FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Best approach to security with STM32H757

Go to solution
GRoss.5
Associate II

‎2022-09-16 12:02 PM

I am using an STM32H757. I understand how, using the TrustedPackageCreator and an HSM, I can supply our manufactures with an encrypted version of the firmware and limit the number of product instances they can produce. My question is, when the product firmware is being updated in the field does the person doing the updating (service engineer) need an HSM card as well. If so, is there a way to give our service people a card that allows for unlimited firmware updates? If not, what is the best approach to provide our service people with the ability to update the firmware in the field? We would like to avoid the situation were the service engineer cannot update the firmware because the HSM card has no more instances remaining.

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Bubbles
ST Employee

‎2022-10-03 06:33 AM

Hello @Community member​ ,

The HSM is securing the SFI (secure firmware install). But for secure firmware updates in the field, I think you need X-CUBE-SBSFU - Secure boot & secure firmware update software expansion for STM32Cube - STMicroelectronics

I think it's better suited for this role in the product lifetime than SFI. Unless there are some other constraints, like code size.

See Introduction to STM32 microcontrollers security - Application note for more security tips.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

View solution in original post

0 Kudos
1 REPLY 1
Go to solution
Bubbles
ST Employee

‎2022-10-03 06:33 AM

Hello @Community member​ ,

The HSM is securing the SFI (secure firmware install). But for secure firmware updates in the field, I think you need X-CUBE-SBSFU - Secure boot & secure firmware update software expansion for STM32Cube - STMicroelectronics

I think it's better suited for this role in the product lifetime than SFI. Unless there are some other constraints, like code size.

See Introduction to STM32 microcontrollers security - Application note for more security tips.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

0 Kudos
Top