ST X-CUBE-SBSFU User manual
February 2020 UM2262 Rev 6 1/94
1
UM2262
User manual
Getting started with the X-CUBE-SBSFU
STM32Cube Expansion Package
Introduction
This user manual describes how to get started with the X-CUBE-SBSFU STM32Cube
Expansion Package.
The X-CUBE-SBSFU Secure Boot and Secure Firmware Update solution allows the update
of the STM32 microcontroller built-in program with new firmware versions, adding new
features and correcting potential issues. The update process is performed in a secure way
to prevent unauthorized updates and access to confidential on-device data.
The Secure Boot (Root of Trust services) is an immutable code, always executed after a
system reset, that checks STM32 static protections, activates STM32 runtime protections
and then verifies the authenticity and integrity of user application code before every
execution in order to ensure that invalid or malicious code cannot be run.
The Secure Firmware Update application receives the firmware image via a UART interface
with the Ymodem protocol, checks its authenticity, and checks the integrity of the code
before installing it. The firmware update is done on the complete firmware image, or only on
a portion of the firmware image. Examples are provided for single firmware image
configuration in order to maximize firmware image size, and for dual firmware image
configuration in order to ensure safe image installation and enable over-the-air firmware
update capability commonly used in IoT devices. Examples can be configured to use
asymmetric or symmetric cryptographic schemes with or without firmware encryption.
The secure key management services provide cryptographic services to the user
application through the PKCS #11 APIs (KEY ID-based APIs) that are executed inside a
protected and isolated environment. User application keys are stored in the protected and
isolated environment for their secured update: authenticity check, data decryption and data
integrity check.
STSAFE-A100 is a tamper-resistant secure element (HW Common Criteria EAL5+ certified)
used to host X509 certificates and keys, and perform verifications that are used for firmware
image authentication during Secure Boot and Secure Firmware Update procedures.
X-CUBE-SBSFU is built on top of STM32Cube software technology, making the portability
across different STM32 microcontrollers easy. It is provided as reference code to
demonstrate best use of STM32 security protections.
X-CUBE-SBSFU is classified ECCN 5D002.
www.st.com
Contents UM2262
2/94 UM2262 Rev 6
Contents
1 General information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.1 Terms and definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
1.2 References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .11
2 STM32Cube overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3 Secure Boot and Secure Firmware Update (SBSFU) . . . . . . . . . . . . . . 14
3.1 Product security introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.2 Secure Boot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
3.3 Secure Firmware Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
3.4 Cryptography operations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4 Key management services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
5 Protection measures and security strategy . . . . . . . . . . . . . . . . . . . . . 20
5.1 STM32L4 Series and STM32L0 Series . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.2 STM32F4 Series, STM32F7 Series and STM32L1 Series . . . . . . . . . . . . 24
5.3 STM32G0 Series, STM32G4 Series and STM32H7 Series . . . . . . . . . . . 26
5.4 STM32WB Series . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
5.5 STM32L4 Series combined with STSAFE-A100 . . . . . . . . . . . . . . . . . . . 32
6 Package description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
6.1 General description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
6.2 Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
6.2.1 STM32CubeHAL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
6.2.2 Board support package (BSP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
6.2.3 Cryptographic Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
6.2.4 Secure Engine (SE) middleware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
6.2.5 Key management services (KMS) middleware . . . . . . . . . . . . . . . . . . . 37
6.2.6 STSAFE-A middleware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
6.2.7 Secure Boot and Secure Firmware Upgrade (SBSFU) application . . . . 39
6.2.8 User application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
6.3 Folder structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
UM2262 Rev 6 3/94
UM2262 Contents
5
6.4 APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
6.5 Application compilation process with IAR™ toolchain . . . . . . . . . . . . . . . 42
7 Hardware and software environment setup . . . . . . . . . . . . . . . . . . . . . 44
7.1 Hardware setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
7.2 Software setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
7.2.1 Development toolchains and compilers . . . . . . . . . . . . . . . . . . . . . . . . . 44
7.2.2 Software tools for programming STM32 microcontrollers . . . . . . . . . . . 44
7.2.3 Terminal emulator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
7.2.4 X-CUBE-SBSFU firmware image preparation tool . . . . . . . . . . . . . . . . 45
8 Step-by-step execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
8.1 STM32 board preparation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
8.2 Application compilation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
8.3 Tera Term connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
8.3.1 ST-LINK disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
8.3.2 Tera Term launch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
8.3.3 Tera Term configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
8.3.4 Welcome screen display . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
8.4 SBSFU application execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
8.4.1 Download request . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
8.4.2 Send firmware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
8.4.3 File transfer completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
8.4.4 System restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
8.5 User application execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
8.5.1 Download a new firmware image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
8.5.2 Test protections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
8.5.3 Test Secure Engine user code . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
9 Understanding the last execution status message at boot-up . . . . . . 58
Appendix A Secure Engine protected environment . . . . . . . . . . . . . . . . . . . . . . 60
A.1 Firewall-based Secure Engine Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . 61
A.1.1 SE core call gate mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
A.1.2 SE interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
A.2 MPU-based Secure Engine Isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Contents UM2262
4/94 UM2262 Rev 6
A.2.1 Principle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
A.2.2 Constraints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Appendix B Dual-image handling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
B.1 Elements and roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
B.2 Mapping definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 69
Appendix C Single-image handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
C.1 Elements and roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
C.2 Mapping definition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Appendix D Cryptographic schemes handling . . . . . . . . . . . . . . . . . . . . . . . . . . 71
D.1 Cryptographic schemes contained in this package. . . . . . . . . . . . . . . . . . 71
D.2 Asymmetric verification and symmetric encryption schemes . . . . . . . . . . 72
D.3 Symmetric verification and encryption scheme. . . . . . . . . . . . . . . . . . . . . 73
D.4 X509 certificate-based asymmetric scheme without firmware encryption. 74
D.5 Secure Boot and Secure Firmware Update flow . . . . . . . . . . . . . . . . . . . . 76
Appendix E Firmware image preparation tool . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
E.1 Tool location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
E.2 Inputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
E.3 Outputs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
E.4 IDE integration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
E.5 Partial Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Appendix F KMS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
F.1 Key update process description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
F.2 SBSFU static keys generation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
F.3 UserApp menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Appendix G SBSFU with STM32 and STSAFE-A100 . . . . . . . . . . . . . . . . . . . . . . 84
G.1 Introduction to STSAFE-A100. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
G.2 Certificate generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
G.3 STSAFE-A100 provisioning. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
G.4 STM32 and firmware image provisioning . . . . . . . . . . . . . . . . . . . . . . . . . 87
UM2262 Rev 6 5/94
UM2262 Contents
5
G.5 STSAFE-A100 ordering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Appendix H STM32WB Series specificities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
H.1 Compilation process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
H.2 Key provisioning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Appendix I STM32H7 Series specificities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
I.1 JTAG connection for STM32H753 devices . . . . . . . . . . . . . . . . . . . . . . . . 89
I.2 JTAG connection for STM32H7B3 devices . . . . . . . . . . . . . . . . . . . . . . . . 89
I.3 External Flash on STM32H7B3 devices . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Revision history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
List of tables UM2262
6/94 UM2262 Rev 6
List of tables
Table 1. List of acronyms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Table 2. List of terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Table 3. Cryptographic scheme comparison . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Table 4. MPU regions in the STM32F4 Series, STM32F7 Series and STM32L1 Series . . . . . . . . . 26
Table 5. MPU regions in the STM32G0 Series, STM32G4 Series and STM32H7 Series . . . . . . . . 28
Table 6. Error messages at boot-up . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Table 7. MPU regions for Secure Engine isolation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Table 8. Cryptographic scheme list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Table 9. Document revision history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
UM2262 Rev 6 7/94
UM2262 List of figures
8
List of figures
Figure 1. Secure Boot Root of Trust . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Figure 2. Typical in-field device update scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Figure 3. KMS functions overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Figure 4. SBSFU security IPs vs. STM32 Series (1 of 2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Figure 5. SBSFU security IPs vs. STM32 Series (2 of 2). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Figure 6. STM32L4 and STM32L0 protection overview during SBSFU execution . . . . . . . . . . . . . . 22
Figure 7. STM32F4, STM32F7 and STM32L1 protection overview during SBSFU execution . . . . . 24
Figure 8. STM32G0, STM32G4 and STM32H7 protection overview during SBSFU execution. . . . . 26
Figure 9. STM32G0, STM32G4, and STM32H7 protection overview
during user application execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Figure 10. STM32WB protection overview during SBSFU execution . . . . . . . . . . . . . . . . . . . . . . . . . 30
Figure 11. STM32L4 / STSAFE-A100 protection overview during SBSFU execution . . . . . . . . . . . . . 32
Figure 12. Software architecture overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Figure 13. Project folder structure (1 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Figure 14. Project folder structure (2 of 2) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Figure 15. Application compilation steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Figure 16. Firmware image preparation tool IDE integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Figure 17. Step-by-step execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Figure 18. STM32 board preparation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Figure 19. STM32CubeProgrammer connection menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Figure 20. STM32CubeProgrammer Option bytes screen. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Figure 21. STM32CubeProgrammer erasing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Figure 22. Tera Term connection screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Figure 23. Tera Term setup screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
Figure 24. SBSFU welcome screen display. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Figure 25. SBSFU encrypted firmware transfer start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Figure 26. SBSFU encrypted firmware transfer in progress . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Figure 27. SBSFU reboot after encrypted firmware transfer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Figure 28. User application execution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Figure 29. Encrypted firmware download via user application. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Figure 30. User application test protection menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Figure 31. Firewall call gate mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Figure 32. Secure Engine call-gate mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Figure 33. Secure Engine interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Figure 34. SBSFU running in unprivileged level of software execution for standard operations . . . . . 64
Figure 35. SBSFU requesting a Secure Engine service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Figure 36. Exiting a Secure Engine service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Figure 37. Internal user Flash mapping (example of the NUCLEO-L476RG with 512-byte headers) . 68
Figure 38. User application vector table (example of the STM32L4 Series) . . . . . . . . . . . . . . . . . . . . 69
Figure 39. Asymmetric verification and symmetric encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Figure 40. Symmetric verification and encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Figure 41. X509 asymmetric verification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Figure 42. Certificate chain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Figure 43. SBSFU dual-image boot flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Figure 44. SBSFU single-image boot flows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Figure 45. Encrypted object creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Figure 46. Secure update procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Figure 47. KMS key storage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
List of figures UM2262
8/94 UM2262 Rev 6
Figure 48. KMS menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Figure 49. Certificate chain overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Figure 50. Pairing key and certificate provisioning overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Figure 51. Batch files using openssl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 86
Figure 52. Provisioning in STM32 and firmware image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Figure 53. Compile with Loader integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Figure 54. JTAG connection capability on STM32H753 devices. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Figure 55. JTAG connection capability on STM32H7B3 devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Figure 56. STM32H7B3: MPU isolation + secure user memory, with external Flash . . . . . . . . . . . . . 90
Figure 57. Memory mapping for STM32H7B3 devices with external Flash . . . . . . . . . . . . . . . . . . . . . 91
UM2262 Rev 6 9/94
UM2262 General information
93
1 General information
The X-CUBE-SBSFU Expansion Package comes with examples running on the STM32L4
Series, STM32F4 Series, STM32F7 Series, STM32G0 Series, STM32G4 Series, STM32H7
Series, STM32L0 Series, STM32L1 Series, and STM32WB Series. An example combining
STM32 microcontroller and STSAFE-A100 is also provided for the STM32L4 Series.
X-CUBE-SBSFU is provided as reference code for standalone STM32 system solution
examples demonstrating best use of STM32 protections to protect assets against
unauthorized external and internal access. X-CUBE-SBSFU proposes also a system
solution example combining STM32 and STSAFE-A100, which demonstrates HW Secure
Element protections for secure authentication services and secure data storage.
X-CUBE-SBSFU is a starting point for OEMs to develop their own SBSFU as a function of
their product security requirement levels.
The X-CUBE-SBSFU Secure Boot and Secure Firmware Update Expansion Package runs
on STM32 32-bit microcontrollers based on the Arm®(a) Cortex®-M processor.
1.1 Terms and definitions
Table 1 presents the definition of acronyms that are relevant for a better understanding of
this document.
a. Arm is a registered trademark of Arm Limited (or its subsidiaries) in the US and/or elsewhere.
Table 1. List of acronyms
Acronym Description
AAD Additional authenticated data
AES Advanced encryption standard
CBC AES cipher block chaining
CKS Customer key storage
CTR AES counter-based cipher mode
DMA Direct memory access
DSA Digital signature algorithm
ECC Elliptic curve cryptography
ECCN Export control classification number
ECDSA Elliptic curve digital signature algorithm
FSM Finite-state machine
GCM AES Galois/counter mode
GUI Graphical user interface
HAL Hardware abstraction layer
General information UM2262
10/94 UM2262 Rev 6
Table 2 presents the definition of terms that are relevant for a better understanding of this
document.
IDE Integrated development environment
IV Initialization vector
IWDG Independent watch dog
FW Firmware
FWALL Firewall
KMS Key management services
MAC Message authentication code
MCU Microcontroller unit
MPU Memory protection unit
NONCE Number used only once
OTFDEC On-the-fly decryption
PCROP Proprietary code read out protection
PEM Privacy enhanced mail
RDP Read protection
SB Secure Boot
SE Secure Engine
SFU Secure Firmware Update
SM State machine
UART Universal asynchronous receiver/transmitter
UUID Universally unique identifier
WRP Write protection
Table 2. List of terms
Term Description
Firmware image A binary image (executable) run by the device as user application.
Firmware header Bundle of meta-data describing the firmware image to be installed. It contains
firmware information and cryptographic information.
mbedTLS mbed implementation of the TLS and SSL protocols and the respective
cryptographic algorithms.
sfb file Binary file packing the firmware header and the firmware image.
Table 1. List of acronyms (continued)
Acronym Description
UM2262 Rev 6 11/94
UM2262 General information
93
1.2 References
STMicroelectronics related documents
Public documents are available on line from STMicroelectronics web site at www.st.com.
Contact STMicroelectronics when more information is needed.
1. Integration guide for the X-CUBE-SBSFU STM32Cube Expansion Package (AN5056)
2. Introduction to STM32 microcontrollers security application note (AN5156)
3. STM32CubeProgrammer software description user manual (UM2237)
4. Authentication, state-of-the-art security for peripherals and IoT devices data sheet
(DS12911)
Other documents
5. PKCS #11 Cryptographic Token Interface Base Specification Version 2.40 Plus Errata
http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/os/pkcs11-curr-v2.40-os.html
STM32Cube overview UM2262
12/94 UM2262 Rev 6
2 STM32Cube overview
What is STM32Cube?
STM32Cube is an STMicroelectronics original initiative to significantly improve designer's
productivity by reducing development effort, time and cost. STM32Cube covers the whole
STM32 portfolio.
STM32Cube includes:
•A set of user-friendly software development tools to cover project development from
the conception to the realization, among which:
– STM32CubeMX, a graphical software configuration tool that allows the automatic
generation of C initialization code using graphical wizards
– STM32CubeIDE, an all-in-one development tool with peripheral configuration,
code generation, code compilation, and debug features
– STM32CubeProgrammer (STM32CubeProg), a programming tool available in
graphical and command-line versions
– STM32CubeMonitor-Power (STM32CubeMonPwr), a monitoring tool to measure
and help in the optimization of the power consumption of the MCU
•STM32Cube MCU & MPU Packages, comprehensive embedded-software platforms
specific to each microcontroller and microprocessor series (such as STM32CubeL4 for
the STM32L4 Series), which include:
– STM32Cube hardware abstraction layer (HAL), ensuring maximized portability
across the STM32 portfolio
– STM32Cube low-layer APIs, ensuring the best performance and footprints with a
high degree of user control over the HW
– A consistent set of middleware components such as FAT file system, RTOS, USB
Host and Device, TCP/IP, Touch library, and Graphics
– All embedded software utilities with full sets of peripheral and applicative
examples
•STM32Cube Expansion Packages, which contain embedded software components
that complement the functionalities of the STM32Cube MCU & MPU Packages with:
– Middleware extensions and applicative layers
– Examples running on some specific STMicroelectronics development boards
How does this software complement STM32Cube?
The proposed software is based on the STM32CubeHAL, the hardware abstraction layer for
the STM32 microcontroller. The package extends STM32Cube by providing middleware
components:
•Secure Engine for managing all critical data and operations, such as cryptography
operations accessing firmware encryption key and others
•Key management services offering cryptographic services via PKCS #11 APIs
•STSAFE-A for managing HW Secure Element features
UM2262 Rev 6 13/94
UM2262 STM32Cube overview
93
The package includes different sample applications to provide a complete SBSFU solution:
•SE_CoreBin application: provides a binary including all the "trusted" code.
•Secure Boot and Secure Firmware Upgrade (SBSFU) application:
– Secure Boot (Root of Trust)
– Local download via UART Virtual COM
– FW installation management
•User application:
– Downloads a new firmware in dual-image mode of operation
– Provides examples testing protection mechanisms
– Provides examples using KMS APIs
The sample applications are delivered in dual-image and single-image modes of operation
and can be configured in different cryptographic scheme.
This user manual describes the typical use of the package:
•Based on the NUCLEO-L476RG board
•With sample applications operating in dual-image mode and configured with
asymmetric authentication and symmetric FW encryption
More information about the configuration options and the single-image mode of operation
are provided in the appendices of this document.
Note: The KMS feature is available on the STM32L4 Series with example provided on the B-
L475E-IOT01A board.
The STSAFE-A feature is available on the STM32L4 Series with example provided on the
B-L475E-IOT01A board
Secure Boot and Secure Firmware Update (SBSFU) UM2262
14/94 UM2262 Rev 6
3 Secure Boot and Secure Firmware Update (SBSFU)
3.1 Product security introduction
A device deployed in the field operates in an untrusted environment and it is therefore
subject to threats and attacks. To mitigate the risk of attack, the goal is to allow only
authentic firmware to run on the device. In fact, allowing the update of firmware images to fix
bugs, or introduce new features or countermeasures, is commonplace for connected
devices, but it is prone to attacks if not executed in a secure way.
Consequences may be damaging such as firmware cloning, malicious software download or
device corruption. Security solutions have to be designed in order to protect sensitive data
(potentially even the firmware itself) and critical operations.
Typical countermeasures are based on cryptography (with associated secret key) and on
memory protections:
•Cryptography ensures integrity (the assurance that data has not been corrupted),
authentication (the assurance that a certain entity is who it claims to be) and
confidentiality (the assurance that only authorized users can read sensitive data)
during firmware transfer.
•Memory protection mechanisms prevent external attacks (for example by accessing
the device physically through JTAG) and internal attacks from other embedded
processes.
The following chapters describe solutions implementing confidentiality, integrity and
authentication services to address the most common threats for an IoT end-node device.
3.2 Secure Boot
Secure Boot (SB) asserts the integrity and authenticity of the user application image that is
executed: cryptographic checks are used in order to prevent any unauthorized or
maliciously modified software from running. The Secure Boot process implements a Root of
Trust (refer to Figure 1): starting from this trusted component (1), every other component is
authenticated (2) before its execution (3).
Integrity is verified so as to be sure that the image that is going to be executed has not
been corrupted or maliciously modified.
Authenticity check aims to verify that the firmware image is coming from a trusted and
known source in order to prevent unauthorized entities to install and execute code.
UM2262 Rev 6 15/94
UM2262 Secure Boot and Secure Firmware Update (SBSFU)
93
Figure 1. Secure Boot Root of Trust
3.3 Secure Firmware Update
Secure Firmware Update (SFU) provides a secure implementation of in-field firmware
updates, enabling the download of new firmware images to a device in a secure way.
As shown in Figure 2, two entities are typically involved in a firmware update process:
•Server
– OEM manufacturer server / web service
– Stores the new version of device firmware
– Communicates with the device and sends the new image version in an encrypted
form if it is available
•Device
– Deployed in the field
– Embeds a code running firmware update process.
– Communicates with the server and receives a new firmware image.
– Authenticates, decrypts and installs the new firmware image and executes it.
Figure 2. Typical in-field device update scenario
Secure Boot and Secure Firmware Update (SBSFU) UM2262
16/94 UM2262 Rev 6
Firmware update runs through the following steps:
1. If a firmware update is needed, a new encrypted firmware image is created and stored
in the server.
2. The new encrypted firmware image is sent to the device deployed in the field through
an untrusted channel.
3. The new image is downloaded, checked and installed.
Firmware update can be done on the complete firmware image, or only on a portion of the
firmware image (only for dual-image configuration).
Firmware update is vulnerable to the threats presented in Section 3.1: Product security
introduction: cryptography is used to ensure confidentiality, integrity and authentication.
Confidentiality is implemented so as to protect the firmware image, which may be a key
asset for the manufacturer. The firmware image sent over the untrusted channel is
encrypted so that only devices having access to the encryption key can decrypt the firmware
package.
Integrity is verified so as to be sure that the received image is not corrupted.
Authenticity check aims to verify that the firmware image is coming from a trusted and
known source, in order to prevent unauthorized entities to install and execute code.
3.4 Cryptography operations
The X-CUBE-SBSFU STM32Cube Expansion Package is delivered with four cryptographic
schemes using both asymmetric and symmetric cryptography.
The default cryptographic scheme demonstrates ECDSA asymmetric cryptography for
firmware verification and AES-CBC symmetric cryptography for firmware decryption.
Thanks to asymmetric cryptography, the firmware verification can be performed with public-
key operations so that no secret information is required in the device.
The alternative cryptographic schemes provided in the X-CUBE-SBSFU Expansion
Package are:
•ECDSA asymmetric cryptography for firmware verification with AES-CBC or AES-CTR
symmetric cryptography for firmware encryption
•ECDSA asymmetric cryptography for firmware verification without firmware encryption
•X509 certificate-based ECDSA asymmetric cryptography for firmware verification
without firmware encryption
•AES-GCM symmetric cryptography for both firmware verification and encryption.
Table 3 presents the various security features associated with each of the cryptographic
schemes.
UM2262 Rev 6 17/94
UM2262 Secure Boot and Secure Firmware Update (SBSFU)
93
Table 3. Cryptographic scheme comparison
Features Asymmetric
with AES encryption
Asymmetric
without encryption
X509 certificate-based
asymmetric without
encryption
Symmetric
(AES-GCM)(1)
Confidentiality
AES-CBC encryption,
or AES-CTR
encryption for STM32
MCUs supporting
OTFDEC processing
(FW binary)
None: the user FW is in clear format. AES-GCM encryption
(FW binary)
Integrity SHA256 (FW header and FW binary) AES-GCM Tag
(FW header and FW
binary)
Authentication – SHA256 of the FW header is ECDSA signed
– SHA256 of the FW binary stored in FW header
Cryptographic
keys in device
Private AES-CBC key
(secret)
Public ECDSA key
Public ECDSA key
Public ECDSA key in
X509 certificate chain
(stored in STSAFE-A100)
Private AES-GCM
key (secret)
1. For the symmetric cryptographic scheme, it is highly recommended to configure a unique symmetric key for each product.
Key management services UM2262
18/94 UM2262 Rev 6
4 Key management services
Key management services (KMS) middleware provides cryptographic services through the
standard PKCS #11 APIs (specified by OASIS) allowing to abstract the key value to the
caller (using object ID and not directly the key value). KMS is executed inside a
protected/isolated environment in order to ensure that key value cannot be accessed by an
unauthorized code running outside the protected/isolated environment.
KMS also offers the possibility to use cryptographic services with keys that are managed
securely outside the STM32 microcontroller, such as by an STSAFE-A100 Secure Element
for example (rooting based on token ID).
KMS only supports a subset of PKCS #11 APIs:
•Object management functions: creation / update / deletion
•AES encryption functions
•AES decryption functions
•Digesting functions
•RSA and ECDSA Signing/Verifying functions
•Key management functions: key generation/derivation
KMS manages three types of keys:
•Static Embedded keys:
– Predefined keys embedded within the code. Such keys can't be modified.
•Updatable keys with Static ID:
– Keys IDs are predefined in the system
– Key value can be updated in a NVM storage via a secure procedure using static
embedded root keys (authenticity check, data integrity check and data decryption)
– Key cannot be deleted
•Updatable keys with dynamic ID:
– Key IDs are defined when creating the keys
– Key value is created using internal functions. Typically, the DeriveKey() function
creates dynamic objects.
– Key can be deleted
Protection measures and security strategy UM2262
20/94 UM2262 Rev 6
5 Protection measures and security strategy
Cryptography ensures integrity, authentication and confidentiality. However, the use of
cryptography alone is not enough: a set of measures and system-level strategy are needed
for protecting critical operations and sensitive data (such as a secret key), and the execution
flow, in order to resist possible attacks.
Secure software coding techniques such as doubling critical tests, doubling critical actions,
checking parameters values, and testing a flow control mechanism, are implemented to
resist basic fault-injection attacks.
The security strategy is based on the following concepts:
•Ensure single-entry point at reset: force code execution to start with Secure Boot code
•Make SBSFU code and SBSFU secrets immutable: no possibility to modify or alter
them once security is fully activated
•Create a protected enclave isolated from SBSFU application and from User
applications to store secrets such as keys, and to run critical operations such as
cryptographic algorithms
•Limit surface execution to SBSFU code during SBSFU application execution
•Remove JTAG access to the device
•Monitor the system: intrusion detection and SBSFU execution time
Figure 4 and Figure 5 give a high-level view of the security mechanisms activated on each
STM32 Series.
Figure 4. SBSFU security IPs vs. STM32 Series (1 of 2)
Table of contents
Other ST Computer Hardware manuals
ST
ST STM32U5 User manual
ST
ST STM32F4 Series Owner's manual
ST
ST AN5717 Installation and operating instructions
ST
ST STEVAL-SCR002V1 User manual
ST
ST X-NUCLEO-53L7A1 User manual
ST
ST X-NUCLEO-S2915A1 User manual
ST
ST STEVAL-IFS013V2 User manual
ST
ST X-NUCLEO-OUT13A1 User manual
ST
ST STM32Cube User manual
ST
ST X-NUCLEO-SNK1M1 User manual
