FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Most Secure STM32 ?

bsuthar
Senior

‎2026-05-05 11:56 PM - last edited on ‎2026-05-06 1:05 AM by

Hello Team,

Good Day !

After Cloneed our two version of Hardware ( STM32F3 Series based ) by compititor , we are now more focused on Hardware Security aspects.

Can you Pls Suggest which STM32 MCU is the MOST Secure among all available MCU ? Considering Firmware Protection / physical  Attacks ? 

I would appriciate , if Higher Level Architecture with Device name is Provided.

We are also open for Paid Consultancy if any 3rd party ready to help...

 

Regards ,

Bhupendra

Labels:
0 Kudos
5 REPLIES 5
Bubbles
ST Employee

‎2026-05-06 1:00 AM

Hello @bsuthar ,

I'd suggest to try the reading the Introduction to security for STM32 MCUs - Application note first. The AN also includes tables comparing the security features found in different STM32 series.

Of the series on the market, I'd probably suggest the STM32H5 (crypto line) as the most secure. But the security is only working if the application uses all the security features correctly. 

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.

Pavel A.
Super User

‎2026-05-06 6:27 PM

We are also open for Paid Consultancy if any 3rd party ready to help...

Could you tell what is the kind of your device, so relevant experts could join?

For example: motor or drone controller? Industrial controller? Consumer, musical, game/toy? etc.

 

0 Kudos
bsuthar
Senior
In response to Pavel A.

‎2026-05-06 10:59 PM

@Pavel A. 

yes , it is Industrial Motion controller.

Currently , It is based on STM32F303 Device. 
Unfortunately , It is clonned Two times ( along with Firmware). 

Last HW Version had Following Feature : 

------------------------------------------------------------

1. Custom BootLoader (WRP ON)

2. CRC Checksum check for Application Firmware (RoT) Authentication on Startup

3. RDP1

4. USB Communication Encrypted (Asymmetric)

--------------------------------------------------------------------------------

0 Kudos
bsuthar
Senior
In response to Bubbles

‎2026-05-06 11:07 PM

Yes, @Bubbles 

we had gone through this Docs and belive firmware extraction done through "Semi-Invasive Method" , for STM32F3 series MCU. 

0 Kudos
Ozone
Principal III
In response to bsuthar

‎2026-05-06 11:23 PM

> 3. RDP1

Perhaps this is not sufficient.
An attacker could boot from System ROM, inject code into RAM, and thus break your protection.

Perhaps you are aware of Ghidra or similiar software packages : https://github.com/NationalSecurityAgency/ghidra
With such tools, you can easily convert binary code back into readable C code (without original variable names, of course).

Or, in the simplest case, the attacker just reads out the Flash into a file, and flashes it onto his clones.

While I have only superficial knowledge of this topic and scene, I would check out the size of the cloning competitors (financial & product output). For small ones, I would suspect minimal-effort cloning (i.e. the second, simpler case).
RDP level 2 might be too much of hurdle for those.

0 Kudos
Top