achieve the highest security level
(b)
.
• Use of a Secure Engine (SE) module as part of the middleware in order to provide a
protected environment managing all critical data and operations such as secure key
storage, cryptographic operations and others.
• Integration of secure key management services (KMS) offering symmetric and
asymmetric cryptographic services via the PKCS #11 11 APIs and offering secure key
storage, update services.
• Integration of the STSAFE-A100 secure element to provide the system with a tamper
resistant (CC EAL5+ AVA_VAN5 Common Criteria certified) Root of Trust, to offload
the host MCU of ECDSA cryptographic operations and simplify key provisioning during
manufacturing.
• Availability of the user application example source code.
• Availability of the firmware image preparation tool, provided both as executable and
source code.
X-CUBE-SBSFU is ported on the STM32F4 Series, STM32F7 Series, STM32G0 Series,
STM32G4 Series, STM32H7 Series, STM32L0 Series, STM32L1 Series, STM32L4 Series,
and STM32WB Series. X-CUBE-SBSFU is also ported on the STM32L4 Series combined
with STSAFE-A100, the X-NUCLEO-SAFEA1A expansion board is supported for STSAFE-
A100.
The package includes sample applications that the developer can use to start experimenting
with the code.
a. Specific to the STSAFE-A100.
b. The availability of security IPs depends on the STM32 Series.
To Next Page
Loading...
Need help?
General
