Bench Talk

(Source: Sara_P - stock.adobe.com)

The prevalence of network connectivity in and between embedded systems today has prompted Original Equipment Manufacturers (OEMs) and system integrators to reconsider how they secure their electronic products. And it’s not just the products themselves.

The Internet of Things (IoT) has added new dimensions for engineering organizations to defend against, including the network connections coming off devices and the data they transmit. These efforts pair with companies’ desire to protect sensitive IP stored on embedded systems so their proprietary work can’t be cloned or altered. Additionally, integrating these added security measures aligns with companies’ preference that systems not be commandeered and leveraged for uses other than originally intended.

However, as embedded systems add features and capabilities parallel to network access technologies, they also become more difficult to secure. This has resulted in a new electronic component class that integrates foundational security building blocks at their most fundamental levels. The most recent example of this can be found in STMicroelectronics STM32Trust ecosystem.

The objective of the STM32Trust ecosystem is to democratize advanced security measures for all embedded developers. STM32Trust microcontrollers and microprocessors deliver secure functions to ensure IP protection, data protection, and secure connectivity. With STM32Trust built on technologies such as the STM32Trust trusted execution environment secure manager (STM32TRUST TEE-SM ), designers can streamline security-enhanced STMicro MCUs and MPUs without adding development costs and time to market.

The STM32Trust secure manager caters to the needs of developers working on complex system designs by providing the ability to easily store sensitive data and IP in privileged, encrypted regions of on-chip memory. These TEEs permit the STM32Trust secure manager to facilitate the implementation of on-chip Roots of Trust, as cryptographic keys and certificates used to verify the boot process can be securely stored directly within the microcontroller.

In practice, this eliminates additional development costs and reduces overall costs by precluding the need for discrete security elements or the use of external hardware security modules.

Unlike traditional security solutions that require developers to adapt and compile source code, STMicroelectronics' secure manager is available as a downloadable software package that supports industry security standards like Global Platform's Security Evaluation Standard for IoT Platforms (SESIP) and Arm’s Platform Security Architecture (PSA) Level 3 Certification process.

Implementing the STM32Trust security framework encompasses numerous security functions, providing varying assurance levels tailored to diverse applications. The twelve security functions and services integrated within the STM32Trust ecosystem include:

1. Secure boot ensures the authenticity and integrity of an application running on a device by verifying the digital signature or hash before execution.
2. Secure firmware update and installation prevents malicious or corrupted firmware from making its way onto a device during the upgrade process.
3. Silicon device lifecycle management protects device silicon in each stage by constraining its operational capabilities to defend its assets.
4. Memory isolation segregates trusted and non-trusted software running on the device.
5. Secure storage of sensitive data or cryptographic keys ensures they are inaccessible outside the safe environment.
6. Cryptographic engines dedicated to executing encryption, decryption, and other security algorithms ensure the highest levels of performance and security are achieved.
7. Secure manufacturing provisions devices with controls to prevent overproduction, firmware theft during manufacture, or the use of firmware to program non-company-owned devices.
8. Identification mechanisms allow devices to verify the authenticity of software packages.
9. Software IP protection safeguards software packages from both internal and external unauthorized access.
10. Abnormal situation handling detects hardware and software anomalies and responds accordingly.
11. Audit logs keep a history of security-related actions and events for threat tracing.
12. Application lifecycle management protects assets in their various states throughout the lifecycle.

Developers can access STM32Trust functionality through cryptographic APIs that simplify the secure management of sensitive credentials using encryption keys. The STM32TRUSTEE-SM offers secure services through an API that are compatible with Arm’s PSA framework. In addition to the Secure Manager you have several TEEs available through the STM32Trust security ecosystem, including Trusted Firmware-M (TF-M), Trusted Firmware-A (TF-A), and Open Portable Trusted Execution Environment (OP-TEE). Each of these TEEs serves a different purpose, but all of them run on ST’s Arm^® Cortex^®-class processor technology:

• TF-M is a reference implementation of the Arm PSA for Arm Cortex-M microcontrollers. It supports PSA Level 1 and Level 2 isolation via mechanisms provided by the Armv8-M architecture.
• TF-A is designed for Arm Cortex-A microprocessors.
• OP-TEE is designed for Arm Cortex-A microprocessors.

Additionally, STMicroelectronics provides the Secure Boot and Secure Firmware Update package, X-CUBE-SBSFU, which is available on non TrustZone based devices. The X-CUBE-SBSFU aims to enhance the security of embedded systems right from the initial boot process including firmware image updates received via OTA, USB, serial, etc. and performed in a secure way to prevent unauthorized updates and access to confidential on-device data.

STMicroelectronics further simplifies the secure development journey by providing additional reference implementations and an informative Wiki. These guide engineers looking to integrate these TEEs and other security best practices into their complex, custom, and increasingly connected embedded product designs.

Security is always a concern when developing embedded systems. Today, companies are facing more scrutiny and design challenges than ever to ensure strong security levels in their IoT devices and to safeguard device integrity while still maintaining rapid design cycles and keeping products cost effective. The more features and capabilities a solution contains, the greater the attack risk.

STM32 microcontrollers and microprocessors utilize the STM32Trust ecosystem to deliver secure functions built on top of standards like Arm’s Platform Security Assurance (PSA) and Global Platform’s Security Evaluation Standard for IoT Platforms (SESIP). The STM32Trust solution offers developers with a robust, multilevel strategy to enhance security in their new product designs. Equipped with twelve security functions and services to align with asset-protection use cases and provide the right security assurance levels, the STM32Trust ecosystem fortifies overall system integrity for today’s advanced embedded devices.

Brandon Lewis has been a deep tech journalist, storyteller, and technical writer for more than a decade, covering software startups, semiconductor giants, and everything in between. His focus areas include embedded processors, hardware, software, and tools as they relate to electronic system integration, IoT/industry 4.0 deployments, and edge AI use cases. He is also an accomplished podcaster, YouTuber, event moderator, and conference presenter, and has held roles as editor-in-chief and technology editor at various electronics engineering trade publications.

When not inspiring large B2B tech audiences to action, Brandon coaches Phoenix-area sports franchises through the TV.