In the massively connected world of the internet of things, hardware security is more important than ever. At embedded world 2023, STMicroelectronics demonstrated its newly launched STM32Trust Trusted Execution Environment (TEE) Secure Manager, aimed at simplifying the development of secure embedded applications.
 
Security can’t be an afterthought. Without proper security, we can only imagine the potential risks to our homes, our cities and transportation networks for connected and autonomous cars. The European Union recognized cybersecurity as essential for building a digital economy and introduced the Cyber Resilience Act (CRA) in September 2022.
 
Security is a complex topic, and most companies don’t have the expertise, Jocelyn Ricard, support engineer at STMicroelectronics, told EE Times Europe at embedded world 2023. Making security more accessible and straightforward for developers has become essential.
 
ST provides the STM32Trust strategy to help developers keep up with the latest security features on STM32 microcontrollers (MCUs) and microprocessors (MPUs). It lists 12 security functions needed by IoT devices and relies on security certification schemes, including Platform Security Assurance (PSA) defined by Arm and Security Standard for IoT Platforms (SESIP) defined by Global Platform.
 
At embedded world 2023, ST demonstrated what it claims is the first out-of-the-box, certified MCU protection for customer embedded developments. “We provide Secure Manager with different levels of security offers, from people with security expertise to those without the expertise,” Ricard said.
 
Secure Manager is ST’s first TEE solution. It uses Arm Trusted Firmware-M (TF-M), which leverages Arm TrustZone technology and handles the certification at the system level so that customers targeting a SESIP and PSA Level 3 Certification can accelerate their qualification process.
 
ST’s Secure Manager Demystifies Security for Embedded Applications
Representations of the STM32 Trusted Execution Environment Secure Manager (Source: STMicroelectronics)
TF-M relies on an isolation boundary between the Non-secure Processing Environment (NSPE) and the Secure Processing Environment (SPE).
 
“If you face a remote attack, there is no way your secure assets like your security key can be accessed,” Ricard said. “The point is to put all valuable assets on the secure side and isolate them from the attack surface of the application.”
 
In addition to secure and non-secure environments, further partitioning is carried out with privileged and unprivileged zones. ST has worked with Paris-based ProvenRun on the development of the STM32Trust TEE Secure Manager, powered by the ProvenCore-M secure TEE operating system.
 
“ProvenRun has provided the Secure Manager Core and secure services,” Ricard said. “There is some isolation between the privileged and the unprivileged services. When you have a call from the non-secure side, it will remove it from the memory. Each service is isolated from the other.”
 
Besides, Secure Manager contains a two-stage root of trust: the immutable and updatable root of trust (iRoT and uRoT). The iRoT is set at the factory and cannot be modified. It uses a read-only memory containing keys and other mechanisms defined by ST to establish a secure boot without external keys.
 
Once the system has passed iRoT, it moves to uRoT, which allows developers to store and use sensitive data that can be updated.
 
“ST is providing the root of trust and the chain of trust to be able to run all the stacks securely,” Ricard said. “Customers focus on the application while we focus on providing full secure stacks.”
 
Customization is also possible. “If customers need to secure more keys, they can adapt the size of the trusted storage,” Ricard said. “[Secure Manager] can help customers extend the security and usage of third-party applications. Third parties can now provide some code that they don’t want to leak, enabling new business cases where they sell a service with the assurance that it will not be compromised. Manufacturers are pleased with it because they want to be able to isolate their IP.”
 
Jocelyn Ricard at STMicroelectronics
Jocelyn Ricard, support engineer at STMicroelectronics, provides a demo of STM32Trust TEE Secure Manager at embedded world 2023. (Source: EE Times Europe)
STM32Trust TEE Secure Manager also provides multi-tenant IP protection and seamless cloud and server support. “To make cloud connectivity easier, we provide provision certificates to connect directly to the cloud provider,” Ricard said.
 
Available in June, Secure Manager will support the STM32H5 at launch but is expected to be compatible with other STM32 MCUs over time, the company said.
 
“The goal is to have it in all our MCUs,” Ricard said. There are, however, two conditions. “First, the MCU needs to be cryptography-enabled, which means it is possible with the STM32H573 but not with the STM32H53 [MCUs]. Second, it must have a Cortex-M33 [core].”
 
STM32Trust TEE Secure Manager is supported by the STM32 ecosystem tools with the STM32CubeMX initialization code generator, the STM32CubeIDE integrated development environment and the STM32CubeProgrammer.