To learn more about the STM32U5 at the heart of this blog post, check out Microvisor and STM32U5, The Best Performance-per-Watt MCU, 1st to Support a New IoT Development Paradigm
To improve the accessibility of our content, please find the audio version of this blog post.
The STM32U5 just became ST’s first microcontroller to receive PSA Certified and SESIP Level 3 certifications, a critical step in answering the need for greater guarantees in security. These certifications cover hardware and software implementations on the STM32U5 that protect code and users from remote and physical attacks. Some of these security measures are familiar. For instance, TrustZone and crypto cores are already present on the STM32L5, one of the first MCU to receive a PSA Certified Level 2 accreditation. However, other hardware measures are unique to the STM32U5 and explain the higher certification level. Among other things, the MCU offers a Hardware Unique Key mechanism that can help generate and store keys securely. The STM32U5 also includes anti-tampering systems to prevent side-channel attacks or other physical intrusions.
PSA Certified and SESIP Level 3 Certifications: A Solution to Existing Fragmentation
The announcement is highly symbolic because it represents a new chapter in the story and history of security in IoT. Traditionally, engineering teams are either seeking PSA Certified or SESIP certifications. A consortium led by Arm governs the former, which stands for Platform Security Architecture. On the other hand, the Security Evaluation Standard for IoT Platforms (SESIP) is the fruit of GlobalPlatform, a non-profit organization made of various industry leaders, including Arm and ST. Unfortunately, the existence of multiple standards fragmented the industry and challenged engineers, according to a report from PSA Certified. Hence, the industry solved this issue by aligning security profiles. Engineers now only need to meet the requirements of one profile to obtain both PSA Certifired and SESIP Level 3 certifications.
The industry is also coming together because protecting intellectual property is increasingly essential for IoT companies. Recent lawsuits estimate damages in the billions for some institutions, and protecting code running inside an MCU is often quintessential. Indeed, for software companies, seeing their program in the wrong hands may represent a significant loss or even bankruptcy. Moreover, security measures also protect users against remote attacks. As devices connect to clouds, it is critical to ensure the integrity of all devices on the network. Therefore, markets are clamoring for more security in IoT, and more companies seek higher certification levels. Thanks to the PSA Certified and SESIP Level 3 certifications, engineers can offer greater assurances against physical and remote attacks.
PSA Certified and SESIP Level 3 Certifications: A New Way to Protect Against Attacks
In practice, ST implemented new features to receive PSA Certified and SESIP Level 3 certifications such as a Hardware Unique Key or HUK. The idea of a cryptographic key that is unique to each physical device is not new. However, our implementation distinguishes itself by never revealing the key to the user. Programmers can’t call the key itself using I2C or UART, for example. HUK thus adopts a black box scheme to protect systems against attacks by storing the key and encryption operations within the MCU’s secure IPs. Engineers can therefore use the HUK system to encrypt and store their keys to connect to clouds securely, for instance.
Similarly, TrustZone on the STM32U5 now includes more granular levels by combining trusted and privileged environments. For instance, the firmware most likely will live in a trusted and privileged environment while the sensitive part of an application will execute in a trusted but non-privileged area, and common programs stay in non-trusted and non-privileged systems. The modularity makes it easier to protect sensitive code in case of an intrusion in one of the less secure environments. And to help engineers that wish to take advantage of such features, ST also received a Level 3 certification for its TF-M implementation on the STM32U5.