Introduction

This application note describes how to get a Secure Boot and Secure Firmware Update solution on Arm

TrustZone

STM32

microcontrollers based on the Arm

Cortex

‑M33 processor. It also provides a top-level comparison of this solution versus

the X-CUBE-SBSFU solution, which applies to non-TrustZone

STM32 microcontrollers based on the Arm

Cortex

‑M0,

Cortex

‑M3, Cortex

‑M4, or Cortex

‑M7 processors. It provides as well top-level integration guidelines for the Secure Boot and

Secure Firmware Update solution.

For Arm

TrustZone

STM32 microcontrollers, a Secure Boot and Secure Firmware Update solution is provided in the

corresponding STM32Cube MCU Package. Contrary to the solution proposed in the X-CUBE-SBSFU STM32Cube Expansion

Package, it is based on the open-source TF‑M (Trusted Firmware for Arm

Cortex

‑M) reference implementation.

This application note applies to all TrustZone

STM32 microcontrollers (refer to Table 1). However, in this document, the

STM32L5 Series is used as an example.

Depending on the TrustZone

STM32 microcontroller, TF‑M-based application available in the STM32Cube MCU Package may

differ. Refer to the user manual of the TFM application (complete implementation of TF‑M) of the considered Arm

TrustZone

STM32 microcontroller (see Section 2 References) to get a precise description of the solution.

To get more information about the open-source TF‑M reference implementation, refer to [TF‑M].

Table 1. Applicable products

Type Product series

Microcontrollers STM32L5 Series, STM32U5 Series

Overview of Secure Boot and Secure Firmware Update solution

on Arm

TrustZone

STM32 microcontrollers

AN5447

Application note

AN5447 - Rev 3 - August 2021

For further information contact your local STMicroelectronics sales office.

www.st.com

1 General information

Throughout this application note, the terminology X-CUBE-SBSFU refers to the Secure Boot and Secure

Firmware Update solution available in the X-CUBE-SBSFU STM32Cube Expansion Package, whereas the

terminology SBSFU refers to the Secure Boot and Secure Firmware Update solution available in the STM32Cube

MCU Packages of Arm

TrustZone

STM32 microcontrollers (STM32CubeL5 is used as an example).

Table 2 presents the definition of acronyms that are relevant for a better understanding of this document.

Table 2. List of acronyms

Acronym Definition

AEAD Authenticated encryption with associated data

AES Advanced encryption standard

CBC AES cipher block chaining

CTR AES counter mode

EAT Entity attestation token

ECDSA Elliptic curve digital signature algorithm

GCM AES Galois/counter mode

HDP Hide protection

HUK Hardware unique key

ITS Internal trusted storage

KMS Key management services

MAC Message authentication code

MPU Memory protection unit

OEM Original equipment manufacturer

OTFDEC On-the-fly decryption

PKCS Public-key cryptography standard

PSA Platform security architecture. Framework for securing devices

RDP Read protection

RoT Root of Trust

RSA Rivest–Shamir–Adleman algorithm

SBSFU Secure Boot and Secure Firmware Update

SST Secure storage service. Secure storage service provided by TF‑M

TBSA-M

Trusted base system architecture for Arm

Cortex

-M

TF‑M

Trusted Firmware for M-class Arm

processors. TF‑M provides a reference implementation of secure

world software for Armv8-M

TFM Name of the TF‑M-based application with complete functionalities in the STM32Cube MCU Package

TrustZone

WRP Write protection

Note: Arm and TrustZone are registered trademarks of Arm Limited (or its subsidiaries) in the US and or elsewhere.

AN5447

General information

AN5447 - Rev 3

page 2/22