STM32 MCUs Security

SAES using wrapped key

I am working with SAES on STM32U585. I am trying to make use of wrapping/unwrappinng my encryption key with hardware-secret key DHUK . This in the SAES initialization I am using hcryp.Instance = SAES; hcryp.Init.DataType = CRYP_BYTE_SWAP; hcryp.I...

Clarification Needed: SBSFU Legacy, MCUBoot, and STiRoT

Hi everyone,We’ve been using the XCUBE-SBSFU bootloader in our industrial-grade project and recently noticed that SBSFU is now labeled as a legacy bootloader. It seems the new recommended bootloader is based on MCUBoot. Additionally, I’ve come across...

Resolved! STM32H562 reading OBK in nonsecure application with TrustZone enabled

I am having trouble to get OBK data reading working on the STM32H562 / H563 (which do not support secure storage because they are lacking hardware crypto support).My plan is to store keys in the OBK area, (encrypted with some storage key of my own) a...

Resolved! SBSFU on STM32H755

I am trying to get SBSFU (1_image) running on the STM32H755. I'm working from um2262 and this post https://community.st.com/t5/stm32-mcus-security/sbsfu-porting-to-a-custom-board/m-p/200240/highlight/true#M2917 My setup is a NUCLEO-H755zi, STM32CubeT...

Resolved! How to include the non-secure app in the sfi file when --sfi-gen, and set product-state to Closed after --sfi-flash?

Using MX created an app utilizing Secure Manager 1.2 on STM32H573, after running 'provisioning.py --sfi-gen', the generated sfi image does not include the non-secure app image; after 'provisioning.py --sfi-flash', the product-state is set to TZ-CLOSE...

Security chip for Matter

We are developing this on st-cube-matter.We are using the STM32WB5MMG-DK evaluation board, but is there a recommended device for the security chip that stores the certificates for the DAC, NOC, etc.?

Resolved! Inconsistent SBSFU error for Header FW signature verification failure

I'm starting from the X-CUBE-SBSFU release v2.6.2, using the B-L475E-IOT01A - 2_Images_ExtFlash as a reference. I've done the minimum porting required to run this on an STM32L4A6 target.I'm seeing an inconsistent issue where the SBSFU boots up and a...

Resolved! Security Mechanisms in STM32H753ZI for Preventing Unauthorized Access and Modification

Does the STM32H753ZI microcontroller provide a built-in unique key or mechanism to ensure that the chip cannot be unlocked, and firmware cannot be flashed, read, or erased without the correct key, effectively preventing unauthorized access or modific...

Resolved! Is psa_generate_random() equivalent to HAL_RNG_GenerateRandomNumber()?

STM32H573 with Secure Manager provisioned, the non-secure app cannot access the RNG anymore. Will it be ok to use Secure Manager API psa_generate_random() to replace HAL_RNG_GenerateRandomNumber()?

SecureManagerAPI.chm content is empty

The file is under X-CUBE-SEC-M-H5_V1.2.0\Middlewares\ST\secure_manager_api; it can be opened without any error, but the right panel is always empty.

STM32 MCUs Security

Forum Posts

SAES using wrapped key

Clarification Needed: SBSFU Legacy, MCUBoot, and STiRoT

Resolved! STM32H562 reading OBK in nonsecure application with TrustZone enabled

Resolved! SBSFU on STM32H755

Resolved! How to include the non-secure app in the sfi file when --sfi-gen, and set product-state to Closed after --sfi-flash?

Security chip for Matter

Resolved! Inconsistent SBSFU error for Header FW signature verification failure

Resolved! Security Mechanisms in STM32H753ZI for Preventing Unauthorized Access and Modification

Resolved! Is psa_generate_random() equivalent to HAL_RNG_GenerateRandomNumber()?

SecureManagerAPI.chm content is empty

STM32H523 debug authentication, read protection, a...

OBKey config file

STM32CubeProgrammer Default DA Configuration, TZ E...

When TrustZone is enabled, both mbedTLS and X-CUBE...

Not able to handshake with firabase and azure serv...

Request for Guidance on Eliminating Swap Region (S...