Getting started with STM32N6 security


Two practical examples are proposed to get an overview and to understand the STM32N6 security solutions.

These practical examples are based on the boards, tools, and code examples provided by STMicroelectronics. The examples listed below describe each step in detail. It is recommended to start with these examples before any custom developments or other security-related examples available in the STM32CubeN6 MCU Package.

Product series: STM32N6
Board: STM32N6570-DK NUCLEO-N657X0-Q
Secure boot
Install a trusted FSBL How to install a trusted application on STM32N6 MCUs Not applicable
Updatable Root of Trust
OEMuRoT How to start with OEMuRoT on STM32N6 MCUs Not applicable

1. Secure boot

On STM32N6 MCUs, a first-stage bootloader (FSBL) must be signed so the boot ROM can execute it in secured-locked state. To ensure that the FSBL signature is done correctly, the user can request the boot ROM traces, which are stored in AXISRAM2.

The step-by-step example linked in the table above explains how to get these boot ROM traces and how to install a trusted FSBL in external memory. Refer to the security features on STM32N6 MCUs wiki article for more details.

2. OEMuRoT

OEMuROT provides secure boot and secure firmware update functionalities. For more details about the OEMuRoT mechanism, refer to the following wiki article: OEMuRoT for STM32N6.