Security framework for STM32 MCUs and MPUs for protecting embedded devices

STM32Trust platform from STMicroelectronics provides hardware products, software projects, tools and training to enable OEMs to build strong security into connected products, from design through production to onboarding with popular cloud computing services.

STMicroelectronics has implemented a comprehensive framework, called STM32Trust, that enables system developers to implement strong security protection functions in embedded devices, and to comply with new and emerging security regulations. 

The security implementations developed by ST are graduated to fit with the different requirements of the various industry standards governing security technology, and so to provide manufacturers with a scalable approach. STM32Trust relies on several security certification schemes to give OEMs confidence in its security implementations, including:

  • Platform Security Assurance (PSA), an Arm® project
  • Security Evaluation Standard for IoT Platforms (SESIP), defined by GlobalPlatform
  • In addition, the STSAFE secure elements supported by STM32Trust are Common Criteria Evaluation Assurance Level (EAL) 5+ certified

This assurance level allows designers to use the security framework with confidence, and to meet the application requirements of security standards such as PCI, UL-2900, IEC 62443, ETSI EN 303 645, FIPS-140-2, and IoXT.

The STM32Trust framework provides developers with a robust, multi-level solution for enhancing security in their new product designs. It is for implementation on STM32 microcontrollers and microprocessors, in combination with STSAFE secure elements. The framework helps OEMs to implement 12 security functions: 

  • Secure boot
  • Secure installation/update
  • Silicon device lifecycle management
  • Isolation of trusted from non-trusted parts of a system
  • Secure storage of data and keys
  • Cryptography engine
  • Secure manufacturing
  • Identification/authentication/attestation
  • Software IP protection
  • Abnormal situation handling
  • Audit/log of security events
  • Application lifecycle management

To support these functions, STM32Trust offers a range of security services that are constantly evolving to make security protection easier to implement. These services include: 

  • Secure boot and secure firmware installation, in tandem with the STM32CubeProgrammer and the STM32HSM hardware security module
  • Cryptography
  • Trust Execution Environment (TEE) Secure Manager
  • Trusted Firmware for Microcontrollers (TF-M) open-source software project
  • Trusted Firmware for Applications Processors (TF-A) open-source software project
  • Open Portable Trusted Execution Environment (OP-TEE)

More information about the STM32Trust framework can be found at