Skip to main content
Frantz LEFRERE
Frantz LEFRERE
ST Employee
March 5, 2026

MOOC - Cyber Resilience Act

  • March 5, 2026
  • 3 replies
  • 2721 views

The EU Cyber Resilience Act is a regulation establishing mandatory cybersecurity requirements for products with digital elements sold in the European Union. STMicroelectronics provides complete solutions, expert guidance, and proven certifications to help you achieve CRA compliance faster and more efficiently.

In this video, ST experts provide an in-depth exploration of the Cyber Resilience Act journey through a smart door lock example by reviewing the different obligations throughout the product life cycle.

What you'll learn

Ready to get started?

All the videos are available at our YouTube playlist embedded below, or at the URL:
https://www.youtube.com/playlist?list=PLTJzs51NlEIDW1vtN7GQ0PXF84-TIWinN

Join the discussion

Share your thoughts, ask questions, and engage with fellow developers. Our experts are active in this post and they are excited to hear your feedback.

Additional resources

    3 replies

    Dimi
    Dimi
    Associate II
    April 24, 2026

    Great initiative by ST! I hope to see a compatibility matrix between STM32Trust features and CRA requirements with clear 1:1 mapping. See you at the workshop events @Frantz LEFRERE 

     

      mauro2399
      mauro2399
      Associate II
      May 7, 2026

      I attended Session 2: well done, a lot of Q&A.

      I had a question which I failed to type on time before the session end, so I try asking it here:

      The presentation section "Integrate Security" (slide 25 to 29) focused on Secure Boot and Secure Update, which looks enough for devices in the CRA Default Category.

      On the other hand, we system designers receive proposals to include a discrete Secure Element from several SE manufacturers (NXP, Microchip, Infineon), to support CRA compliance, even for MCU which already offer Secure Boot and Secure Update.

      What is the advantage of adding a discrete (external) Secure Element to a MCU which already offers Secure Boot and Secure Update?

      The Secure Element descriptions often focus on the "Key management" and "Operation with Clouds". Do these subjects fall within the CRA regulation?

      What do STM32 MCU themselves offer for "Key management" and "Operation with Clouds"?

       

      Thanks!

      Frantz LEFRERE
      Frantz LEFREREAuthor
      ST Employee
      May 12, 2026

      Hello @mauro2399,

      The goal of a secure boot is to authenticate the running application.

      The authentication mechanism uses a public key to verify the signature of the application

      What makes secure boot secure is:

      1. Secure boot must be the first code to execute: this is ensured by the MCU hw security (bootlock for instance)
      2. Secure boot must be immutable
      3. The public key used to check the signature must also be immutable

      With this you address 99% of the requirements related to the protection of the application.

      In such case, the usage of an external secure element does not bring any added value.

       

      The purpose of a secure element it to provide a unique key pair (private key + associated certificate containing the public key, signed by your CA). This is used for digital identity in context of IOT mainly.

      Secure elements are usually provided pre-provisionned.

       "What do STM32 MCU themselves offer for "Key management" and "Operation with Clouds"?"

      Depending on the STM32 families we have different dedicated mechanism, like the KMS (software), CKS, Key-wrapping (HUK/SAES/SCB) and even some preprovisioned device for authentication like ( STM32H5 with Secure manager or STM32C3). I would advise to contact the technical support (https://www.st.com/content/st_com/en/support/support-home.html) to get a more detailed answer depending on the STM32 targeted.
      We will have a dedicated  Q&A session 4 with a focus on the Secure Boot topic
      Best regards,

      Frantz 

      Terms & ConditionsAccessibility statement