ST often releases new versions of STM32CubeProgrammer, STM32CubeMonitor, STM32CubeMonitor-RF, and STM32CubeMonitor-UCPD. The tools repeatedly appear on our blog posts because many STM32 developers use them to release their products to market faster. Indeed, the challenge for any embedded system engineer is to find a comprehensive platform for their microcontroller or microprocessor. A device may have many features, but none of them are helpful if designers can’t implement them efficiently. As a result, it is critical to offer a wide range of software tools that facilitate the development of applications on STM32 devices. Let us, therefore, explore some of these tools and their new functionalities.
Table of Contents
- 1 STM32CubeProgrammer
- 1.1 What’s new in STM32CubeProgrammer 2.14?
- 1.2 What is STM32CubeProgrammer?
- 1.2.1 An STM32 flasher and debugger
- 1.2.2 Supporting new STM32 MCUs
- 1.2.3 STLINK-V3PWR
- 1.2.4 Script mode
- 1.2.5 A portal to security on STM32
- 1.2.6 Making SFI more accessible
- 1.2.7 Secure secret provisioning for STM32MPx
- 1.2.8 Double authentication
- 1.2.9 PKCS#11 support
- 1.2.10 GUI for read-out protection
- 1.2.11 A unifying experience
- 1.2.12 A Sigfox provisioner
- 2 STM32CubeMonitor
- 3 STM32CubeMonitor-RF
- 4 STM32CubeMonitor-UCPD
Class is in session
- MOOC – STM32CubeMonitor in practice
- MOOC – Programming STM32 MCUs using STM32CubeProgrammer
- MOOC – STM32Cube Tools in practice
What’s new in STM32CubeProgrammer 2.14?
As promised last January, Secure Manager is officially supported by STM32CubeProgrammer 2.14 and available in STM32CubeMX 1.13. At this time, the feature is exclusive to our new high-performance MCU, the STM32H573, which supports a secure ST firmware installation (SSFI) without requiring a hardware secure module (HSM). In a nutshell, it provides a straightforward way to manage the entire security ecosystem on an STM32 MCU thanks to binaries, libraries, code implementations, documentation, and more. Consequently, developers can enjoy turnkey solutions in STM32CubeMX while flashing and debugging them with STM32CubeProgrammer. It is thus an example of how STM32H5 hardware and Secure Manager software come together to create something greater than the sum of its parts.
Other security features for the STM32H5
The new STM32CubeProgrammer release is highly symbolic because it enables many other security features on the STM32H5. For instance, the MCU now supports secure firmware installation on internal memory (SFI) and an external memory module (SFIx), which allows OEMs to flash encrypted firmware with the help of a hardware secure module (HSM). Similarly, STM32CubeProgrammer 2.14 also supports certificate generation on the new MCU when using Trusted Package Creator and an HSM. Finally, the utility adds SFI and SFIx support on STM32U5s with 2 MB and 4 MB of flash.
What is STM32CubeProgrammer?
An STM32 flasher and debugger
At its core, STM32CubeProgrammer helps debug and flash STM32 microcontrollers. As a result, it includes features that optimize these two processes. For instance, version 2.6 introduced the ability to dump the entire register map and edit any register on the fly. Previously, changing a register’s value meant changing the source code, recompiling it, and flashing the firmware. Today, testing new parameters or determining if a value is causing a bug is a lot simpler. Similarly, engineers can now use STM32CubeProgrammer to flash all external memories at once. Traditionally, flashing the external embedded storage and an SD card demanded developers launch each process separately. STM32CubeProgrammer can do it in one step.
Another challenge for developers is parsing the massive amount of information passing through STM32CubeProgrammer. Anyone who flashes firmware knows how difficult it is to track all logs. Hence, we brought custom traces that allow developers to assign a color to a particular function. It ensures developers can distinguish a specific output from the rest of the log rapidly. Debugging thus becomes a lot more straightforward and intuitive. Additionally, it can help developers coordinate their color scheme with STM32CubeIDE, another member of our unique ecosystem designed to empower creators.
Supporting new STM32 MCUs
STM32WB and STM32WBA support
Since version 2.12, STM32CubeProgrammer brought numerous improvements to the STM32WB, which is increasingly popular in machine learning applications, as we saw at electronica 2022. More specifically, the ST software brings new graphical tools and an updated wireless stack to assist developers. For instance, the tool has clearer guidelines when encountering errors, such as when developers try to update a wireless stack with the anti-rollback activated but forget to load the previous stack. Similarly, new messages will ensure users know if a stack version is incompatible with a firmware update. Finally, STM32CubeProgrammer provides new links to download STM32WB patches and get new tips and tricks so developers don’t have to hunt for them.
Similarly, version 2.13 of STM32CubeProgrammer added support for the new STM32WBA, the first wireless Cortex-M33. Made official a few weeks ago, the MCU opens the way for a Bluetooth Low Energy 5.3 and SESIP Level 3 certification. The MCU also comes with a more powerful RF that can reach up to +10 dBm output power to create a more robust signal.
STM32H5 and STM32U5
The support for STM32H5 began with STM32CubeProgrammer 2.13, which added compatibility with MCUs that included between 128 KB and 2 MB of flash. At first, the utility brought security features like debug authentication and authentication key provisioning, which are critical when using the new life management system. The utility also supported key and certificate generation, firmware encryption and signature.
ST is also adding support for the new STM32U535 and STM32U545 with 512 KB of flash. The MCUs benefit from RDP regression with a password to facilitate developments and SFI secure programming. This last feature is now also available on the STM32U5s with 4 MB of flash.
In many instances, developers use an STLINK probe with STM32CubeProgrammer to flash or debug their device. Hence, we quickly added support for the new STLINK-PWR probe, the most extensive source measurement unit and programmer/debugger for STM32 devices. If users want to see energy profiles and visualize the current draw, they’ll have to use STM32CubeMonitor-Power. However, STM32CubeProgrammer will serve as an interface for all debug features. It can also work with all the probe’s interfaces, such as SPI, UART, I2C, and CAN.
The software includes a command-line interface (CLI) to enable the creation of scripts. Since the script manager is part of the application, it doesn’t depend on the operating system or its shell environment. As a result, scripts are highly sharable. Another advantage is that the script manager can maintain connections to the target. Consequently, STM32CubeProgrammer CLI can keep a connection live throughout a session without reconnecting after every command. It can also handle local variables and even supports arithmetic or logic operations on these variables. Developers can thus create powerful macros to automate complex processes. In an effort to make STM32CubeProgrammer CLI even more powerful, the script manager supports loops and conditional statements.
A portal to security on STM32
Readers of the ST Blog know STM32CubeProgrammer as a central piece of the security solutions present in the STM32Cube Ecosystem. The utility comes with Trusted Package Creator, which enables developers to upload an OEM key to a hardware secure module and to encrypt their firmware using this same key. OEMs then use STM32CubeProgrammer to install the firmware onto the STM32 SFI microcontroller securely. Developers can even use an I2C or SPI interface, which gives them greater flexibility. Additionally, the STM32H735, STM32H7B, STM32L5, STM32U5, and STM32H5 also support external secure firmware install (SFIx), meaning that OEMs can flash the encrypted binary on memory modules outside the microcontroller.
Making SFI more accessible
Since version 2.11, STM32CubeProgrammer has received significant improvements to its secure firmware install (SFI) capabilities. Users first noticed the new graphical user interface highlighting addresses and HSM information. Additionally, the GUI for Trusted Package Creator also received a new layout under the SFI and SFIx tabs to expose the information needed when setting up a secure firmware install. The Trusted package creator also got a graphical representation of the various option bytes to facilitate their configuration.
Secure secret provisioning for STM32MPx
Since 2.12, STM32CubeProgrammer comes with a new graphical user interface to help developers set up parameters for the secure secret provisioning available on STM32MPx microprocessors. The mechanism has similarities with the secure firmware install available on STM32 microcontrollers. It uses a hardware secure module to store encryption keys and uses secure communication between the flasher and the device. However, the nature of a microprocessor means there are more parameters to configure. STM32CubeProgrammers’ GUI now exposes those settings previously available in the CLI version of the utility to expedite workflows.
Since version 2.9 STM32CubeProgrammer supports a double authentication system when provisioning encryption keys via JTAG or a Boot Loader for the Bluetooth stack on the STM32WB. Put simply, the feature enables makers to protect their Bluetooth stack against updates from end-users. Indeed, developers can update the Bluetooth stack with ST’s secure firmware, in most cases, if they know what they are doing. However, a manufacturer may offer a particular environment and, therefore, wish to protect it. As a result, the double authentication system prevents access to the update mechanism by the end-user. ST published the application AN5185 to offer more details.
Since version 2.9, STM32CubeProgrammer supports PKCS#11 when encrypting firmware for the STM32MP1. The Public-Key Cryptography Standards (PKCS) 11, also called Cryptoki, is a standard that governs cryptographic processes at a low level. It is gaining popularity as APIs help embedded system developers take advantage of its mechanisms. On an STM32MP1, PKCS#11 allows engineers to segregate the storage of the private key and the encryption process for the secure secret provisioning (SSP).
SSP is the equivalent of a Secure Firmware Install for MPUs. Developers encrypt their firmware with a private-public key system with STM32CubeProgrammer before sending their code to OEMs. The IP is thus unreadable by third parties. During assembly, OEMs use the provided hardware secure module (HSM) containing an encryption key that they can’t read to load the firmware that the MPU will decrypt internally. However, until now, developers encrypting the MPU’s code had access to the private key. The problem is that some organizations must limit access to such critical information. Thanks to the new STM32CubeProgrammer and PKCS#11, the private key remains hidden in an HSM, even during the encryption process by the developers.
GUI for read-out protection
The new version of STM32CubeProgrammer brings new features to various STM32 devices. For instance, it now includes an interface for read-out protection (RDP) regression with a password for STM32U5xx. Developers can define a password and move from level 2, which disables all debug features, to level 1, which protects the flash against certain reading or dumping operations, or to level 0, which has no protections. It will thus make prototyping vastly simpler.
A unifying experience
STM32CubeProgrammer aims to unify the user experience. ST brought all the features of utilities like the ST-LINK Utility, DFUs, and others to STM32CubeProgrammer, which became a one-stop shop for developers working on embedded systems. We also designed it to work on all major operating systems and even embedded OpenJDK8-Liberica to facilitate its installation. Users do not need to install Java themselves and struggle with compatibility issues before experiencing STM32CubeProgrammer.
A Sigfox provisioner
When using an STM32WL microcontroller, developers can use STM32CubeProgrammer to extract the Sigfox certificate embedded into the MCU. Firstly, developers copy this 136-byte string to their clipboard or save it in a binary file. Secondly, they visit my.st.com/sfxp, where they can paste the certificate and immediately download Sigfox credentials in the form of a ZIP file. Thirdly, they load the content of that downloaded package to the MCU through STM32CubeProgrammer and get the MCU’s Sigfox ID and PAC using an AT command. Finally, developers go to https://buy.sigfox.com/activate/ to register. The activation will last two years, and developers can send 140 messages per day for free for a year.
What’s new in STM32CubeMonitor 1.6?
With STM32CubeMonitor 1.6, ST is introducing quality-of-life improvements. For instance, the export to CSV feature was updated so the file generated would work better with spreadsheets. For instance, the time column is now placed before the value column, which is how most people set their tables. Similarly, time now starts at 0, and long numbers have a separator to be more readable. Finally, version 1.6 is also making it easier to identify probe configurations by giving them names for greater ease-of-use.
What is STM32CubeMonitor?
The Netflix of MCUs
STM32CubeMonitor is a runtime variable monitoring and visualization tool with a web interface for remote connections and a graphical interface to create custom dashboards. It ensures developers can efficiently monitor their application through a graphical interface that relies on Node-RED. This flow-based programming tool enables users to create complex data representations with no coding at all. It will allow them to easily debug their software and analyze behaviors without disrupting an existing codebase. Additionally, users can share their dashboards on the Node-RED and ST communities to build on one another.
To make the first experience with STM32CubeMonitor more intuitive, the ST Wiki explains in detail how developers can monitor a variable within an application in just two straightforward steps. Users select the start address of the data they are tracking in memory and its type. To assist in this task, we have a guide showing how to get addresses from ELF files. The interface then asks the user to select an STLINK probe.
A runtime monitoring utility based on Node-RED
Keeping track of registers, variables in memory, interrupts, and the myriad of events that take place at any given moment is daunting. Hence, manually monitoring them is so demanding that teams often do not have the resources for this endeavor. STM32CubeMonitor offers a solution to this problem and relies on Node-RED to keep things as simple as possible. Users drag and drop graphical representations of a program’s element onto a canvas to create a flow, meaning a sequence of events. For instance, conditions can trigger modules that send alerts by email or push data to a cloud platform using MQTT.
Without entering a single line of code, users can create graphs, chart plots, or generate gauges that will help them visualize values in a counter, data from a sensor, and many other aspects of an application. Additionally, the presence of a web server means that it’s possible to use these visualizations on any PC or mobile browser, whether on the local network or remotely. Moreover, thanks to the Node-RED and ST community, users can start by simply looking at dashboards from other users and organically learn by studying other people’s examples.
Since version 1.5, STM32CubeMonitor supports Node-RED 3, which came out last summer. One of the biggest improvements is the addition of a contextual menu available when users right-click. Consequently, they can access a lot more actions and discover features that would previously require digging into menus. The other important functionality available in Node-RED 3 is junctions, a special type of node that makes it easier to route wires. It helps simplify and clarify designs by bringing greater flexibility. The new version also introduces debugging capabilities that expose node locations when working with sub-flows, thus helping developers see what node is generating an error message.
Eco acquisition mode
The new version of STM32CubeMonitor also brings a new low-power acquisition mechanism, named ECO mode, that lowers the CPU consumption lowering the ring sample rate below 10 Hz. There are many instances when developers don’t need fast data acquisition and could benefit, instead, from a lower processing load. Traditionally, the utility captures variables every 50 ms or double the low rate frequency. Thanks to the ECO mode, developers get far more granularity and can manage resources better. The feature is also quite accessible since the threshold is simply a value in the settings file. Changing it is thus straightforward.
A support tool throughout the life cycle of a product
During the prototyping phase, engineers will likely use an STLINK probe, such as one of the STLINK-V3 modules currently available. It connects the MCU board to the PC, which will help set up the STM32CubeMonitor Dashboard and act as a gateway for the web interface. When designers are ready to ship their final product, they can also create a software routine that will send data to a USB port using UART. Developers can thus still monitor their application securely by using a computer with STM32CubeMonitor connected to that USB port. As a result, the tool provides a long-term analysis that will help plan upgrades or upcoming features.
New format and symbol change notification
The latest version of STM32CubeMonitor brings the ability to export data in CSV instead of simply using a proprietary format. As a result, users will be able to import the information into Excel, MATLAB, and others, opening the door to more data optimization and manipulation. The new software will also throw a notification if symbols change. Put simply, the utility tracks variables by defining them in a file and associating them with a symbol. However, recompiling code may render the symbols’ file obsolete, creating a discrepancy with the Node-RED dashboard. The new STM32CubeMonitor will alert users if they forget to update the symbols’ file.
What’s new in STM32CubeMonitor-RF 2.12?
To support the latest features present in STM32WB and STM32WBA devices, STM32CubeMonitor-RF must align itself with their Bluetooth Low Energy stacks. Consequently, each new release tracks the changes brought to the microcontrollers’ firmware packages. In this instance, STM32CubeMonitor-RF 2.12 is aligned with version 1.17.0 of the firmware for the STM32WB and version 1.1.0 for the STM32WBA, the 1st wireless Cortex-M33 for more powerful and more secure Bluetooth applications. Additionally, the new utility brings support for over-the-air firmware updates on the STM32WBA and for the latest Open Thread stack on the STM32WB.
What is STM32CubeMonitor-RF?
Utility to optimize Bluetooth and 802.15.4 applications
STM32CubeMonitor-RF is a tool that tests the Bluetooth and 802.15.4 radio performance of STM32WB microcontrollers. The graphical user interface helps visualize signal strength and packet errors over time, while a command-line interface opens the door to macros, batch files, and other types of automation. Put simply, it draws from the same philosophy as the traditional STM32CubeMonitor but specializes in radio performance. Hence, developers can rapidly test their design and potentially spot issues. The utility can also sniff 802.15.4 communications between devices. The easiest way to try the utility is to connect an STM32WB development board to a computer and use its USB or UART interface.
Since version 2.8.0, STM32CubeMonitor-RF more than doubled over-the-air performances thanks to larger data packets. When users select the “Optimize MTU size” option in the “OTA Updater”, the software tool increases OTA transfers from 16 kbit/s to 41 kbit/s. It is, therefore, an essential quality of life improvement for developers. Sending files or updating a device’s firmware are everyday operations during development. The faster speeds will ensure developers work faster and more efficiently.
The software package includes advanced features like an OpenThread 1.3 stack and an 802.15.4 sniffer firmware that works with a USB dongle or a Nucleo board. STM32CubeMonitor-RF also inaugurates a new BLE Received Signal Strength Indication (RSSI) acquisition scheme, which helps determine the approximate distance between two Bluetooth devices. Faithful readers of the ST Blog will remember that the technology was crucial during the pandemic in helping companies like Inocess come up with products such as the Nextent Tag to help maintain physical distancing guidelines.
Another milestone is the fact that STM32CubeMonitor-RF 2.10 brought the latest features from the STM32WB BLE 5.3 firmware (stack version 1.15.0). Developers thus get to enjoy BLE extended advertising. Traditionally, Bluetooth 4 and 5 have three advertising channels only capable of sending a payload of 255 bytes. Thanks to extended advertisements, it’s possible to send a much larger payload by using one of the 37 data channels. One of the three channels simply sends a header pointing to the extension. Consequently, developers don’t need to send the same data on all three channels to ensure its reception, and they can transmit more data faster.
CubeMonitor-RF 2.11 brought a quality of life improvement in the form of application command interface (ACI) logs in CSV format. Put simply, ACI is the mechanism that sends commands to the Bluetooth stack, and thus, one of the first places developers look into when debugging or optimizing their software. Previously, ACI logs were only available in a traditional .txt format. The move to CSV opens the door to clearer presentations and easier manipulation. For instance, users can rapidly sort the list of commands by value, type, or number of times they were sent.
New testing capabilities
Version 2.11 of CubeMonitor-RF also brought a new method of testing the reliability of 802.15.4 stacks thanks to the support of a continuous wave mode. As the name implies, it just sends an uninterrupted signal without modulation. Developers can thus perform basic but crucial measurements to gauge signal propagation under several conditions. It’s an important first test for engineers looking to understand how their design will perform. Currently, the feature is only available on devices running the STM32CubeWB 1.11.0 firmware or later.
What’s new in STM32CubeMonitor-UCPD 1.3?
STM32CubeMonitor-UCPD 1.3 is now compatible with the USB Extended Power Range (EPR), a new profile delivering 48 V at 5 A for a total of 240 W. At this level, it becomes a lot simpler to fast-charge laptops or power docking stations with multiple fast-charging ports. Moreover, 240 W also brings USB-C to more power tools, which further democratizes the connector. As makers look to use one port to save resources, reuse cables, and reduce waste, support for the EPR mode enables teams to adopt the new standard faster. Furthermore, as 240 W compatible cables are now becoming available, it is becoming increasingly important to adopt the profile as early as possible.
What is STM32CubeMonitor-UCPD?
STM32CubeMonitor-UCPD monitors and helps set up USB-C and Power Delivery systems on STM32 microcontrollers running the ST USB PD stack. Developers can use the tool to monitor interactions on the USB-C interface, use sink or source power profiles, and use vendor-defined messages (VDM). The tool even has predefined settings to facilitate and hasten developments by handling many of the complexities inherent to these new technologies. STM32CubeMonitor-UCPD was integral to the launch of ST’s USB-C Power Delivery ecosystem in 2019. Since then, we’ve continued to improve the software to help developers gauge performance and obtain certifications faster.
Since STM32CubeMonitor-UCPD 1.2.0 houses a Java machine. Like the other tools in this blog post, the utility has everything needed in the installer. Users no longer need to install Java themselves before running the application. Additionally, users can now display traces for the voltage and current bus, VDM, UCSI, and more. The new STM32CubeMonitor-UCPD also monitors electrical values from the battery. Hence, developers can track more processes and understand what is happening when connecting two USB-C devices or using Power Delivery.