Showing results for 
Search instead for 
Did you mean: 

Why STMCU firewall can improve the security level?

Associate II

I'm curious about the firewall, and want to know why firewall can improve the security level. 

It's easy to understand page 65 of UM2262, f1(), f2(), f3() can only be called from outside through call gate, my question is why it's more secure than calling f1() directly? 




ST Employee

Hello @HXiao.1,

Firewall is used to ensure isolation it can be compared to the Trustzone feature on cortex M33 based MCU's but it is reserved for CM4 MCU's like the STM32L4 series mentioned in the Um2262 .

In fact Firewall is a hardware IP, which allow to create a security enclave ( Flash/RAM) with a unique entry point .This protection is dynamically managed at runtime. When the FIREWALL is OPEN, no interrupt must take place during the execution of the protected code. and any illegal access to a region protected with the firewall will generate a RESET . You can find an explanation of the Firewall theory in here as well as a lab to get started with the feature .

Hope this will answer your inquiry .



In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
Billy OWEN
ST Employee

Hi @HXiao.1 


The forum moderator had marked your post as needing a little more investigation and direct support. An online support case has been created on your behalf, please stand by for just a moment and you will hear from us.




Jocelyn RICARD
ST Employee

Hello @HXiao.1 ,

First point, this firewall features is only available on STM32L4 and STM32L0 series.

The firewall provides internal isolation between 2 different parts. The untrusted part and the trusted part.

In TrustZone terminology, non trusted is also called non secure, and trusted is called secure.

The code and data you put into the trusted part, so inside the firewall code and data sections, is never directly accessible from the non trusted part.

So, to answer your question, not being able to call directly the provided functions does not make things more secure. What make things secure is that you cannot access any trusted area inside firewall from untrusted area.

The firewall is made in such a way that you need to go through this call gate to be able to enter the trusted area from non trusted.

With ARM TrustZone on CortexM33 based MCUs (STM32L5, STM32U5, STM32H5 and STM32WBA), this call gate constraint is released using a non secure callable area. When non secure code calls a secure service, it has to jump first in this specific non secure callable area where first instruction is SG (Secure Gate) which has the same role as in the call gate in firewall.

I hope this answers your question

Best regards