STM32 Expansion Software Simplifies Security Implementation on IoT Endpoints


Consolidating secure boot, secure firmware update, and secure-engine services in a convenient STM32Cube expansion software package, X-CUBE-SBSFU v.2.0 from STMicroelectronics helps product developers fully utilize the security features of STM32 microcontrollers to protect connected devices like IoT endpoints and help manage their life-cycle.

By establishing a root of trust in the microcontroller, X-CUBE-SBSFU Secure Boot enables protection of intellectual property. Secure Boot checks and activates the STM32’s built-in security mechanisms, and checks the authenticity and integrity of user application code before every execution to prevent invalid or malicious code from running. The trusted device can then safely take part in mutual authentication when connecting remotely to a network, in accordance with well-known security best practices.

The secure firmware-update functionality aids lifetime device management – applying fixes, functional upgrades, and security updates to cover the latest cyber threats — by handling secure loading and safe programming of firmware. The secure loader supports multiple recognized digital-signature (ECDSA or AES methods) and cryptography (AES-GCM) algorithms to receive, authenticate, and decrypt the encrypted firmware image, and check the integrity of the code. The safe programming supports both single-image update for maximum user-application size and dual-image update giving extra flexibility to support anti-rollback during image installation and Over-The-Air (OTA) firmware download.

In addition, X-CUBE-SBSFU secure-engine services maintain a protected environment for storing critical data such as cryptographic keys and executing cryptographic algorithms, thus completing a comprehensive package for protecting connected devices and securing IoT networks.

The X-CUBE-SBSFU expansion software package is delivered as a free-of-charge reference library, available under Software License Agreement, and comes with technical literature to aid implementation of best-in-class protection demonstrating state-of-the-art usage of STM32L4 and STM32L4+ security features. Built upon ST’s STM32Cube software technology, it will simplify portability throughout the extensive STM32 family that comprises over 800 devices offering a wide range of performance, memory density, feature-integration, I/O, and connectivity options. An X-CUBE-SBSFU package update will be introduced to give code references to the other STM32 series.

For further information, and to download X-CUBE-SBSFU free of charge, please visit