SFI STM32H5 How To Intro

1. SFI

1.1. Features

The secure firmware install (SFI) solution provides security when programming devices in a non-trusted facility owned by a contract manufacturer (CM). SFI addresses the two main issues at a non-trusted facility:

  • OEM application confidentiality against CM during STM32 programming.
  • Avoid CM overproduction of OEM devices.

1.2. Principles

There are two steps:

  • The application creation flow
  • The application installation flow

The next two sections detail the flows.

1.2.1. The application creation flow

The OEM uses the STM32 Trusted Package Creator tool to:

  • Create and manage its secret encryption key (the firmware key as indicated in the figure below).
  • Encrypt its application and option bytes configuration with the firmware key. It is the SFI OEM application image (the encrypted file in the figure below).
  • Program the firmware key within an HSM and lock it. After that step, the firmware key cannot be read or extracted clearly from the HSM. Only the STM32 can handle the firmware key from the HSM

1.2.2. The application installation flow

The CM uses the STM32CubeProgrammer (or any other SFI-recommended partner programming tool) to securely program STM32 MCUs in non-trusted environments.

  • The STM32 securely extracts the firmware key from the HSM. The HSM verifies the firmware key extraction request number.
  • The STM32 securely decrypts and programs the OEM application within the internal flash memory.
  • The OEM application is never disclosed outside the STM32. The SFI process guarantees the OEM application confidentiality against the CM.
Security SFIgraph2.png

2. SFI for STM32H5 with the secure manager

This procedure must be followed if the OEM installs an application developed using the secure manager. In this case, there are several additional components (OEM secrets, secure manager, and modules) to prepare, to test, and to install.

Here is the list of applicable products:

Type Products
Microcontroller STM32H573xx

The preparation and installation flow is described below:

Security SFI H5 Preparation and installation Flow.png


The SFI HSM license and SFI global license can be used.

Refer to the following page for an example on getting started with SFI on STM32H573xx microcontrollers with the secure manager:

How to start SFI on STM32H5 with the secure manager.

3. SFI for STM32H5 without the secure manager

This procedure must be followed when the OEM installs an application developed without the use of the secure manager.
Here is the list of applicable products:

Type Products
Microcontroller STM32H573xx, STM32H563xx, STM32H533xx, STM32H523xx

The preparation and installation flow is described below:

Security SFI H5 without SM Preparation and installation Flow.png


Only the SFI HSM license can be used (the SFI global license cannot be used).

In this case, the SFI procedure on the STM32H5 series is similar to the SFI procedure applied on other platforms. Follow SFI step-by-step on STM32 boards to run the SFI procedure on the STM32H5 without the secure manager.