ST launched the STM32H573I-DK, the first Discovery Kit to support Secure Manager, a solution that implements security features at the system level to make them vastly more accessible. We are also publishing today X-CUBE-AZURE-H5 and X-CUBE-AWS-H5, two software expansions to help developers connect to Microsoft’s and Amazon’s cloud solutions, respectively. The two packages also come with application examples to show how to send sensor data or implement over-the-air updates, among other things. Naturally, both run on the new Discovery Kit, thus creating a rapid prototyping development. Indeed, in a matter of minutes, teams can connect their board to a PC, move a binary, and run tests.
The Discovery Kit includes a 1.54-inch capacitive display with a resolution of 240 x 240 to showcase the MCU’s ability to run a graphical user interface on small screens without external RAM. The board is already supported by TouchGFX Designer. Consequently, the platform serves as a reference design thanks to its low bill-of-material and publicly available schematics. The STM32H573I-DK also includes an Ethernet port and a Wi-Fi daughterboard to connect to the web quickly, and the X-CUBE packages come with drivers to use both with the pre-compiled applications. The development board is thus highly symbolic because it is a testament to the new capabilities offered to engineers working on a mainstream platform.
Table of Contents
- What is the STM32H5?
- How to build a flexible and forward-looking architecture?
- How to provide comprehensive security features?
- The world of the STM32H5 in a galaxy of solutions
What is the STM32H5?
A new mainstream reference MCU
The STM32H5 is ST’s reference mainstream microcontroller thanks to the most powerful Cortex-M33 implementation, reaching 1017 points in CoreMark. The new device runs at 250 MHz. It houses up to 2 MB of dual bank Flash and up to 640 KB of RAM. It also draws from previous models to offer a CORDIC and FMAC accelerator, as in the STM32G4. Similarly, it takes the security features of the STM32U5 and builds upon them by inaugurating the ST immutable Root of Trust (iRoT) and updatable Root of Trust (uRoT), among other things. In fact, the STM32H5 targets SESIP 3 and PSA Level 3 certifications, thus offering important guarantees. Consequently, it dethrones the STM32F4 as the new standard for embedded systems.
A gateway to new embedded applications
Knowing what microcontroller to use is challenging. By serving as the new reference for the mainstream market, the STM32H5 ensures developers can better evaluate their needs. For instance, teams with less experience can start working on their motor control system to assess if the STM32H5’s configuration is sufficient or if they require something more specialized, like an STM32G4, or something more powerful, like an STM32H7. Thanks to STM32CubeMX, developers have always been able to move rapidly from one STM32 to another.
How to build a flexible and forward-looking architecture?
First STM32 MCU with I3C
Being the new benchmark for most embedded applications means being future-proof. The STM32H5 is thus the first STM32 device to include an I3C (Improved Inter-Integrated Circuit) interface. The new bus is significantly faster, which is getting ever more critical as embedded systems deal with a myriad of sensor data. Thanks to a frequency of 12.5 MHz, I3C is about 12 times faster than I2C. The new technology also supports dynamic addresses and can help reduce pins utilization by enabling the microcontroller to talk to more devices simultaneously. Despite its forward-looking bus, the STM32H5 remains a general-purpose MCU thanks to many interfaces, such as CAN-FD, HDMI-CEC, and USB-C Power Delivery, among many others.
ADC, DAC, dual-bank Flash, SMPS
The STM32H5 includes two 12-bit analog-to-digital converters and two 12-bit digital-to-analog converters, serving many applications that require fast data acquisition or multiple interfaces. There are also many timers, including two 16-bit advanced ones for motor control applications, which are identical to those found on the STM32G4. Taking a step back, the whole architecture of the STM32H5 is an exercise in balance between flexibility and future-proofing. Another example of this approach is the presence of dual-bank Flash to enable, among other things, the implementation of an over-the-air update without needing to shut the system down, something essential in industrial applications.
Similarly, the STM32H5 supports a temperature of 125ºC to meet demanding industrial products while providing a switched-mode power supply to optimize its power consumption. Thanks to the SMPS found on some models, the stop mode (with all I/Os enabled) only draws 46 µA. The low power consumption also means that the STM32H5 can use cost-effective packages instead of expensive alternatives that would have had to dissipate a lot of heat.
How to provide comprehensive security features?
iRoT and uRoT
Like the STM32U5, the STM32H5 received a SESIP Level 3 certification, which ensures the presence of security features and guarantees greater assurances against physical and remote attacks. Moreover, the new device adds critical security features, such as a two-stage root-of-trust: the immutable and updatable root of trust or iRoT and uRoT. As the name implies, the former is set at the factory and cannot be modified. It uses a read-only memory containing keys and other mechanisms defined by ST to establish a secure boot without external keys.
Customers can also define their iRoT with permanent and unchangeable information. Once the system passes the iRoT, it moves to the uRoT, which enables developers to store and use sensitive data that may be updated. Implementing both root-of-trust demanded new hardware features to prevent overwriting data in the iRoT and to protect both stages against physical and logical attacks. The STM32H5 also allows developers to choose what they would like to implement. Some may choose to use the iRot, others the iRot and uRot, while others may want both alongside the Trusted Execution Environment and secure services or nothing at all.
Life Cycle Management
The STM32H5 includes other architectural optimizations that bolster security, such as a unique 96-bit ID and complex hash acceleration, such as SHA-2 512. Ultimately, the new hardware safeguards and features will enable engineers to isolate sensitive applications from the rest of the system and provide a more fine-tuned security strategy.
The new device will also benefit from a new Life Cycle Management system that enables developers to tailor the activation or deactivation of low-level features depending on where they are in the development process. Traditionally, teams close debug features to prevent malicious intrusions once the device is ready for manufacturing and deployment. Thanks to its Life Cycle Management and Debug Authentication features, the STM32H5 can securely reactivate certain debug capabilities to help field engineers work on deployed systems. Additionally, if a company fears that a secure layer has been compromised, an immutable root of trust allows teams to perform a complete regression to a known secure state, thus ensuring that the device is safe to use.
The world of the STM32H5 in a galaxy of solutions
The STM32H5 takes its place amidst the constellation of solutions that make up the STM32Cube ecosystem. We already updated STM32CubeIDE and STM32CubeMX to ensure developers can rapidly create applications for the new device. Similarly, tools like STM32CubeProgrammer will ensure teams can rapidly flash and debug their applications on the MCU. We are also providing new expansion software like X-CUBE-AZURE-H5 and X-CUBE-AWS-H5 to make cloud connectivity more straightforward. Put simply, ST wants to ensure that engineers can do their best work by providing solutions at the crossroads of hardware innovations and software accessibility.
The best way to start experimenting with all the features found on the new device is to grab a development board. Besides the Discovery Kit, there are also Nucleo boards like the NUCLEO-H503RB and NUCLEO-H563ZI. Developers can, therefore, download our Secure Manager, an entirely new Trusted Execution Environment to help developers, regardless of their expertise level, and quickly take advantage of the latest security capabilities of the STM32H5. We worked closely with ProvenRun on the software implementations, and Secure Manager enables engineers to reap the fruits of this collaboration. The binaries that come with X-CUBE-AZURE-H5 and X-CUBE-AWS-H5 will also ensure developers can test ideas in minutes.
- Learn more about the STM32H5
- On-demand webinar: Raise the bar on performance & security with STM32H5 MCUs
- On-demand webinar: Simplify your security journey with the STM32Trust TEE Secure Manager solution
- STM32Trust TEE: in-depth explanations of and discussions on Secure Manager, our turnkey security solution for STM32 at the system level