Featured content
Image for STM32Trust

STM32Trust offers a robust multi-level strategy to enhance security in new product designs based on our STM32 microcontrollers and microprocessors augmented with STSAFE secure elements.

STM32Trust is a security framework combining our knowledge, ecosystem, and security services. This solution offers developers a complete toolset to protect their design’s valuable assets, such as software IP and data, and to ensure secure connectivity and system integrity.

With a set of 12 security functions offering hardware, software, and design services from ST and third parties, STM32Trust complies with the requirements of the major IoT certification schemes.
To ensure best-in-class security, ST provides MCUs and MPUs with their associated security functions based on PSA and SESIP certifications.

This assurance level allows designers to build their applications using a solid security framework and to meet the requirements of their pre-defined security assurance level, such as PCI, UL-2900, IEC 62443, ETSI EN 303 645, FIPS-140-2 and many others.

To enhance the Security Assurance Level, STM32Trust also supports secure elements from the STSAFE product family. Certified Common Criteria EAL5+, the STSAFE portfolio offers multiple devices for secure connectivity which are essential for cloud communications, secure storage and authentication, and system integrity.

Developed in close collaboration with partners and customers, STM32Trust builds on several asset-protection use cases and the security features they require, as shown in the examples below. However, as a first step before using the STM32Trust framework, it is necessary to perform an in-depth analysis of your security model, based on the outcome of your threat analysis.

      • Key protection requirements
        • Prevent code & data access
        • Isolate third-party software IP
        • Control software licenses
        • Enable software updates
        • Prevent malware
        • Lock usage to authorize devices
        • Application lifecycle (define unchangeable incremental states to protect application states and assets)
        Essential functions
        • Secure boot
        • Secure Install/Update
        • Secure storage
        • Isolation
        • Abnormal situation handling
        • Crypto engine
        • Identification / Authentication / Attestation
        • Silicon device lifecycle
        • Software IP protection
        • Secure manufacturing
        • Application lifecycle (define unchangeable incremental states to protect application states and assets)
      • Key protection requirements
        • Confidentiality
        • Secret storage
        • Ensure compliance with GDPR regulations
        • Authenticity
        Essential functions
        • Secure boot
        • Secure storage
        • Isolation
        • Abnormal situation handling
        • Crypto engine
        • Identification / Authentication / Attestation
        • Silicon device lifecycle
        • Application lifecycle (define unchangeable incremental states to protect application states and assets)
      • Key protection requirements
        • Availability
        • Host & Server authenticity
        • Confidentiality
        • Integrity
        • Maintainability
        Essential functions
        • Secure boot
        • Secure Install/Update
        • Secure storage
        • Isolation
        • Abnormal situation handling
        • Crypto engine
        • Audit/Log
        • Identification / Authentication / Attestation
        • Silicon device lifecycle
        • Software IP protection
        • Secure manufacturing
        • Application lifecycle
      • Key protection requirements
        • Reliability
        • Availability
        • Authentication
        • Confidentiality
        • Regulatory compliance
        Essential functions
        • Secure boot
        • Secure storage
        • Isolation
        • Abnormal situation handling
        • Crypto engine
        • Identification / Authentication / Attestation
        • Silicon device lifecycle
        • Application lifecycle (define unchangeable incremental states to protect application states and assets)

Three examples illustrating how STM32Trust addresses key security needs are highlighted below.

Secure manufacturing
Secure boot & Secure update
Brand protection and identification
Your company designs smart toys.

    Key requirements
  • No firmware stealing at production
  • No over-production by manufacturer
  • Ensure firmware does not program devices not owned by the company
  • No firmware stealing in the field
  • Detection of attacks in the field

The Security Functions you need

  • Secure Manufacturing
  • Software IP Protection
  • Secure Install and Update
  • Silicon Device Lifecycle
  • Abnormal Situation Handling
  • Audit and Log
Your company sells technical equipment and would like to offer a firmware updated service.

    Key requirements
  • Ensure firmware update targets only your equipment
  • Be aware of product state at all times
  • Ensure the update is handled with integrity and that authenticity checks are carried out
  • Authenticity of firmware running on devices

The Security Functions you need

  • Identification Authentication Attestation
  • Secure Install and Update
  • Secure Boot
You control a fleet of devices from a remote server

    Key requirements
  • That every device shows a unique identity
  • Authenticate single devices
  • Attest device access rights
  • Secure device communication
  • Ensure that identities and access right secrets cannot be leaked even at the manufacturing stage

The Security Functions you need

  • Identification Authentication Attestation
  • Crypto Engine
  • Secure Storage and Secure Manufacturing (Secure Personalization)

STM32Trust brings 12 security functions & services to align with asset-protection use cases and to provide the right security assurance levels

1. Secure boot

Ability to ensure the authenticity and integrity of an application that runs inside a device

2. Secure Install/Update

Installation or update of firmware with initial checks of integrity and authenticity before programming

3. Secure Storage

Ability to securely store secrets like data or keys (and to access them without them being visible externally)

4. Isolation

Isolation between trusted and non-trusted parts of an application

5. Abnormal situation handling

Ability to detect abnormal situations (both hardware and software) and to take adapted decisions like the removal of secret data

6. Crypto Engine

Ability to process cryptographic algorithms, as recommended by a security assurance level

7. Audit/Log

Keep trace of security events in an unchangeable way

8. Identification / Authentication / Attestation

Unique identification of a device and/or software package, and ability to detect its authenticity, from inside the device or externally

9. Silicon device lifecycle

Control states to securely protect silicon-device assets through a constrained path

10. Software IP protection

Ability to protect a section or the whole software package against external or internal reading. Can be multi-tenant

11. Secure manufacturing

Initial device provisioning in unsecured environment with overproduction control. Potential secured personalization

12. Application lifecycle

Define unchangeable incremental states to securely protect application states and assets


Some examples are listed below, and additional product documentation is available for more accurate descriptions and information on availability: RDP (Read Protection), WRP (Write Protection), PcRoP (Proprietary code Read out Protection), MPU (Memory Protection Unit), HDP (Hide Protect), OTP zones, OTFDEC (On the fly Decryption), CRC (*Cyclic Redundancy check), *TrustZone, Firewall, Anti-tamper mechanisms, Crypto Accelerators & Libraries, RNG (Random Number Generator), Unique IDs, SSP (Secure Secret Provisioning), TF-M (Trusted Firmware Management), TF-A (Trusted Firmware for Arm Cortex-A), OPTEE (Open Portable Trusted Execution Environment), UBE (Unique Boot Entry), FSBL (First Stage Boot Loader), SBSFU (Secure Boot & Secure Firmware Update), SFI (Secure Firmware Installation) etc. Additionally, firmware & tools services will be introduced.

Firmware & SW Tools

Secure Boot and Secure Firmware Update (SBSFU)

Secure Boot ensures the integrity and authenticity of the application firmware to run on the device.
Secure Firmware Update allows you to authenticate and to verify the integrity of the required field updates.

ST provides two different implementations as reference source codes on STM32 microcontrollers and microprocessors:

  • X-CUBE-SBSFU, implementing the SBSFU mechanisms. This solution shows you how to set up all STM32 memory-protection mechanisms to isolate Secure Boot and Firmware Update functions from the main application. A reference implementation of ST's secure element STSAFE, which maximizes the security level of the final application, is included. STM32L4 implementation also offers secure storage.
  • TFM_SBSFU, implementing the same mechanisms on devices loaded with TF-M (Trusted Firmware-M), and delivered with STM32Cube packages

Trusted Firmware-M (TFM)

The Trusted Firmware-M software implementation is a reference implementation of the Platform Security Architecture (PSA) for Cortex-M ARMv7-M and Armv8-M.

TF-M is an open-source software project included in the STM32Cube MCU packages that provides, for STM32 microcontrollers:

  • Secure firmware with support for PSA Level 1 and 2 isolation on Armv8-M;
  • The Interfaces exposed by secure firmware to a non-secure side.
  • A secure firmware model with non-secure application example.
  • Secure services running within the secure environment include:
    • Secure Storage Service
    • Attestation
    • Crypto Service
    • Audit Log

Trusted Firmware-A

Usually shortened to TF-A, Trusted Firmware-A is a reference implementation of the secure-world software solution provided by Arm. It was first designed for Armv8-A platforms, and has been adapted by ST to be used on Armv7-A platforms. Arm is transferring the Trusted Firmware project to be managed as an open-source project by Linaro.

It is used as the first-stage boot loader (FSBL) on STM32 MPU platforms when using the trusted boot chain.

The code is open source, under a BSD-3-Clause license, and can be found on Github, with an updated documentation on Trusted Firmware-A implementation.

Trusted Firmware-A also implements a secure monitor with various Arm interface standards:

  • The power state coordination interface (PSCI)
  • Trusted board boot requirements (TBBR)
  • SMC calling convention
  • System control and management interface

More information is available on the STM32MP1 MPU wiki page.

Open Portable Trusted Execution Environment (OPTEE)

OPTEE is a Trusted Execution Environment (TEE), a software solution designed as a companion for a non-secure Linux kernel running on microprocessors with Arm Cortex-A cores using TrustZone technology. OPTEE APIs are defined by the GlobalPlatform API specifications to which they belong.

The main design goals for OP-TEE are:

  • Isolation: the TEE provides isolation from the non-secure OS and protects the loaded Trusted Applications (TAs) from each other using underlying hardware support
  • Small footprint: the TEE should remain small enough to reside in a reasonable amount of on-chip memory as found on Arm-based systems
  • Portability: the TEE is compatible with different architectures and available hardware, and supports various set-ups such as multiple client operating services and TEEs.
  • OP-TEE is delivered as part of OpenSTLinux distribution packages, available for STM32 microprocessors.

Crypto Libraries

ST offers several cryptographic libraries for STM32 microcontrollers to address the requirements of practical use cases:

  • X-CUBE-CRYPTOLIB: this ECCN 5D002-classified software solution is based on the architecture of the STM32Cube package and includes a set of crypto algorithms based on firmware implementation. Ready to use in all STM32 microcontrollers.
  • TF-M Crypto: cryptographic service, as delivered within TF-M reference code
  • DPA Resistant Crypto Lib: ST offers a DPA-resistant implementation of cryptographic algorithms. On demand on some specific part numbers. Please contact your nearest sales office.

Secure Firmware Installation (SFI)

The Secure Firmware Installation solution, available on STM32L4, STM32H7 and STM32L5 microcontrollers and soon to be extended to additional STM32 platforms, provides protection when devices are being programmed for the first time.

This solution offers a complete toolset with the Trusted Package Creator software package to encrypt OEM binaries, the STM32CubeProgrammer to securely flash the STM32, and the STM32HSM to transfer OEM credentials to the programming partner.

After firmware development and validation, designers can securely encrypt binary files using the Trusted Package Creator software, and store their credentials into a dedicated smart card, such as the hardware security module STM32HSM.

The STM32CubeProgrammer or SFI recommended partner programming tools can then be implemented to securely program STM32 MCUs in untrusted environments, such as EMS manufacturing lines.


The STM32CubeProgrammer includes the STM32TrustedPackage Creator tool which allows the generation of SFI and SMI encrypted images for STM32 devices embedding SFI. It is available in both CLI and GUI modes for free.

The SFI format is an encryption format for firmware created by ST. It uses AES algorithm to transform a firmware solution in Elf, Hex, Bin or Srec formats into an encrypted and authenticated firmware in SFI format. An SFI firmware image is composed of a header and several areas. The areas are usually contiguous firmware areas. The last area is the configuration area containing the option byte values to be programmed when the SFI is complete.


The STM32HSM-V1 is used to secure the programming of STM32 products to avoid product counterfeiting during the manufacturing process.

X-CUBE-PCROP firmware

The goal of X-CUBE-PCROP firmware is to illustrate the practical usage of the PCROP protection feature on STM32F4, STM32F7 and STM32L4 MCUs.

Security Assurance & Certifications


Long Commercial Banner Fragment Editor

Main color
Contrast color
Font color
Button type
Open the link in a new window
Button label
Sub Brand

Featured content

STM32Trust: Secure Boot, Update, and Install Under One Roof

We are launching today STM32Trust, a new initiative that focuses on all the software and hardware solutions we bring to improve the security of our devices.

Get involved in the STM32 Community

Ask questions, share projects and collaborate with your fellow community members.

Follow us on Facebook

Be the first informed about our STM32 products and solutions and share your ideas on our dedicated Facebook page

Protecting the data integrity and confidentiality on the
STM32MP1 thanks to the power of STM32Trust