SlideShare a Scribd company logo

secure-manager-introduction-v1.pdf

S
ssuser64a562

secure-manager-introduction-

Design
1 of 22
Download to read offline
Fast-track your embedded security journey Discover the STM32Trust TEE Secure Manager for STM32H5 MCUs
During communication Locally Remotely If only “ At rest I could easily protect my critical data & secrets and those of my end customers During development In production In the field I could easily and strongly protect my IPs, and my partner’s IPs Registration Data protection Secure updates Device lifecycle I could easily & securely connect to Clouds & Servers without Painful digital identities management 2
Secure Manager A trusted execution environment (TEE) integrating core security services This is where we come in ! A set of turnkey security services developed, maintained, and certified by ST 3 Fitting your security needs
STM32H5 security offer
A scalable security offer to address your needs 5 Innovate faster! Your application Secure hardware Root of trust Secure boot & install Security services The 12 STM32Trust security functions Choose your preferred security track, from secure hardware to the entire STM32Trust function coverage
Security challenges for our customers for our customers Missing link Time to market High cost Complex Scalability, certification, maintenance core security hardware and services IoT security Certifications & Regulations Multiple Devices Developers Hardware Addressing the security challenges & gaps 6
STM32Trust TEE – Secure Manager
Secure Manager A trusted execution environment (TEE) integrating core security services A simplified customer journey Multi-tenant IP protection Seamless cloud/server support Supporting remote provisioning The first MCU supplier to offer a certified and maintained TEE solution to customers Accelerate your time to market 9
• ST platform ownership • Turnkey set of security services • Arm® PSA API compatible • Modular secure update capable • Secure Manager Core to handle isolation • Multi-tenant software IP protection • Designed for Long-Term-Support • To be certified and maintained by ST • Optimized certification properties Secure Manager on STM32H5 MCU 10 Application Non secure Real-time OS Secure Secure Manager Core Firmware update Trusted storage Cryptography Attestation Trusted app 1 Trusted app # TrustZone Un-privileged or Privileged Protect IP and simplify security customer journey ST iRoT ST uRoT Privileged Un-privileged PSA API Target Scope of Secure Manager
Secure Manager Benefits 11 Multi-tenant IP protection • Multiple business case made possible • Isolation for confidentiality at installation & runtime • Protected development flow Simplified customer journey • Turnkey TEE security solution including services • Full certified secure implementation • TrustZone complexity abstraction • Designed for LTS – long term service • PSA API compliant Cloud / Server • Seamless Cloud/Server registration • Pre-provisioned keys & certificate • PSA compliant attestation Remote secret admin. • Remote PKI lifecycle management enabled • Customizable (e.g. Matter) • Certificate installation/rotation/… • Via partnership (NOT an ST service) Enhance security while reducing costs and complexity
Development and installation
Secure Manager Access Kit SMAK 13 Secure Manager for prod. Application examples (demonstrating PSA APIs) Documentation Downloaded from STM32CubeH5 Downloaded from STM32TRUSTEE-SM (encrypted binary) license SLA0048 license SLA0048 H573 SFI ST-iRoT Secure Manager Applica tion OEM Secrets Trusted Package Creator Image creation scripts SMAK license SLA0048 Used for production 1 Secure Manager Installation 2 OEM application creation Development kit to develop NS applications using security services
1. Download CubeH5 – SMAK examples • ProjectsSTM32H573I-DKApplicationsROTSMAK_Appli 2. Download the Secure manager binary • STM32TrustTEE-SM webpage 3. Configure & Install Secure Manager • Start w/ default settings (or configure ITS, Memory, Key, DA) ProjectsSTM32H573I-DKROT_ProvisioningSM 4. Build and load the NS project How to evaluate the secure manager Focusing on application using security services 14 SMAK API call examples Non secure Secure SM Core Firmware update Trusted storage Cryptography Attestation ST uRoT API Attestation Cryptography Storage FW update batch Secure manager package How_to_start_with_Secure_Manager_on_STM32H573 • Application can be modified/debugged • Security APIs can be used • Based on examples provided • Secure area is protected -TEE locked batch STM32H573I-DK
Secure Module Development Kit SMDK 15 STM32H573 SFI ST-iRoT Secure Manager Module Appli Example Module Owner Secrets Trusted Package Creator Image creation scripts SMDK license – specific LLA • Used for development only • Available on demand Development Secure Manager installation 2 IP Module creation Development kit to develop secure modules within TrustZone® Secure Manager for development Secure module examples (demonstrating SM core APIs) Documentation Downloaded from X-CUBE-SMDK-H5 Available on demand (encrypted binary) SMDK is ONLY to support development Module 1
SMDK How to develop a secure module with SMDK 16 Non secure Secure Secure |Module API Applicative Module Dev. Secure manager Getting started SMDK • Module can be modified/debugged • Interface with secure module via APIs SM Core Firmware update Trusted storage Cryptography Attestation ST uRoT batch !! SMDK is ONLY for development !! STM32H573I-DK batch 1. Download CubeH5 2. Sign license – contact your ST representative • Manage export control process 3. Get SMDK  X-CUBE-SMDK-H5 • channel provided by ST after signature of the license 4. Configure & Install Dev. Secure Manger 5. Build and load the project
Secure Manager Preparation & Installation flow 17 ST IP SW Multi-tenant IP modules OEM Secrets Trusted Package Creator OEM Secrets OEM Application Module 1 Module 2 Image Certified Secure Manager Protected by ST specific Key Protected by Module Key Protected by OEM Key STM32H573 SFI ST-iRoT STM32H573 SFI ST-iRoT Secure Manager Module 1 Module 2 Applica tion Application Creation Flow OEM Installation Flow Protected by ST public Key for OEM IP Modules Secure Manager OEM KEY OEM Secrets Initial/virgin state OEM personalized product OEM Applicatio n OEM Programmer X-CUBE-SEC-M-H5 option option
Documentation
• STM32Trust web page • STM32CubeH5 – inc. API & SMAK examples • STM32H5 RM0481 • STM32TrustTEE-SM web page • X-CUBE-SEC-M-H5 H5 SM binary • On-line trainings • X-CUBE-SMDK-H5 SMDK – on demand • Discovery kit with STM32H573 • STM32H5 security FAQ • Secure Manager Blog article • Wiki security • Wiki Security H5 • Wiki Secure Manager • Getting started with H5 security • ST Community specific tags • Secure Manager • STM32H5 Series • IoT kits including Secure Manager • Azure X-CUBE-AZURE-H5 • AWS X-CUBE-AWS-H5 Documentation and useful links 19
Conclusion & Takeaway
During communication Locally Remotely If only “ At rest I could easily protect my critical data & secrets and those of my end customers During development In production In the field I could easily and strongly protect my IPs, and my partner’s IPs Registration Data protection Secure updates Device lifecycle I could easily & securely connect to Clouds & Servers without Painful digital identities management 21
Secure Manager STM32H5 MCU Target certifications 22
© STMicroelectronics - All rights reserved. ST logo is a trademark or a registered trademark of STMicroelectronics International NV or its affiliates in the EU and/or other countries. For additional information about ST trademarks, please refer to www.st.com/trademarks. All other product or service names are the property of their respective owners. 23

Recommended

Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Unlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial SecurityUnlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial Securityteam-WIBU
 
Alexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of AppliancesAlexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of AppliancesPositive Hack Days
 
Alexander Antukh
Alexander AntukhAlexander Antukh
Alexander AntukhPositive Hack Days
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesNRB
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionLinaro
 

Recommended

Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Unlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial SecurityUnlocking the Future: Empowering Industrial Security
Unlocking the Future: Empowering Industrial Securityteam-WIBU
 
Alexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of AppliancesAlexander Antukh. (In)security of Appliances
Alexander Antukh. (In)security of AppliancesPositive Hack Days
 
Alexander Antukh
Alexander AntukhAlexander Antukh
Alexander AntukhPositive Hack Days
 
The Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesThe Mainframe's Role in Enterprise Security Management - Jean-Marc Darees
The Mainframe's Role in Enterprise Security Management - Jean-Marc DareesNRB
 
Security Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemSecurity Best Practices for Your Ignition System
Security Best Practices for Your Ignition SystemInductive Automation
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionLinaro
 
Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
 
New SIPROTEC 5 Version 7.8 - Overview
New SIPROTEC 5 Version 7.8 - OverviewNew SIPROTEC 5 Version 7.8 - Overview
New SIPROTEC 5 Version 7.8 - OverviewRyan O'Mara
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of SystemsJamal Jamali
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Iftikhar Ali Iqbal
 
Fundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentFundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentMark Szewczul, CISSP
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
Intel software guard extension
Intel software guard extensionIntel software guard extension
Intel software guard extensionDESMOND YUEN
 
Cisco SecureX.pdf
Cisco SecureX.pdfCisco SecureX.pdf
Cisco SecureX.pdfWildhaniIhyaraRahman1
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryAshley Zupkus
 
Industry 4.0 Security
Industry 4.0 SecurityIndustry 4.0 Security
Industry 4.0 SecurityDuncan Purves
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)Amazon Web Services
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Linaro
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonDigital Catapult
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesCodefresh
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security Industrial Internet Consortium
 
Flak general v2 5
Flak general v2 5Flak general v2 5
Flak general v2 5digiflak
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection SolutionGreg Stone
 
Samsung Security cameras
Samsung Security camerasSamsung Security cameras
Samsung Security camerasHaitham Youssef
 
SCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CASCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CANestorGamez6
 
Kindergarten Assessment Questions Via LessonUp
Kindergarten Assessment Questions Via LessonUpKindergarten Assessment Questions Via LessonUp
Kindergarten Assessment Questions Via LessonUpmainac1
 

More Related Content

Similar to secure-manager-introduction-v1.pdf

Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Cisco DevNet
 
New SIPROTEC 5 Version 7.8 - Overview
New SIPROTEC 5 Version 7.8 - OverviewNew SIPROTEC 5 Version 7.8 - Overview
New SIPROTEC 5 Version 7.8 - OverviewRyan O'Mara
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of SystemsJamal Jamali
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Iftikhar Ali Iqbal
 
Fundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentFundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentMark Szewczul, CISSP
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security ElementsEurotech
 
Intel software guard extension
Intel software guard extensionIntel software guard extension
Intel software guard extensionDESMOND YUEN
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryAshley Zupkus
 
Industry 4.0 Security
Industry 4.0 SecurityIndustry 4.0 Security
Industry 4.0 SecurityDuncan Purves
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)Amazon Web Services
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing GlobalSign
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Linaro
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonDigital Catapult
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesCodefresh
 
Flak general v2 5
Flak general v2 5Flak general v2 5
Flak general v2 5digiflak
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection SolutionGreg Stone
 
Samsung Security cameras
Samsung Security camerasSamsung Security cameras
Samsung Security camerasHaitham Youssef
 

Similar to secure-manager-introduction-v1.pdf (20)

Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation Implementing Fast IT Deploying Applications at the Pace of Innovation
Implementing Fast IT Deploying Applications at the Pace of Innovation
 
New SIPROTEC 5 Version 7.8 - Overview
New SIPROTEC 5 Version 7.8 - OverviewNew SIPROTEC 5 Version 7.8 - Overview
New SIPROTEC 5 Version 7.8 - Overview
 
Hardwar based Security of Systems
Hardwar based Security of SystemsHardwar based Security of Systems
Hardwar based Security of Systems
 
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CDPKI in DevOps: How to Deploy Certificate Automation within CI/CD
PKI in DevOps: How to Deploy Certificate Automation within CI/CD
 
Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)Technology Overview - Symantec Endpoint Protection (SEP)
Technology Overview - Symantec Endpoint Protection (SEP)
 
Fundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product DevelopmentFundamental Best Practices in Secure IoT Product Development
Fundamental Best Practices in Secure IoT Product Development
 
IoT Security Elements
IoT Security ElementsIoT Security Elements
IoT Security Elements
 
Intel software guard extension
Intel software guard extensionIntel software guard extension
Intel software guard extension
 
Cisco SecureX.pdf
Cisco SecureX.pdfCisco SecureX.pdf
Cisco SecureX.pdf
 
Towards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industryTowards 0-bug software in the automotive industry
Towards 0-bug software in the automotive industry
 
Industry 4.0 Security
Industry 4.0 SecurityIndustry 4.0 Security
Industry 4.0 Security
 
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
AWS re:Invent 2016: IoT Security: The New Frontiers (IOT302)
 
Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing Strong Security Elements for IoT Manufacturing
Strong Security Elements for IoT Manufacturing
 
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
Demystifying Security Root of Trust Approaches for IoT/Embedded - SFO17-304
 
BT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob RowlingsonBT Cloud Enterprise Service Store - Rob Rowlingson
BT Cloud Enterprise Service Store - Rob Rowlingson
 
Introducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI PipelinesIntroducing a Security Feedback Loop to your CI Pipelines
Introducing a Security Feedback Loop to your CI Pipelines
 
IIoT Endpoint Security
IIoT Endpoint Security IIoT Endpoint Security
IIoT Endpoint Security
 
Flak general v2 5
Flak general v2 5Flak general v2 5
Flak general v2 5
 
Futurex Secure Key Injection Solution
Futurex Secure Key Injection SolutionFuturex Secure Key Injection Solution
Futurex Secure Key Injection Solution
 
Samsung Security cameras
Samsung Security camerasSamsung Security cameras
Samsung Security cameras
 

Recently uploaded

SCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CASCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CANestorGamez6
 
Kindergarten Assessment Questions Via LessonUp
Kindergarten Assessment Questions Via LessonUpKindergarten Assessment Questions Via LessonUp
Kindergarten Assessment Questions Via LessonUpmainac1
 
Cheap Rate Call girls Malviya Nagar 9205541914 shot 1500 night
Cheap Rate Call girls Malviya Nagar 9205541914 shot 1500 nightCheap Rate Call girls Malviya Nagar 9205541914 shot 1500 night
Cheap Rate Call girls Malviya Nagar 9205541914 shot 1500 nightDelhi Call girls
 
VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...
VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...
VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...Call Girls in Nagpur High Profile
 
Peaches App development presentation deck
Peaches App development presentation deckPeaches App development presentation deck
Peaches App development presentation decktbatkhuu1
 
VIP Kolkata Call Girl Gariahat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Gariahat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Gariahat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Gariahat 👉 8250192130 Available With Roomdivyansh0kumar0
 
Call Girls in Kalkaji Delhi 8264348440 call girls ❤️
Call Girls in Kalkaji Delhi 8264348440 call girls ❤️Call Girls in Kalkaji Delhi 8264348440 call girls ❤️
Call Girls in Kalkaji Delhi 8264348440 call girls ❤️soniya singh
 
DragonBall PowerPoint Template for demo.pptx
DragonBall PowerPoint Template for demo.pptxDragonBall PowerPoint Template for demo.pptx
DragonBall PowerPoint Template for demo.pptxmirandajeremy200221
 
(AISHA) Ambegaon Khurd Call Girls Just Call 7001035870 [ Cash on Delivery ] P...
(AISHA) Ambegaon Khurd Call Girls Just Call 7001035870 [ Cash on Delivery ] P...(AISHA) Ambegaon Khurd Call Girls Just Call 7001035870 [ Cash on Delivery ] P...
(AISHA) Ambegaon Khurd Call Girls Just Call 7001035870 [ Cash on Delivery ] P...ranjana rawat
 
Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...
Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...
Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...Yantram Animation Studio Corporation
 
Fashion trends before and after covid.pptx
Fashion trends before and after covid.pptxFashion trends before and after covid.pptx
Fashion trends before and after covid.pptxVanshNarang19
 
Cheap Rate Call girls Kalkaji 9205541914 shot 1500 night
Cheap Rate Call girls Kalkaji 9205541914 shot 1500 nightCheap Rate Call girls Kalkaji 9205541914 shot 1500 night
Cheap Rate Call girls Kalkaji 9205541914 shot 1500 nightDelhi Call girls
 
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779Delhi Call girls
 
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk GurgaonCheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk GurgaonDelhi Call girls
 
Chapter 19_DDA_TOD Policy_First Draft 2012.pdf
Chapter 19_DDA_TOD Policy_First Draft 2012.pdfChapter 19_DDA_TOD Policy_First Draft 2012.pdf
Chapter 19_DDA_TOD Policy_First Draft 2012.pdfParomita Roy
 
CBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call Girls
CBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call GirlsCBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call Girls
CBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call Girlsmodelanjalisharma4
 
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...home
 
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...Call Girls in Nagpur High Profile
 

Recently uploaded (20)

SCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CASCRIP Lua HTTP PROGRACMACION PLC WECON CA
SCRIP Lua HTTP PROGRACMACION PLC WECON CA
 
Kindergarten Assessment Questions Via LessonUp
Kindergarten Assessment Questions Via LessonUpKindergarten Assessment Questions Via LessonUp
Kindergarten Assessment Questions Via LessonUp
 
Cheap Rate Call girls Malviya Nagar 9205541914 shot 1500 night
Cheap Rate Call girls Malviya Nagar 9205541914 shot 1500 nightCheap Rate Call girls Malviya Nagar 9205541914 shot 1500 night
Cheap Rate Call girls Malviya Nagar 9205541914 shot 1500 night
 
VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...
VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...
VVIP Pune Call Girls Hadapsar (7001035870) Pune Escorts Nearby with Complete ...
 
Peaches App development presentation deck
Peaches App development presentation deckPeaches App development presentation deck
Peaches App development presentation deck
 
VIP Kolkata Call Girl Gariahat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Gariahat 👉 8250192130 Available With RoomVIP Kolkata Call Girl Gariahat 👉 8250192130 Available With Room
VIP Kolkata Call Girl Gariahat 👉 8250192130 Available With Room
 
Call Girls in Kalkaji Delhi 8264348440 call girls ❤️
Call Girls in Kalkaji Delhi 8264348440 call girls ❤️Call Girls in Kalkaji Delhi 8264348440 call girls ❤️
Call Girls in Kalkaji Delhi 8264348440 call girls ❤️
 
DragonBall PowerPoint Template for demo.pptx
DragonBall PowerPoint Template for demo.pptxDragonBall PowerPoint Template for demo.pptx
DragonBall PowerPoint Template for demo.pptx
 
(AISHA) Ambegaon Khurd Call Girls Just Call 7001035870 [ Cash on Delivery ] P...
(AISHA) Ambegaon Khurd Call Girls Just Call 7001035870 [ Cash on Delivery ] P...(AISHA) Ambegaon Khurd Call Girls Just Call 7001035870 [ Cash on Delivery ] P...
(AISHA) Ambegaon Khurd Call Girls Just Call 7001035870 [ Cash on Delivery ] P...
 
Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...
Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...
Captivating Charm: Exploring Marseille's Hillside Villas with Our 3D Architec...
 
Fashion trends before and after covid.pptx
Fashion trends before and after covid.pptxFashion trends before and after covid.pptx
Fashion trends before and after covid.pptx
 
young call girls in Vivek Vihar🔝 9953056974 🔝 Delhi escort Service
young call girls in Vivek Vihar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Vivek Vihar🔝 9953056974 🔝 Delhi escort Service
young call girls in Vivek Vihar🔝 9953056974 🔝 Delhi escort Service
 
Cheap Rate Call girls Kalkaji 9205541914 shot 1500 night
Cheap Rate Call girls Kalkaji 9205541914 shot 1500 nightCheap Rate Call girls Kalkaji 9205541914 shot 1500 night
Cheap Rate Call girls Kalkaji 9205541914 shot 1500 night
 
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
Best VIP Call Girls Noida Sector 44 Call Me: 8448380779
 
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk GurgaonCheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Iffco Chowk Gurgaon
 
Chapter 19_DDA_TOD Policy_First Draft 2012.pdf
Chapter 19_DDA_TOD Policy_First Draft 2012.pdfChapter 19_DDA_TOD Policy_First Draft 2012.pdf
Chapter 19_DDA_TOD Policy_First Draft 2012.pdf
 
CBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call Girls
CBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call GirlsCBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call Girls
CBD Belapur Individual Call Girls In 08976425520 Panvel Only Genuine Call Girls
 
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
Recommendable # 971589162217 # philippine Young Call Girls in Dubai By Marina...
 
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
Top Rated Pune Call Girls Koregaon Park ⟟ 6297143586 ⟟ Call Me For Genuine S...
 
young call girls in Pandav nagar 🔝 9953056974 🔝 Delhi escort Service
young call girls in Pandav nagar 🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Pandav nagar 🔝 9953056974 🔝 Delhi escort Service
young call girls in Pandav nagar 🔝 9953056974 🔝 Delhi escort Service
 

secure-manager-introduction-v1.pdf

  • 1. Fast-track your embedded security journey Discover the STM32Trust TEE Secure Manager for STM32H5 MCUs
  • 2. During communication Locally Remotely If only “ At rest I could easily protect my critical data & secrets and those of my end customers During development In production In the field I could easily and strongly protect my IPs, and my partner’s IPs Registration Data protection Secure updates Device lifecycle I could easily & securely connect to Clouds & Servers without Painful digital identities management 2
  • 3. Secure Manager A trusted execution environment (TEE) integrating core security services This is where we come in ! A set of turnkey security services developed, maintained, and certified by ST 3 Fitting your security needs
  • 5. A scalable security offer to address your needs 5 Innovate faster! Your application Secure hardware Root of trust Secure boot & install Security services The 12 STM32Trust security functions Choose your preferred security track, from secure hardware to the entire STM32Trust function coverage
  • 6. Security challenges for our customers for our customers Missing link Time to market High cost Complex Scalability, certification, maintenance core security hardware and services IoT security Certifications & Regulations Multiple Devices Developers Hardware Addressing the security challenges & gaps 6
  • 7. STM32Trust TEE – Secure Manager
  • 8. Secure Manager A trusted execution environment (TEE) integrating core security services A simplified customer journey Multi-tenant IP protection Seamless cloud/server support Supporting remote provisioning The first MCU supplier to offer a certified and maintained TEE solution to customers Accelerate your time to market 9
  • 9. • ST platform ownership • Turnkey set of security services • Arm® PSA API compatible • Modular secure update capable • Secure Manager Core to handle isolation • Multi-tenant software IP protection • Designed for Long-Term-Support • To be certified and maintained by ST • Optimized certification properties Secure Manager on STM32H5 MCU 10 Application Non secure Real-time OS Secure Secure Manager Core Firmware update Trusted storage Cryptography Attestation Trusted app 1 Trusted app # TrustZone Un-privileged or Privileged Protect IP and simplify security customer journey ST iRoT ST uRoT Privileged Un-privileged PSA API Target Scope of Secure Manager
  • 10. Secure Manager Benefits 11 Multi-tenant IP protection • Multiple business case made possible • Isolation for confidentiality at installation & runtime • Protected development flow Simplified customer journey • Turnkey TEE security solution including services • Full certified secure implementation • TrustZone complexity abstraction • Designed for LTS – long term service • PSA API compliant Cloud / Server • Seamless Cloud/Server registration • Pre-provisioned keys & certificate • PSA compliant attestation Remote secret admin. • Remote PKI lifecycle management enabled • Customizable (e.g. Matter) • Certificate installation/rotation/… • Via partnership (NOT an ST service) Enhance security while reducing costs and complexity
  • 12. Secure Manager Access Kit SMAK 13 Secure Manager for prod. Application examples (demonstrating PSA APIs) Documentation Downloaded from STM32CubeH5 Downloaded from STM32TRUSTEE-SM (encrypted binary) license SLA0048 license SLA0048 H573 SFI ST-iRoT Secure Manager Applica tion OEM Secrets Trusted Package Creator Image creation scripts SMAK license SLA0048 Used for production 1 Secure Manager Installation 2 OEM application creation Development kit to develop NS applications using security services
  • 13. 1. Download CubeH5 – SMAK examples • ProjectsSTM32H573I-DKApplicationsROTSMAK_Appli 2. Download the Secure manager binary • STM32TrustTEE-SM webpage 3. Configure & Install Secure Manager • Start w/ default settings (or configure ITS, Memory, Key, DA) ProjectsSTM32H573I-DKROT_ProvisioningSM 4. Build and load the NS project How to evaluate the secure manager Focusing on application using security services 14 SMAK API call examples Non secure Secure SM Core Firmware update Trusted storage Cryptography Attestation ST uRoT API Attestation Cryptography Storage FW update batch Secure manager package How_to_start_with_Secure_Manager_on_STM32H573 • Application can be modified/debugged • Security APIs can be used • Based on examples provided • Secure area is protected -TEE locked batch STM32H573I-DK
  • 14. Secure Module Development Kit SMDK 15 STM32H573 SFI ST-iRoT Secure Manager Module Appli Example Module Owner Secrets Trusted Package Creator Image creation scripts SMDK license – specific LLA • Used for development only • Available on demand Development Secure Manager installation 2 IP Module creation Development kit to develop secure modules within TrustZone® Secure Manager for development Secure module examples (demonstrating SM core APIs) Documentation Downloaded from X-CUBE-SMDK-H5 Available on demand (encrypted binary) SMDK is ONLY to support development Module 1
  • 15. SMDK How to develop a secure module with SMDK 16 Non secure Secure Secure |Module API Applicative Module Dev. Secure manager Getting started SMDK • Module can be modified/debugged • Interface with secure module via APIs SM Core Firmware update Trusted storage Cryptography Attestation ST uRoT batch !! SMDK is ONLY for development !! STM32H573I-DK batch 1. Download CubeH5 2. Sign license – contact your ST representative • Manage export control process 3. Get SMDK  X-CUBE-SMDK-H5 • channel provided by ST after signature of the license 4. Configure & Install Dev. Secure Manger 5. Build and load the project
  • 16. Secure Manager Preparation & Installation flow 17 ST IP SW Multi-tenant IP modules OEM Secrets Trusted Package Creator OEM Secrets OEM Application Module 1 Module 2 Image Certified Secure Manager Protected by ST specific Key Protected by Module Key Protected by OEM Key STM32H573 SFI ST-iRoT STM32H573 SFI ST-iRoT Secure Manager Module 1 Module 2 Applica tion Application Creation Flow OEM Installation Flow Protected by ST public Key for OEM IP Modules Secure Manager OEM KEY OEM Secrets Initial/virgin state OEM personalized product OEM Applicatio n OEM Programmer X-CUBE-SEC-M-H5 option option
  • 18. • STM32Trust web page • STM32CubeH5 – inc. API & SMAK examples • STM32H5 RM0481 • STM32TrustTEE-SM web page • X-CUBE-SEC-M-H5 H5 SM binary • On-line trainings • X-CUBE-SMDK-H5 SMDK – on demand • Discovery kit with STM32H573 • STM32H5 security FAQ • Secure Manager Blog article • Wiki security • Wiki Security H5 • Wiki Secure Manager • Getting started with H5 security • ST Community specific tags • Secure Manager • STM32H5 Series • IoT kits including Secure Manager • Azure X-CUBE-AZURE-H5 • AWS X-CUBE-AWS-H5 Documentation and useful links 19
  • 20. During communication Locally Remotely If only “ At rest I could easily protect my critical data & secrets and those of my end customers During development In production In the field I could easily and strongly protect my IPs, and my partner’s IPs Registration Data protection Secure updates Device lifecycle I could easily & securely connect to Clouds & Servers without Painful digital identities management 21
  • 22. © STMicroelectronics - All rights reserved. ST logo is a trademark or a registered trademark of STMicroelectronics International NV or its affiliates in the EU and/or other countries. For additional information about ST trademarks, please refer to www.st.com/trademarks. All other product or service names are the property of their respective owners. 23