Isolating MCU hardware and firmware using TrustZone security technology
In the IoT and connected device marketplace, device security is paramount to protect customer information and to prevent outside attacks.
The new STM32L5 series MCU based on ARM Cortex M33 core with TrustZone technology is part of the STM32Trust Security Ecosystem, where the TrustZone is a dynamic firewall providing hardware and software isolation to the system. Developers can isolate critical security firmware, authentication and private information from other parts of the device. The STM32L5 provides crypto accelerators for Public Key, AES, Hash and a True Random Number Generator and On-the-Fly Decrypt for external memories. The STM32L5 can provide secure boot with Root Secure Services and TF-M (ARM PSA compliant Trusted Firmware) with a unique boot entry, providing a secure framework to base the system on "Root of Trust". The new series further pushes the low power footprint of our already class leading devices while offering new peripherals (USB Type C & PD) and power management innovation allowing for a class leading 62uA/MHz current consumption.
You will learn:
- The new features and peripherals in the STM32L5
- Understand how to create a "Root of Trust" with the STM32L5 Security features
- How to use STM32 Trusted Package Creator
- How to interface to other ST products (NFC) for a digital signature verification application
Secure and Non-Secure application co-existence using TrustZone security technology
This 2-hour hands-on workshop will use the STMicroelectronics NUCLEO-L552ZE-Q board to configure and activate the Cortex-M33 TrustZone to secure an application. A Blinky application will be used to demonstrate how the STM32L5 TrustZone can secure the peripherals and memory. The workshop will be divided into approximately 20-minute segments alternating between lecture and hands-on. The STM32CubeMX configuration tool will be used to configure the STM32L5 device and to generate the Blinky LED application code for secure and non-secure applications. No source code compiler or IDE is required as the pre-complied binaries will be provided. The STM32cube Programmer tool and the embedded STLINK/V3 will be used to load the binaries into the STM32L5 device.
Workshop Agenda (may change prior to event)
1.Overview of the STM32L5 and Cortex M33 Device
Hands-On: Configure and download a non-secure Blinky application
2. Overview of the TrustZone
Hands-On: Configure and download a secure Blinky application
3. Review the secure and Non-Secure application co-existence using TrustZone
Hands-On: Add the non-secure Blinky application to the trusted application.
4. Review the trustZone Faults and Regression
Hands-On: Change the non-secure Blinky application to attempt access to the secure LED.
Hands-On: Turnoff and mass erase the STM32L5 TrustZone.
The materials for this workshop can be downloaded at: