Getting started with STM32H7RS security


A set of practical examples is proposed to get an overview of and to understand the STM32H7RS security solutions.
These practical examples are based on the boards, tools and code examples provided by ST.

More information about the product, including the related tools and software, can be found on the official ST.com pages: STM32H7R3/7S3 and STM32H7R7/7S7

For the examples listed below, each step is described in detail.
It is advised to start with these examples before making your own trials or using other security related examples available in the STM32CubeH7RS.

Product Series STM32H7S picto.png STM32H7S picto.png Prerequisite Introduction article
Development Boards NUCLEO H7S3L8 (MB1737) DISCOVERY H7S78 (MB1167) - -
Embedded flash size 64k 64k - -
On board external flash size 256-Mbit 1-Gbit - -
Debug Authentication
Debug Authentication and Firmware update example Link to How To Link to How To STM32CubeH7RS Link
Immutable Root of Trust (iRoT)
STiRoT example * Link to How To STM32CubeH7RS Link
STM32CubeMX STiRoT example - Link to How To STM32CubeMx_V6.11.0 or later Link
STiRoT-OEMuRoT example * Link to How To STM32CubeH7RS Link
OEMiRoT example * Link to How To STM32CubeH7RS Link
  • Note:
    • - : supported but no dedicated wiki article example available
    • * : supported for STM32Cube_FW_H7RS_V1.1.0 or later version. The examples provided for the Discovery board needs to be adapted for a Nucleo board, refer to the readme available in \Projects\NUCLEO-H7S3L8\Applications\ROT

1. Secure Boot

The secure boot and related root of trust is implicitly used in all the proposed " How to start" step by step examples.
The Security features on STM32H7RS MCUs wiki article also gives technical explanations about the possible boot paths.
The Secure Boot STM32H7RS How to Introduction wiki article gives details about the boot paths used in the different provided getting started examples.

Using STM32CubeMx, a project can be generated from scratch for a chosen boot path.
The table above indicates which example is available to show how to proceed.


2. Debug Authentication

It is key to understand how to set the Debug Authentication (DA) in order to define the appropriate rights to reopen the debugger once closed.

  • It is strongly advised to read the Debug Authentication for STM32H7RS wiki article.
  • The Debug Authentication on STM32H7RS how to Introduction wiki article summarizes all the technical know-how to be read before executing the getting started.
  • The How to start with DA access on STM32H7RS wiki article explains step by step how to perform a Debug opening and a Firmware Update.
    • Two examples are described in this article
      • The first example, starting with a device provisioned using the STiRoT example provided in the STM32CubeFW.
      • The second example, starting with a device provisioned using the OEMiRoT example provided in the STM32CubeFW.

3. OEMiRoT

An OEM can develop its own customized Immutable Root Of Trust (OEMiRoT).
It is advised to read the Security features on STM32H7RS MCUs wiki article to understand the different possible Root of Trust.

4. STiRoT

An immutable root of trust defined by ST is included for the STM32H7S series.
It is an embedded firmware stored in the system flash and it cannot be modified.
It is advised to read the Security features on STM32H7RS MCUs wiki article to understand the different possible Root of Trust.


Subcategories

This category has the following 5 subcategories, out of 5 total.