UM2262 Rev 6 37/94
UM2262 Package description
93
6.2.1 STM32CubeHAL
The HAL driver layer provides a generic multi instance simple set of APIs (application
programming interfaces) to interact with the upper layers (application, libraries and
stacks). It is composed of generic and extension APIs. It is directly built around a
generic architecture and allows the layers that are built upon, such as the middleware
layer, implementing their functionalities without dependencies on the specific hardware
configuration for a given microcontroller unit (MCU).
This structure improves the library code reusability and guarantees an easy portability
onto other devices.
6.2.2 Board support package (BSP)
The software package needs to support the peripherals on the STM32 boards apart
from the MCU. This software is included in the board support package (BSP). This is a
limited set of APIs which provides a programming interface for certain board specific
peripherals such as the LED and the User button.
6.2.3 Cryptographic Library
Two different cryptographic middleware are supported:
• X-CUBE-CRYPTOLIB supports symmetric and asymmetric key approaches (AES-
GCM, AES-CBC, ECDSA) as well as hash computation (SHA256) for decryption and
verification. SW cryptographic functions are used to avoid storing secret keys in HW
Crypto IP registers that are not protected.
• mbed TLS cryptographic services delivered as open source code. Similarly as for
X-CUBE-CRYPTOLIB, symmetric and asymmetric key approaches (AES-GCM,
AES-CBC, ECDSA) as well as hash computation (SHA256) for decryption and
verification are supported. Examples are provided for the 32L496GDISCOVERY,
B-L475E-IOT01A, 32F413HDISCOVERY, and 32F769IDISCOVERY boards under
folder 2_Images_OSC.
6.2.4 Secure Engine (SE) middleware
The Secure Engine middleware provides a protected environment to manage all critical data
and operations (such as cryptography operations accessing firmware encryption key, and
others). Protected code and data are accessible through a single entry point (call gate
mechanism) and it is therefore not possible to run or access any SE code or data without
passing through it, otherwise a system reset is generated (refer to
Appendix A to get details
about call gate mechanism).
Note: Secure Engine critical operations can be extended with other functions depending on user
application needs. Only trusted code is to be added to the Secure Engine environment
because it has access to the secrets.
6.2.5 Key management services (KMS) middleware
The secure key management services provide cryptographic services to the user
application through the PKCS #11 APIs (KEY ID based APIs) that are executed inside the
secure enclave. User Application keys are stored in the secure enclave and can be updated
in a secure way (authenticity check, decryption, and integrity check before update).
To Next Page
Loading...
Need help?
General
