The STM32L5 series of microcontrollers is one of the first to receive the PSA Certified Level 2 accreditation from Arm®, and it is now in mass production. The STM32L5x2 are available, along with the STM32L552E-EV evaluation board, the STM32L562E-DK Discovery kit, and the NUCLEO-L552ZE-Q. When we first introduced the STM32L5 at the end of 2018, its Cortex® -M33 inaugurated ST’s support for TrustZone®, which enables engineers to segregate certain resources and code in a secure environment to protect it against hacks, among other things. However, it’s only one of the many security features in the STM32L5, and the PSA Certified Level 2 certification anchors the new MCUs as a flagship solution for teams looking to prioritize advanced security features.
PSA or Platform Security Architecture is a framework designed to increase the security of IoT systems. It revolves around the analysis of threats and potential breaches, precise architectural specifications, the implementation of various APIs and features, as well as a certification process that guarantees the compliance of components, operating systems, or boards. A PSA Certified Level 1 accreditation serves as a foundational framework to alleviate traditional security concerns through various assessments. The new PSA Certified Level 2 goes a step further and targets component manufacturers with a 25-day evaluation that challenges the robustness of their software and hardware by attacking their PSA-root of trust protection profile. Being one of the first to receive this accreditation is thus highly symbolic as it proves the efficacy of some of the security features present in the STM32L5.
STM32L5: Trusted Firmware-M, HDP (Hide Protect), Unique Boot Entry, Public Key Acceleration, OTFDEC
If many welcomed the arrival of TrustZone in the STM32L5, it’s easy to also overlook the many other security features of this new series, starting with Trusted Firmware-M. TF-M is a reference implementation of a Trusted Execution Environment (TEE) that leverages services such as secure storage and cryptographic operations to guarantee the integrity of the Secure Boot and firmware. It’s currently one of the most underrated features because very few systems use it, but developers should start to depend on it heavily. Smartphone makers already use a similar feature for Cortex-A devices (TF-A), and as IoT devices require more security, TF-M allows them to go way beyond the traditional Secure Boot, and Secure Firmware Update features to enable the implementation of robust systems with minimal investments.
The STM32L5 devices also include a lot more security features than what the PSA Certified Level 2 certification requires. For instance, HDP (Hide Protect) and Unique Boot Entry enables the creation of a boot loader that is invisible to the rest of the system. The crypto core available in the MCU also optimizes encryption and decryption operations, such as a public key acceleration (PKA) that enables Elliptic Curve Cryptography that’s about 20 to 30 times faster compared to a software solution. We also offer active and static anti-tampering detection for points of sales, thus preventing any hardware attacks on terminals with very sensitive information. The new components also support features like On-the-Fly Decryption (OTFDEC), just like the new STM32H7 devices with 1.4 MB of RAM. As a result, programmers can use encrypted code in the external memory without suffering from a drop in performance.
STM32L5: A More Comprehensive Implementation of TrustZone
TrustZone is an essential feature of the Cortex-M33, but the way ST implemented it in the STM32L5 offers additional advantages. For instance, the device doesn’t just segregate applications between a Trusted and Untrusted side, but can also allocate pins or memory for a much greater flexibility. As a result, applications that must protect certain resources, and that used to demand two microcontrollers, can now run on one STM32L5. For instance, an IoT product connected to the cloud could have the RF stack on the Untrusted side while the sensors and monitoring system remain on the Trusted section. Additionally, thanks to TrustZone, we can offer a new Readout protection level between 0 (no protection) and 1 (memory readout protection). The 0.5 level works by forbidding access to the secure area during Debug operations, which will be particularly useful if a company outsources maintenance or support operations.
The firmware package for the STM32L5, the STM32CubeL5, contains about 300 application examples with some of them using TrustZone to help developers get a head start. We are also announcing that STM32CubeIDE, STM32CubeMX, and STM32CubeProgrammer all received updates to support TrustZone. Developers don’t have to use the feature, and the development boards we offer do not enable it by default. However, since programming for TrustZone is akin to writing two applications, one for the Trusted area and another for the Untrusted, it is best to start developing for the feature early. Otherwise, coders may run the risk of having to rewrite significant portions of their software. The video above will walk users through setup operations and will also demonstrate how to use a secure API to ensure that a Trusted application get data from an Untrusted environment without compromising security.
STM32L5: SMPS, USB Type-C PD, Dual Bank Flash
The STM32L5 builds on the STM32L4 and STM32L4+. The device remains power efficient with a standby mode of only 386 nA (RAM and RTC enabled) for a wake-up time of single 14 µs. This is, in part, possible thanks to the presence of a new switched-mode power supply that can more dynamically adapt the power consumption to improve efficiency. The savings are significant since the use of the SMPS increases efficiency by up to 40%. However, we also understand that designs requiring an external radio may have issues because the SMPS emits more noise, which is why we offer the ability to disable it and rely on the component’s LDO, thus providing a lot more flexibility. The new MCU also benefits from a USB Type-C Power Delivery module and 512 KB of dual bank Flash.