PUF vs HUK

jeffl.kelley9 · ‎2026-02-25

I am looking for information that compares the security in an STM32U5 or similar with the PUF-based solutions used in competitor's processors. The problem is that "PUF" has a simple explanation that sounds good and a head-to-head analysis of the advantage of these other processors against what ST provides seems to be lacking in the market place. Obviously, ST could have selected a PUF-based security and decided not to do so, so the clues might exist in why that decision was reached. Note: The primary focus is to find processors that prevent software pirates from extracting the firmware. Any help that addresses this will no doubt be repaid in future design wins.

Jocelyn RICARD · ‎2026-02-26

Hello @jeffl.kelley9 ,

I don't know the details of the reason not to go the PUF way.

What I can tell is that the Hardware Unique Key is having exact same role that is using a device unique key, not accessible allowing device specific encryption.

The difference lies in the possibility to attack the device to extract this key which is normally not possible in case of PUF.

The STM32U5, as all other MCU devices implementing the HUK (U3, H5, H7S, N6 ...) are designed to address IOT market where board level resistance (Glitch, laser, side channel, DPA) is certified using PSA Level 3 and SESIP Level 3 certifications.

Such device is not addressing the Secure Element market where degree of resistance goes down to chip level with delayering and much more advanced methods.

For the STM32U5 targeted applications, the HUK, DHUK, Secure AES combo security is at the right level.

Even for some banking devices such as point of sell, STM32U5 will use tamper detection feature to erase secrets.

I hope this answers your question

Best regards

Jocelyn