ST Bases New MCUs on Arm TrustZone TechnologyFebruary 14, 2020 by Gary Elinoff
STMicroelectronics is placing security as a high priority for their new series MCUs based on Arm Cortex-M33.
STMicroelectronics is making security a priority with its latest MCU series, the STM32L5x2. The ultra-low-power MCUs, which are designed for IoT-connected applications, employ Arm TrustZone's hardware-based security. Arm TrustZone is said to create a protected environment for cryptographic functions and for key storage.
The STM32L5x2. Image used courtesy of STMicroelectronics
Arm also asserts that the platform enables safe, isolated authentication of external devices attempting to connect via the network. It does this by blocking malicious attempts to corrupt the MCU or the hardware and software environment of which it is a part.
The STM32L5x2 series of MCUs also features a second, completely independent environment. Here, un-trusted code can be more safely run.
An Emphasis on Security
Users have the option to include or exclude each peripheral, I/O, or area of FLASH or SRAM from TrustZone's protection. This will allow full isolation for critically-sensitive functions and allow better security.
Comprehensive TrustZone implementation allows members of the STM32L5x2 series to support secure boot. Cryptographic acceleration, including AES 128/256-bit key hardware acceleration and public key acceleration (PKA), is supported as well as AES-128 On-The-Fly Decryption (OTFDEC).
The units also support secure firmware installation. There is read-out and write protection for integrated SRAM and Flash. A tamper detection feature prevents hardware attacks at point-of-sale (POS) terminals
These features have earned the STM32L5x2 series accreditation to PSA certified level 2.
Trusted Firmware (TF-M) leverages services such as cryptographic and secure storage to assure the integrity of the secure boot and firmware.
According to Thomas Ensergueix, senior director of the automotive and IoT line of business at Arm, “As IoT and embedded devices increase in intelligence and functionality, security must be built in from the ground up.”
He goes on to state that, “The STM32L5 series makes it easier for developers to build trusted PSA-certified devices based on the Arm Cortex-M33 processor.”
Features of the STM32L5x2 Series
Members of the series run at clock frequencies of up to 110 Mhz. The STM32L552XX units offer 256 Kbytes to 512 Kbytes of FLASH memory. The STM32l562XX devices feature 512 Kb of FLASH memory and feature AES, PKA, and OTFDEC encryption accelerator engines.
Members of the STM32L5x2 series. Image used courtesy of STMicroelectronics
The series members operate over a temperature range of -40°C to +85°C. ST also offers an enhanced temperature range of -40°C to +125°C.
A few key power features of the new MCUs include:
- 17 nA in shutdown mode
- 3 µA in stop mode. (This is with SRAM and peripheral states retention and a 5µs wake-up time)
- As little as 62 µA/MHz in active mode
These and other power statistics are made possible in part because of an available onboard switched mode power supply (SMPS). Series members can operate with power sources as low as 1.8 V.
As described by Ricardo De Sa Earp, the general manager of ST's microcontroller division, “Applying ST’s expertise in ultra-low-power design and processing technologies and adding our security and data protection on top of the solid foundation of Arm TrustZone and the outstanding STM32 ecosystem, the STM32L5x2 MCUs are ideal for Industrial IoT applications – metering, health (human or machine) monitoring, mobile point-of-sale – that require reliability and security.”
STM32L5 series is a full member of the industry-leading STM32 ecosystem and is supported by an extensive library of proven software and firmware.
The STM32L552E-EV evaluation board, for example, is a complete demonstration and development platform for the STM32L552XX sub-series.
The STM32L552E-EV evaluation board. Image used courtesy of STMicroelectronics
The STM32L562E-DK discovery kit is similar to the evaluation board but is geared toward prototyping. Then there's the NUCLEO-L552ZE-Q, which represents an affordable way for developers to try out concepts and evaluate prototypes.