Is it possible to transform security on embedded systems from a burden to a blessing? It’s the question ST is trying to answer with STM32Trust, an initiative that focuses on all the software and hardware solutions we bring to improve the security of our devices. Information security, or InfoSec, can be a burden because it is such a vast domain. Hence, helping engineers means making ST tools more accessible. Indeed, taking advantage of all the features that a system offers is not always evident. Moreover, the need to acquire stringent certifications can increase costs and delay product launches. Developers thus need solutions to implement vital protections faster.
How It Started and How It’s Going
STM32Trust is a program that keeps growing as ST releases more software tools and products over time. Started in 2019, the initiative also helps educate developers to ensure their knowledge is up to date. As a result, ST holds training, publishes papers, writes documentation, and works with partners to facilitate the obtention of certifications. In other words, exhaustively explaining all the aspects of STM32Trust in one blog post would be futile, which is why The ST Blog decided to focus on a few core solutions to help readers better visualize how they can implement security into their system.
One of the core solutions in STM32Trust is X-CUBE-SBSFU (Secure Boot and Secure Firmware Update). Put simply, the software expansion package enables developers to implement a secure boot and offers a secure firmware update system. It is one of the prominent pillars of STM32Trust alongside our Secure Firmware Installation (SFI) process. The latter enables the upload of encrypted firmware into the microcontroller to protect from IP theft, among other things. And while SBSFU and SFI were predominant when ST launched STM32Trust, we added new solutions to our portfolio. For instance, Trusted Firmware-M (TF-M) helps implement a secure environment on our STM32L5 microcontrollers. Similarly, Trusted Firmware-A (TF-A) works on Cortex-A devices, such as the STM32MP1. Let us, therefore, delve into these offerings and see what they bring to STM32Trust.
STM32Trust and X-CUBE-SBSFU: Fashioning Secure Boot and Secure Firmware Update
Protecting Users From Start to Finish
Secure Boot is a program that runs at startup or reset to verify the integrity of the boot files by checking file size or signature to determine if anything changed. It thus protects the system from attacks that want to compromise the firmware during the boot sequence. Another type of protection is a secure firmware update. This method shields users from attacks that modify the existing system remotely. Indeed, when a server sends a partial or complete encrypted firmware image update, the embedded system transmits it via UART to the MCU, the system checks its authenticity and then decrypts it before installing it.
Secure Boot is a program that runs at startup or reset to verify the integrity of the boot files by checking file size or signature to determine if anything changed. It thus protects the system from attacks that want to compromise the firmware during the boot sequence. Another type of protection is a secure firmware update. This method shields users from attacks that modify the existing system remotely. Indeed, when a server sends a partial or complete encrypted firmware image update, the embedded system transmits it via UART to the MCU, the system checks its authenticity, and then decrypts it before installing it.
STM32Trust and SFI: Bringing Secure Firmware Install
Protecting Intellectual Property and Preventing Theft
Secure Firmware Install is a mechanism that protects a customer’s binary from malicious activities. Very often, companies must rely on a third party to assemble their final product. The problem is that it can cause a great deal of anxiety and uncertainty. A rogue employee on the assembly line, or hackers, could steal the firmware, leading to catastrophic consequences. A secure firmware install protects against it by encrypting the firmware before shipping it to the OEM. Since decryption happens when the code is inside the MCU, the IP remains safe, and any stolen firmware is useless. Additionally, companies can even use this technique to track the number of firmware installations to monitor any product theft.
A Smart Card and STM32CubeProgrammer
SFI relies primarily on two tools. Developers encrypt their firmware with the Trusted Package Creator utility available within the STM32CubeProgrammer software and place their private keys and certificates in a secure hardware module that takes the form of a smart card.
Teams then ship the encrypted binary and smart card to the EMS. Assembly lines upload the firmware and keys over UART, I<sup>2</sup>C, USB, or JTAG via STM32CubeProgrammer. The smart card then validates everything by authenticating the MCU and getting its unique key. The card also sends a private key to decrypt the binary and generate an individual license for each product. The license enables the upload system to track the precise number of installs. Finally, ST recently released a new version of its smart card that allows companies to define their target device. Previously, the model of the MCU was set up in advance. With the new version, companies can load it to enjoy a more flexible system.
For more information, visit www.st.com