STM32 expansion software from STMicroelectronics simplifies security implementation on IoT endpoints

Consolidating secure boot, secure firmware update, and secure-engine services in a STM32Cube expansion software package, X-CUBE-SBSFU v.2.0 from STMicroelectronics is designed to help product developers fully utilise the security features of STM32 microcontrollers to protect connected devices like IoT endpoints and help manage their life-cycle.

By establishing a root of trust in the microcontroller, X-CUBE-SBSFU Secure Boot enables protection of intellectual property. Secure Boot checks and activates the STM32’s built-in security mechanisms, and checks the authenticity and integrity of user application code before every execution to prevent invalid or malicious code from running. The trusted device can then safely take part in mutual authentication when connecting remotely to a network, in accordance with well-known security best practices.

The secure firmware-update functionality aids lifetime device management – applying fixes, functional upgrades, and security updates to cover the latest cyber threats by handling secure loading and safe programming of firmware. The secure loader supports multiple recognised digital-signature (ECDSA or AES methods) and cryptography (AES-GCM) algorithms to receive, authenticate, and decrypt the encrypted firmware image, and check the integrity of the code. The safe programming supports both single-image update for maximum user-application size and dual-image update giving extra flexibility to support anti-rollback during image installation and Over-The-Air (OTA) firmware download.

In addition, X-CUBE-SBSFU secure-engine services maintain a protected environment for storing critical data such as cryptographic keys and executing cryptographic algorithms.

For further information, click here.

Author
Bethan Grylls