What are some of the myths that stop teams from reaching out to an IC programming and secure provisioning specialist? It’s what we tried to find out when we sat down with EPS Global, a member of the ST Partner Program with programming centers worldwide. The company prides itself in supporting STM32 secure firmware installs (SFIs) and hardware secure modules (STM32 HSM), which is often essential when trying to obtain some of the latest security certifications. EPS Global can program more than 100 million devices annually and, more importantly, is an ST Authorized Partner because, among other things, it works with customers to scale operations rapidly, thus adapting to a wide range of volumes.
The overconfidence bias
Overconfidence is one of the best-documented cognitive biases. In particular, judgments of one’s ability to make precise predictions, even from limited information, are notoriously overconfident.
Kahneman, Daniel; Sibony, Olivier; Sunstein, Cass R. Noise (p. 140). Little, Brown and Company. Kindle Edition.
The ST security offering
Avid readers of the ST Blog will be familiar with the numerous security initiatives that ST promotes under the STM32Trust umbrella. One of the first features we democratized was the secure firmware install (SFI), meaning the ability to load encrypted firmware onto an STM32 MCU. As such, developers could protect their IPs from theft or espionage. We also popularized secure firmware updates (SFU) on STM32, which enabled teams to securely improve code already deployed. Today, there are numerous additional features, from the Secure Module Install, which provides a similar mechanism as SFI for software modules to the Secure Manager, a binary that handles certifications at the system level.
Miscalculating security implementations
How would engineers implement ST security functionalities? In nearly all cases, teams start programming their microcontroller in their lab. It often means quickly flashing an MCU to deploy features, fix bugs, or test implementations. The challenge, however, is that once engineers do it for a few, the overconfidence bias pushes them to continue programming in-house until they run into problems and realize they should have reached out to a specialist. Unfortunately, by that time, there can be serious hurdles, some of them with lasting consequences. For instance, the failure to account for all STM32 devices or compromising a certification process can be costly and significantly slow the release to market.
Too often, companies reach out to an IC programming specialist like EPS Global only after encountering issues because they believe in three myths. And one of the missions of the ST Partner Program is to help our community avoid those pitfalls. Hence, let’s look at the three fallacies that can mislead managers and engineers and stop them from reaching out to an IC programming expert:
- Teams think their volumes are too low
- Teams think it’s going to cost too much
- Teams think it’s going to be overcomplicated
Myth 1: Volumes are too low for EPS Global
The size of your success is determined by the size of your belief. Think little goals and expect little achievements. Think big goals and win big success. […] Big ideas and big plans are often easier—certainly no more difficult—than small ideas and small plans.
Schwartz, David Joseph. The Magic of Thinking Big (p. 21). Penguin Publishing Group. Kindle Edition.
While it’s obvious that no engineer would ever outsource IC programming for only one device, it’s also wrong to think it’s too early to reach out to a partner like EPS Global. As the ST Authorized Partner explained, working with companies when they begin a project is much easier because the IC programmer can provide a vastly more straightforward transition from prototype to higher volumes. Indeed, as EPS Global shared, they work with ST to anticipate a wide range of demands and volumes. For instance, EPS Global built automated handlers, which enable them to meet the various needs of the STM32 community.
Security is also changing how companies are dealing with IC programming service providers. EPS Global works closely with ST to support SFI, our STM32 HSM, and secure firmware installation on our STM32 MCUs. While developers use tools like STM32CubeProgrammer to encrypt their firmware, ensuring that the device is securely flashed, tracked, and accounted for is often outside a team’s immediate workflow. Consequently, EPS Global and ST collaborate to make our security features more accessible, even at lower volumes, by ensuring that programming centers can easily support our devices and technologies. Put simply, the STM32 ecosystem of partners creates an infrastructure that makes security more accessible.
Myth 2: It’s too expensive
Beware of the assumption that the way you work is the best way simply because it’s the way you’ve done it before.
Rubin, Rick. The Creative Act (pp. 105-106). Penguin Publishing Group. Kindle Edition.
The ST Partner Program aims to bring value where many don’t expect it. For instance, a company like EPS Global provides ways to optimize operations to reduce overall costs. Too often, companies think that doing things in-house will be cheaper. The problem is that it doesn’t account for the expertise needed to ensure the process meets the requirements set out by security certifications or the ability to deploy products worldwide more rapidly. Put simply, working with an IC programming specialist, like EPS Global, can help implement features, comply with the latest regulations, and scale an operation before encountering crushing challenges. In a nutshell, the ST Partner Program alleviates the need to hire experts in-house.
Myth 3: It’s more complicated
Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius — and a lot of courage to move in the opposite direction.
Schumacher, Ernst F. “Small is Beautiful” in The Radical Humanist. Volume 37 Number 5. August 1973. Page 22.
Finally, EPS Global shared a story about an HVAC maker who used an STM32H7 and was apprehensive about going through an IC programming service provider. Too often, teams feel that outsourcing programming introduces complexity. However, the HVAC maker soon faced the challenges of protecting their software assets and the issues that come from programming ICs in-house, such as bent pins, bad orientations, faulty record keeping, and more. EPS Global explained that they work with engineers to optimize workflows and adapt to existing organizations, which is more straightforward than doing everything in-house. Hence, developers can leverage the STM32 SFI resources to protect their innovations and use EPS Global secure programming services to hasten their release to market.
