By establishing a root of trust in the microcontroller, X-CUBE-SBSFU Secure Boot enables protection of intellectual property. Secure Boot checks and activates the STM32’s built-in security mechanisms, and checks the authenticity and integrity of user application code before every execution to prevent invalid or malicious code from running. The trusted device can then safely take part in mutual authentication when connecting remotely to a network, in accordance with well-known security best practices.
The secure firmware-update functionality aids lifetime device management – applying fixes, functional upgrades, and security updates to cover the latest cyber threats – by handling secure loading and safe programming of firmware.
The secure loader supports multiple recognized digital-signature (ECDSA or AES methods) and cryptography (AES-GCM) algorithms to receive, authenticate, and decrypt the encrypted firmware image, and check the integrity of the code. The safe programming supports both single-image update for maximum user-application size and dual-image update giving extra flexibility to support anti-rollback during image installation and Over-The-Air (OTA) firmware download.
In addition, X-CUBE-SBSFU secure-engine services maintain a protected environment for storing critical data such as cryptographic keys and executing cryptographic algorithms, thus completing a comprehensive package for protecting connected devices and securing IoT networks.
STMicroelectronics – www.st.com