Introduction
This document describes how to prepare STM32H533xx microcontrollers to build a secure system solution compliant with the
SESIP 3 standard using the STM32CubeH5 MCU Package.
The NUCLEO-H533RE board integrating the STM32H533RET6 microcontroller is used as the hardware vehicle to implement
and test a secure application executed through the STM32H533RET6 microcontroller immutable RoT but it does not bring any
additional security mechanism.
The security guidance described in this document applies to any boards based on STM32H533xx microcontrollers.
STM32H533xx security guidance for SESIP 3 Certification
UM3299
User manual
UM3299 - Rev 1 - December 2024
For further information contact your local STMicroelectronics sales office.
www.st.com
1 General information
The STM32CubeH5 application runs on STM32H533xx 32-bit microcontrollers based on the Arm
®
Cortex
®
M
processor.
Note: Arm and TrustZone are registered trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere.
The following table presents the definitions of acronyms relevant to a better understanding of this document.
Table 1. List of acronyms
Acronym Description
CLI Commandline interface
GUI Graphical user interface
HDP Secure hide protection
HUK Hardware unique key
HW Hardware
NSPE Nonsecure processing environment PSA term.
MPU Memory protection unit
PSA Platform security architecture. Framework for securing devices.
RoT Root of Trust
STiRoT
ST immutable application inside the STM32H533RET6 microcontroller managing secure boot and secure
firmware update of an application installed in the STM32H533RET6 microcontroller user flash memory.
User
application
Application located inside the user flash memory started by STiRoT after verifying its integrity and authenticity.
Not part of TOE.
SESIP Security evaluation standard for IoT platforms
SPE Secure processing environment PSA term
SW Software
TOE Target of evaluation
DA Debug Authentication
UM3299
General information
UM3299 - Rev 1
page 2/47