We recently published a new MOOC that covers all the security features available in STM32 MCUs. It acts as a followup to the MOOC on the fundamentals of cryptography by looking at how engineers can take advantage of the functionalities already present in their microcontrollers to protect their IPs as well as their end-users. Our teams divided the coursework into bite-size pieces. The instructor covers one concept at a time, such as UniqueID, write protection, proprietary code readout protection (PCROP), or TrustZone, to only name a few, and breaks down each notion into two videos: one for the theory and the other for a lab application. ST also published a landing page with all the hardware and software prerequisites to help viewers follow along. All the software utilities and libraries are free, thus ensuring that the subject is highly accessible for both newcomers and engineers with experience.
STM32 Security Features: Understanding OTFDEC
One of the MOOCs’ chapter is on OTFDEC or On The Fly Decryption, which is increasingly popular. We first talked about it on the blog when introduced the security features of the STM32H7B0 and STM32H7B3, and when we announced the mass production of ST’s security flagship, the STM32L5. As the name implies, OTFDEC enables on the fly encryption and decryption of code and data with almost no performance penalty. In the MOOC, the instructor explains how OTFDEC works and the various decryption modes at the developer’s disposal. OTFDEC is only available when using an OctoSPI interface in memory-mapped mode and after enabling TrustZone. The lesson also covers the three possible interrupts that can result from security or critical errors, among others. It even explains the encryption sequence to help users clearly understand what’s going on behind the scenes.
STM32 Security Features: Using PCROP to Secure Proprietary IPs
Another popular feature is the PCROP, which enables the CPU to execute code from a specific area in memory without reading or writing to it. Even a debug link can’t make the area readable, which is excellent when trying to protect a proprietary IP from a malicious firmware or a hacker. However, there are significant limitations that developers must consider, such as the presence of volatile data in the RAM put there by the system during execution. Additionally, executing the code demands that engineers precompile it, which isn’t always easy or possible for specific applications on embedded systems. To assist teams, we provide the X-CUBE-PCROP expansion package with an example code. The lab then looks at how to create a memory section for the PCROP, load the application file in it, and then activate it using STM32CubeProgrammer.