STM32L5: The New Security Flagship

STM32L5: The New Security Flagship

The STM32L5 series of microcontrollers is one of the first to receive the PSA Certified Level 2 accreditation from Arm®, and it is now in mass production. The STM32L5x2 are available, along with the STM32L552E-EV evaluation board, the STM32L562E-DK Discovery kit, and the NUCLEO-L552ZE-Q. When they first introduced the STM32L5 at the end of 2018, its Cortex® -M33 inaugurated ST’s support for TrustZone®, which enables engineers to segregate certain resources and code in a secure environment to protect it against hacks, among other things. However, it’s only one of the many security features in the STM32L5, and the PSA Certified Level 2 certification anchors the new MCUs as a flagship solution for teams looking to prioritize advanced security features.
PSA or Platform Security Architecture is a framework designed to increase the security of IoT systems. It revolves around the analysis of threats and potential breaches, precise architectural specifications, the implementation of various APIs and features, as well as a certification process that guarantees the compliance of components, operating systems, or boards. A PSA Certified Level 1 accreditation serves as a foundational framework to alleviate traditional security concerns through various assessments.

STM32L5: Trusted Firmware-M, HDP (Hide Protect), Unique Boot Entry, Public Key Acceleration, OTFDEC

TF-M is a reference implementation of a Trusted Execution Environment (TEE) that leverages services such as secure storage and cryptographic operations to guarantee the integrity of the Secure Boot and firmware. It’s currently one of the most underrated features because very few systems use it, but developers should start to depend on it heavily. Smartphone makers already use a similar feature for Cortex-A devices (TF-A), and as IoT devices require more security, TF-M allows them to go way beyond the traditional Secure Boot, and Secure Firmware Update features to enable the implementation of robust systems with minimal investments. he STM32L5 devices also include a lot more security features than what the PSA Certified Level 2 certification requires. For instance, HDP (Hide Protect) and Unique Boot Entry enables the creation of a boot loader that is invisible to the rest of the system. The crypto core available in the MCU also optimizes encryption and decryption operations, such as a public key acceleration (PKA) that enables Elliptic Curve Cryptography that’s about 20 to 30 times faster compared to a software solution


STM32L5: A More Comprehensive Implementation of TrustZone

TrustZone is an essential feature of the Cortex-M33, but the way ST implemented it in the STM32L5 offers additional advantages. For instance, the device doesn’t just segregate applications between a Trusted and Untrusted side, but can also allocate pins or memory for a much greater flexibility. As a result, applications that must protect certain resources, and that used to demand two microcontrollers, can now run on one STM32L5. For instance, an IoT product connected to the cloud could have the RF stack on the Untrusted side while the sensors and monitoring system remain on the Trusted section. Additionally, thanks to TrustZone, we can offer a new Readout protection level between 0 (no protection) and 1 (memory readout protection). The 0.5 level works by forbidding access to the secure area during Debug operations, which will be particularly useful if a company outsources maintenance or support operations.The firmware package for the STM32L5, the STM32CubeL5, contains about 300 application examples with some of them using TrustZone to help developers get a head start. We are also announcing that STM32CubeIDESTM32CubeMX, and STM32CubeProgrammer all received updates to support TrustZone. Developers don’t have to use the feature, and the development boards we offer do not enable it by default. However, since programming for TrustZone is akin to writing two applications, one for the Trusted area and another for the Untrusted, it is best to start developing for the feature early

STM32L5: SMPS, USB Type-C PD, Dual Bank Flash

The STM32L5 builds on the STM32L4 and STM32L4+. The device remains power efficient with a standby mode of only 386 nA (RAM and RTC enabled) for a wake-up time of single 14 µsThis is, in part, possible thanks to the presence of a new switched-mode power supply that can more dynamically adapt the power consumption to improve efficiency. The savings are significant since the use of the SMPS increases efficiency by up to 40%. 


Source: STM News

Categories: Boards, News, Security
Tags: arm, IoT, PSA, security, STM32L5