STM32MPUs security overview
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Email to a Friend
- Printer Friendly Page
- Report Inappropriate Content
on 2020-06-15 6:13 AM - edited on 2025-02-28 6:08 AM by Marie-Christine CAYALE
Introduction
The STMP32MPU platform and OpenSTLinux provides elementary security features to help customer to build a desired global security level for their application.
This FAQ is an overview of these elementary security features presented in the following ST MPU wiki article https://wiki.st.com/stm32mpu/wiki/Security_overview
1. Secure boot and open trusted execution environment (OP-TEE)
The trusted boot chain ensures the integrity of binaries of the First Stage (TF-A firmware) , of the Second Stage Boot Loaders (Uboot firmware) and OP-TEE.
The STM32MPUs ROM code performs a binary authentication check of a signed TF-A firmware. This is done with an asymmetric ECDSA public key stored in STM32MPU OneTimeProgramming (OTP) peripheral and with TF-A binary headers with its signature. Secure boot on STM32MPU platform prevents the ROM code from booting when TF-A binaries have been replaced by hacked binaries in flash. ROM Secure boot is the first pillar of the Chain of Trust of the trusted boot chain.
Once the TF-A is authenticated, ROM code starts TF-A. TF-A is the second pillar of the trusted boot chain. TF-A authenticates in its turn the Second Stage BootLoader firmware (Uboot) and the OP-TEE binary (based on a X509 PKI infrastructure).
STMP32MP13 and STM32MP2 have enhanced security, a user can store 8 ECDSA public keys and key revocation is possible. TF-A can be decrypted when loaded by ROM code. The Crypto peripherals is robust against Side Channel Attack (SCA) and the boot chain is pre-certified for SESIP Level 3 and PCI6.
OP-TEE (Open trusted execution environment) allow to run OP-TEE applications (TA) in Cortex®-A secure hardware execution context. OP-TEE and TA can be authenticated before execution by TF-A.
Authentication of Cortex®-M firmware (M4 or M33) is implemented with a dedicated OT-PEE trusted application. Authentications above made by TFA uses by default the same ECDSA key as the key used for TF-A authentication.
The standard Uboot authentication and Uboot RSA decryption of FIT image (Linux kernel+ device tree+initramfs) are not by default enabled on OpenSTLinux release (can be depending upon the needs).
Secure firmware update allows the update of the Uboot and OP-TEE binaries with TF-A authentication is implemented in OpenSTLinux.
Signing tool to sign the TF-A binaries with the ley generated by KeyGen are available in the STM32MPU ecosystem.
2. Key provisioning system
The keys can be protected inside a Hardware Security Module card (HSM), to share the private keys to the manufacturing plant. From HSM, the keys can be provisioned into STM32MPU OTP using the ST secure secret provisioning (SSP) tools.
STM32MPU offers hardware isolation. The Cortex®-A code, Cortex®-M (STM32MP15,STM32MP2), DMA have a controlled access to the STM32MPU peripherals and memories access depending on hardware execution context.
A secure boot chain configures the hardware firewalling of each peripheral and memories to one hardware execution context. Hardware isolation allows having part of the system protected against undesired cpu or DMA access (bug or malicious). Isolation allows SIL3 certification for safety.
3. Binary encryption in external memories
STM32MP15 SoC flash and DDR interfaces do not support on-the-fly decryption of the flash contents or the DDR DRAM contents. Therefore, automatic on the fly decryption of encrypted memories is not possible. However, the decryption of a binary located in external memories is always possible “manually” in software or with STM32MP15 crypto peripherals.
On-the-fly decryption, which allows to run OPTEE in encrypted DRAM, is supported for STM32MP13 (DDRMCE) and STM32MP2 (RISAF).
4. Secure element
The ST33 Trusted Platform Module Chip (TPM) services (key storage, authentication check, and encrypting) are possible using the standard linux framework.
5. Advanced security
SAES peripheral contains a secret hardware unique key that to make key wrapping for key stored in flash memories. It can be used for Rootfs encryption with Linux dm-crypt from wrapped key by SAES with the HUK. Rootfs encryption with wrapped key example (as yocto layer) can be requested to ST via OnLine Support.
Having these advanced features or more advanced services running in the secure execution context, like secure firmware update (update in secure environment), trusted applications, SVN, virtualization, STMicroelectronics strongly recommends contacting third-party companies. For more details, see ST Partner Program.
The primary documentation for security aspect of the STM32MPU are located on the ST Wiki. See below for a list of related articles.
Related ST wiki articles
- Security overview
https://wiki.st.com/stm32mpu/wiki/Security_overview - Overview of secure boot and ROM code
https://wiki.st.com/stm32mpu/wiki/STM32_MPU_ROM_code_secure_boot
https://wiki.st.com/stm32mpu/wiki/STM32_MPU_ROM_code_overview - Device life cycle
https://wiki.st.com/stm32mpu/wiki/STM32_MPU_ROM_code_overview
3.5. Life cycle
https://wiki.st.com/stm32mpu/wiki/Device_life_cycle - Process to enable authentication of the trusted boot chain
https://wiki.st.com/stm32mpu/wiki/How_to_enable_secure_boot_on_STM32_MPU
https://wiki.st.com/stm32mpu/wiki/How_to_perform_Secure_Boot_from_Distribution_package - STM32MPU keys
https://wiki.st.com/stm32mpu/wiki/How_to_enable_secure_boot_on_STM32_MPU
3.2. STM32MPU keys
https://wiki.st.com/stm32mpu/wiki/Hardware_Unique_Key_overview - TFA authentication of signed binaries in FIP partition
https://wiki.st.com/stm32mpu/wiki/TF-A_BL2_Trusted_Board_Boot
3 Chain of Trust (CoT)
for certificates
5.6 STM32 MPU build options
for specific build options
https://wiki.st.com/stm32mpu/wiki/How_to_configure_TF-A_FIP
https://wiki.st.com/stm32mpu/wiki/STM32_MPU_Flash_mapping - Uboot authentication of kernel, device tree and initramfs in FIT image
https://wiki.st.com/stm32mpu/wiki/How_to_create_Signed_FIT_image_from_Distribution_package
https://github.com/STMicroelectronics/u-boot/tree/v2018.11-stm32mp/doc/uImage.FIT/ - Cortex®-M4 coprocessor firmware authentication principles
https://wiki.st.com/stm32mpu/wiki/How_to_protect_the_coprocessor_firmware - Cortex®-M33 coprocessor secure firmware
https://wiki.st.com/stm32mpu/wiki/TF-M_overview
https://wiki.st.com/stm32mpu/wiki/How_to_configure_TF-M
https://wiki.st.com/stm32mpu/wiki/How_to_build_and_debug_secure_project_on_STM32MP25_co-processor_in_STM32CubeIDE
2. Importing
2 projects imported
-STM32CubeIDE project (see M33 examples from STM32CubeMP2)
-TF-M trusted-firmware-m project
3. Build
generates Secure and Non Secure firmware - Tools for generating keys
private key(s) (used for TF-A binary signing)
public key(s) (added in stm32 image header by signing tool with signature)
public key hash: PKH for MP15 (to be fused in OTP)
or public key hash table: PKH table for MP13, MP2 (to be fused in OTP)
https://wiki.st.com/stm32mpu/index.php/KeyGen_tool - Tools for signing TF-A binary
https://wiki.st.com/stm32mpu/index.php/Signing_tool
https://wiki.st.com/stm32mpu/wiki/STM32_header_for_binary_files - TF-A or FIP binary signing example with Software HSM
https://wiki.st.com/stm32mpu/wiki/How_to_sign_a_software_image_using_an_external_HSM - OTP
https://wiki.st.com/stm32mpu/wiki/STM32MP15_OTP_mapping
https://wiki.st.com/stm32mpu/wiki/STM32MP13_OTP_mapping
https://wiki.st.com/stm32mpu/wiki/STM32MP25_OTP_mapping
Lower and Middle (MP2 only) fuses region as non-secret information
Lower is programmed bit by bit
Middle (MP2 only) is 32-bit word programmable
Upper is for secure, store secret
Upper can be read from non secure (MP1)
https://wiki.st.com/stm32mpu/wiki/BSEC_internal_peripheral
https://wiki.st.com/stm32mpu/wiki/BSEC_device_tree_configuration
3.2.1. BSEC node append
Upper not reachable from non secure (MP2)
how to program OTP
https://wiki.st.com/stm32mpu/wiki/STM32CubeProgrammer_OTP_management
https://wiki.st.com/stm32mpu/wiki/STM32PRGFW-UTIL
https://wiki.st.com/stm32mpu/wiki/Category:STM32PRG-TOOLBOX
https://wiki.st.com/stm32mpu/wiki/OP-TEE_OTP_overview
STM32MP BSEC PTA to export OTP to other TA or to normal world
STM32MP NVMEM TA to export OTP to the NVMEM or STM32cubeProgrammer
https://wiki.st.com/stm32mpu/wiki/NVMEM_overview
4.1.2. How to read OTP areas using NVMEM - Secure secret provisioning
https://wiki.st.com/stm32mpu/wiki/Secure_Secret_Provisioning_(SSP)_overview
https://wiki.st.com/stm32mpu/wiki/How_to_deploy_SSP_using_a_step-by-step_approach - OPTEE and Trusted Applications
https://wiki.st.com/stm32mpu/wiki/OP-TEE_overview
lhttps://wiki.st.com/stm32mpu/wiki/STM32MPU_OP-TEE_profiles
2 profiles : with only systems services or with system services and security
3. OP-TEE system services profile
4. OP-TEE secure services profile
STMicroelectronics does not currently deliver any TA but demo examples can be run
https://optee.readthedocs.io/en/latest/building/trusted_applications.html
https://optee.readthedocs.io/en/latest/building/gits/optee_examples/optee_examples.html
some guidelines to develop application using OPTEE
https://wiki.st.com/stm32mpu/wiki/How_to_develop_an_OP-TEE_Trusted_Application
https://optee.readthedocs.io/en/latest/building/userland_integration.htm
PKCS#11 driver
https://optee.readthedocs.io/en/latest/building/trusted_applications.html#identifying-ta-s-client
https://optee.readthedocs.io/en/latest/architecture/secure_storage.html
https://optee.readthedocs.io/en/4.0.0/building/trusted_applications.html#offline-signing-of-tas - OpenSSL with private key in OPTEE secure storage
PKCS11 TA can be used for application using OpenSSL with key in OPTEE secure storage
https://static.linaro.org/connect/lvc21/presentations/lvc21-215.pdf - OpenSSL with Crypto peripherals (without OPTEE secure storage)
https://wiki.st.com/stm32mpu/wiki/Crypto_API_overview - Disk encryption with Crypto peripherals - Disk encryption with hardened key
https://wiki.st.com/stm32mpu/wiki/Crypto_API_overview
https://wiki.st.com/stm32mpu/wiki/How_to_encrypt_a_disk_with_dm-crypt
6.3. Shared key mode
possibility to use Hardware Unique Key - Secure firmware update
https://wiki.st.com/stm32mpu/wiki/Secure_Firmware_Update - Tamper protections configuration
https://wiki.st.com/stm32mpu/wiki/Tamper_configuration
https://wiki.st.com/stm32mpu/wiki/Tamper_configuration#Software_configuration
https://wiki.st.com/stm32mpu/wiki/TAMP_device_tree_configuration
3.3. How to use TAMP Backup Registers
https://wiki.st.com/stm32mpu/wiki/STM32MP13_backup_registers#Memory_mapping
https://wiki.st.com/stm32mpu/wiki/STM32MP15_backup_registers#Memory_mapping
https://wiki.st.com/stm32mpu/wiki/STM32MP2_backup_registers#Memory_mapping
https://wiki.st.com/stm32mpu/wiki/NVMEM_overview
4.1.1. How to list NVMEM devices
TAMP Backup Registers is stm32-tamp-nvram0 - Peripheral isolation
Execution context
https://wiki.st.com/stm32mpu/wiki/Getting_started_with_STM32_MPU_devices - Default peripheral execution context assignments
https://wiki.st.com/stm32mpu/wiki/STM32MP15_peripherals_overview
https://wiki.st.com/stm32mpu/wiki/STM32MP13_peripherals_overview
https://wiki.st.com/stm32mpu/wiki/STM32MP25_peripherals_overview - How to assign a peripheral to a context
https://wiki.st.com/stm32mpu/wiki/How_to_assign_an_internal_peripheral_to_a_runtime_context
- Secure peripherals
https://wiki.st.com/stm32mpu/wiki/Category:Security_peripherals
for Key generation on optee side, use
https://wiki.st.com/stm32mpu/wiki/PKA_internal_peripheral
for encryption/decryption on linux or optee side, use
https://wiki.st.com/stm32mpu/wiki/CRYP_internal_peripheral
for key wrapping/unwrapping on optee side, use
https://wiki.st.com/stm32mpu/wiki/SAES_internal_peripheral
for hash on linux or optee side, use
https://wiki.st.com/stm32mpu/wiki/HASH_internal_peripheral - Assigning access rights to MPU peripherals
from Cortex®-A7 contexts (secure or normal) and Cortex®-M4 context
https://wiki.st.com/stm32mpu/wiki/ETZPC_internal_peripheral - Assigning access rights to internal ROM/RAM
from Cortex®-A7 and Cortex®-M4
https://wiki.st.com/stm32mpu/wiki/TZC_internal_peripheral
- OP-TEE firewall
https://wiki.st.com/stm32mpu/wiki/OP-TEE_Firewall_Framework - RIF configuration for STM32MP2 (Cortex®-A35 and Cortex®-M33)
https://wiki.st.com/stm32mpu/wiki/STM32MP2_ROM_code_resource_isolation
https://wiki.st.com/stm32mpu/wiki/STM32MP2_firewall_configuration
2.3. Minimal RIF configuration rules
https://wiki.st.com/stm32mpu/wiki/RIFSC_internal_peripheral
https://wiki.st.com/stm32mpu/wiki/RIFSC_device_tree_configuration
https://wiki.st.com/stm32mpu/wiki/RISAB_internal_peripheral
https://wiki.st.com/stm32mpu/wiki/RISAB_device_tree_configuration
https://wiki.st.com/stm32mpu/wiki/RISAF_internal_peripheral
https://wiki.st.com/stm32mpu/wiki/RISAF_device_tree_configuration - DDR encryption
https://wiki.st.com/stm32mpu/wiki/RISAF_internal_peripheral
or
https://wiki.st.com/stm32mpu/wiki/DDRMCE_internal_peripheral
- TPM V2.0 specification implementation (Trusted Platform Module companion chip) with OpenSTLinux TPM expansion package
Category: X-LINUX-TPM expansion package - stm32mpu
https://wiki.st.com/stm32mpu/wiki/STPM4RasPI_expansion_board
How to get started with secure boot
Secure boot from distribution package
https://wiki.st.com/stm32mpu/wiki/How_to_perform_Secure_Boot_from_Distribution_Package
2. Creating signature key
Gives example of key generation command for each STM32MPU.
https://wiki.st.com/stm32mpu/wiki/How_to_create_Signed_FIT_image_from_Distribution_package
Options for secure boot with FIT image:
fuse PKH (MP15) or PKH table (MP13, MP2) in OTP
stm32key in the development phase.
https://wiki.st.com/stm32mpu/wiki/How_to_use_U-Boot_stm32key_command
check TF-A authentication from ROM code
https://wiki.st.com/stm32mpu/wiki/How_to_enable_secure_boot_on_STM32_MPU
in development phase do not need to close the device
3.4.1. ROM code secure boot validation
The following trace should appear in the TF-A console:
NOTICE: Bootrom authentication succeeded or NOTICE: Bootrom authentication failed.