Showing results for 
Search instead for 
Did you mean: 

STM32U5 TF-M Crypto services - AES GCM DPA-protected

Associate III


I am using the X-CUBE-AZURE example with the B-U585I-IOT02A development board equipped with STM32U5 microcontroller.

Reading the tfm_mbedcrypto_config.h file of the TF-m it says that AES GCM is available with protection against DPA attaccks but in the datasheet of the microntroller it is indicated that SAES does not support GCM; how was this implemented at the hardware level? Is DPA protection for cryptographic algorithms also implemented at the software level?

Thank you

Guillaume K
ST Employee


I've asked our experts about that. we'll keep you informed.

internal tracking number : 138215 (only for reference, not available outside of ST)

ST Employee

Hi @Domenico​ ,

I believe the mbed is using a workaround, keeping the counter and the intermediate results in SRAM and then calling the SAES for each block separately. The security may be lower than in case of AES operation modes natively supported by SAES (CBC) but likely higher than in case of using regular AES accelerator. The impact is quite difficult to assess, but if memory protections are in place it's probably fine.



To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.