STM32 expansion software simplifies security implementation on IoT endpoints
Consolidating secure boot, secure firmware update, and secure-engine services in an STM32Cube expansion software package, X-Cube-SBSFU v.2.0 from STMicroelectronics helps product developers fully utilise the security features of STM32 microcontrollers to protect connected devices like IoT endpoints and help manage their life-cycle.
By establishing a root of trust in the microcontroller, X-Cube-SBSFU secure boot enables protection of intellectual property. Secure Boot checks and activates the STM32’s built-in security mechanisms, and checks the authenticity and integrity of user application code before every execution to prevent invalid or malicious code from running. The trusted device can then safely take part in mutual authentication when connecting remotely to a network.
The secure firmware-update functionality aids lifetime device management – applying fixes, functional upgrades, and security updates to cover the latest cyber threats, says STMicro, by handling secure loading and safe programming of firmware. The secure loader supports multiple recognised digital-signature (ECDSA or AES methods) and cryptography (AES-GCM) algorithms to receive, authenticate, and decrypt the encrypted firmware image, and check the integrity of the code. The safe programming supports both single-image update for maximum user-application size and dual-image update giving extra flexibility to support anti-rollback during image installation and over-the-air (OTA) firmware download.
In addition, X-Cube-SBSFU secure-engine services maintain a protected environment for storing critical data such as cryptographic keys and executing cryptographic algorithms, protecting connected devices and securing IoT networks.
The X-Cube-SBSFU expansion software package is delivered as a free-of-charge reference library, available under a software license agreement.
It is built on ST’s STM32Cube software technology, to simplify portability throughout the STM32 family that comprises over 800 devices offering a range of performance, memory density, feature-integration, I/O, and connectivity options.
An X-Cube-SBSFU package update will be introduced to give code references to the other STM32 series.