Two practical examples are proposed to get an overview and to understand the STM32N6 security solutions.
These practical examples are based on the boards, tools, and code examples provided by STMicroelectronics. The examples listed below describe each step in detail. It is recommended to start with these examples before any custom developments or other security-related examples available in the STM32CubeN6 MCU Package.
Product series: | STM32N6 | |
---|---|---|
Board: | STM32N6570-DK | NUCLEO-N657X0-Q |
Secure boot | ||
Install a trusted FSBL | How to install a trusted application on STM32N6 MCUs | Not applicable |
Updatable Root of Trust | ||
OEMuRoT | How to start with OEMuRoT on STM32N6 MCUs | Not applicable |
1. Secure boot
On STM32N6 MCUs, a first-stage bootloader (FSBL) must be signed so the boot ROM can execute it in secured-locked state.
To ensure that the FSBL signature is done correctly, the user can request the boot ROM traces, which are stored in AXISRAM2.
The step-by-step example linked in the table above explains how to get these boot ROM traces and how to install a trusted FSBL in external memory. Refer to the security features on STM32N6 MCUs wiki article for more details.
2. OEMuRoT
OEMuROT provides secure boot and secure firmware update functionalities. For more details about the OEMuRoT mechanism, refer to the following wiki article: OEMuRoT for STM32N6.