STMicroelectronics enhances STM32 portfolio security with new Arm TrustZone-enabled chips

Today we expect smart objects to fit seamlessly into our lives, anticipating our needs, yet requiring minimal attention themselves. Think about the smart watch on your wrist or the Amazon Echo in your home: invisibly processing data and getting smarter with each task. It doesn’t stop there; like a snowball gaining momentum, the next generation of devices in homes, cities and factories are beginning to seize the benefits that intelligent, connected devices offer.

The challenge for the semiconductor industry, however, is that this requires more processing power, more functionality and impenetrable security – all while running even longer on smaller batteries.

Today marks one step closer to that future reality, with ST’s announcement of the STM32L5 family, based on the Arm Cortex-M33 processor. This is the first ST product family to incorporate TrustZone technology for Arm Cortex-M processors, making possible system-wide software security and a new level of trust for embedded devices. The STM32L5 follows the STM32L4+ Cortex-M family, familiar to hundreds of thousands of developers, so there is a wealth of knowledge and resources available today to help speed up software development. The STM32L5 is the first STM32 based on the Armv8-M architecture with TrustZone security.

What did ST announce?

ST unveiled a family of devices with that expands the features and versatility of the STM32 series. The devices fully utilize the Armv8-M architecture to boost performance and increase security with the following: 4MB of Flash, up to 256KB of RAM, a rich suite of timers and interfaces including ADC, DAC, USB, CAN, SDIO, SPI, I2C, and UARTs. The advanced security module supports AES, SHA-2, SHA-256, TRNG, PKA (RSA & ECC) and a unique 96-bit ID.

STM32 L5 series portfolio

Target applications

ST targets a wide range of applications that that can benefit from enhanced security. These example applications below may contain sensitive, high-value data, or may be connected to other devices that could be compromised. Just as a small open attic window exposes the whole house to risk, so a lack of security in any part of the device could be detrimental. Arm TrustZone provides hardware-enforced isolation across the entire system and Arm Platform Security Architecture establishes a common framework for security implementation - together providing a trusted foundation from the ground-up.

Applications for STM32 chips

Unique features of the STM32L5 family

Embedded system designers continue to demand higher performance and lower power consumption. The STM32L5 family improves performance over the STM32L4+ family with an upgrade to the Cortex-M33 processor and a cache for internal and external program memory. The optimized power supply further reduces power consumption.

The STM32L5 also addresses the need for increased security with the addition of security features not typically found on microcontrollers such as a crypto co-processor and encrypted storage of off-chip memory.

Strong focus on security:

  • TrustZone security technology
  • Anti-tampering
  • Temperature/voltage protection (PCI for Mobile POS)
  • Elliptic curve acceleration (PKA)
  • On-the-fly decryption Octo SPI
  • Secure bootloader

Power consumption:

  • Optimized DC/DC +LDO with switching on the fly
  • Optimized RTC consumption (100 nA including Crystal

Performance:

  • Cache for internal and external memory (ART Accelerator)

New IP:

  • FD-CAN
  • USB type C connector

To top it all off, the new ST families feature the Arm Cortex-M33 processor. What does that bring?

The Cortex-M33 processor: Security, efficiency and ease of use

The Cortex-M33 is built for feature rich IoT and embedded products. It extends the capability of the Cortex-M3 and Cortex-M4 processors, providing more security, enhanced efficiency, performance and scalability for deployment even in the most demanding contexts. The key benefits of the Cortex-M33 include:

1. Securing a trillion connected devices

To truly enable systems built on trust, security cannot be considered a separate component, or as an afterthought to the rest of a system. It must be embedded in every element and process that exists in your Internet of Things (IoT) deployment.

Companies who are creating IoT solutions often find themselves navigating a complex landscape of security standards, technologies and processes – without the in-house expertise required to help it make sense. Arm has a vision for security, and to help make it a reality, we launched a number of programs, services and IP products, to help companies who need to deploy network-wide security as part of their everyday business.

2. Understanding potential vulnerabilities

The first stage in designing security is understanding the environment surrounding a device or service, and what the potential threats could be. Arm identifies four main categories of potential vulnerabilities: communication, lifecycle, software and physical (also known as silicon). The risk of each of these happening will largely depend on your application, how it’s being used and the potential value of your data.

3. A handy starting point

The Arm Platform Security Architecture (PSA) is the framework for securing a trillion connected devices. Backed widely by Arm's partners and industry leaders, it’s a three-stage process for making IoT security easier and quicker to implement. PSA suggests common principles for security design and provides a holistic set of resources for the requirements analysis, architecture and implementation phases of device design.

Arm Platform Security Architecture capabilities

System designers can differentiate their products by adding valuable software and algorithms for further functionality, with the knowledge that they are protected with TrustZone software isolation. Trusted execution is now achievable, even in the most constrained embedded devices.

4. Longer battery life with an efficient Cortex-M processor

The Cortex-M33 processor allows developers to optimize power usage for specific applications with built-in, low-power features. With its three highly optimized low-power modes, the processor conserves energy to match processing demands. The Cortex-M33 provides 13% more performance than the Cortex-M4 and runs on less energy for even longer. The combination of the Cortex-M33 ultra-low-power core, and the ability of the memory to operate down to 1.71V deliver industry-leading low power consumption in active and sleep modes.

5. Easier software development

Software developers can use their existing know-how of the Cortex-M programmer's model when working with the Cortex-M33. Familiar development tools, such as Arm Keil MDK and Arm Compiler, all support the new processor too. And if using the ULINKplus debug adapter in conjunction with Keil MDK, developers can also optimize for power consumption, making their device energy-efficient, both in terms of hardware and software that runs on it.

By accessing the broad Arm ecosystem, developers can choose from a wide selection of ecosystem partners offering software, tools and security solutions. There are also a wealth of resources and documentation for TrustZone for Armv8-M.

5. Secure cloud connectivity

Security is one of the fundamental foundations of Mbed OS, which provides developers with the tools they need to ensure the devices deployed, meeting the security requirements of both today and tomorrow's IoT customers.
ST and the Arm Mbed team have been working closely to enable a port of Mbed OS for ST platforms, based on the Cortex-M33 processor. This port showcases the security features that ST, the Armv8-M architecture, PSA and Mbed OS will provide developers.

Forthcoming Mbed releases will bring PSA-compliant cryptographic APIs* and secure partition management*, enabling ST to bring leading-edge platforms to the Mbed ecosystem, and making Arm's commitment to ensuring security from chip to cloud using Arm’s Pelion IoT platform a reality.

*Now available to Mbed partners on a feature branch

So, why wait? Start developing your embedded device

With the advance of the IoT, security is no longer an option; embedded developers and device manufacturers must take it seriously. With higher value data and mass devices being connected, it's critical that not a single-entry point is exposed. But system-wide security is within reach; ST devices based on the Cortex-M33 processor help developers access the technology needed to build a secure foundation in the heart of their device.

Learn more about the STM32L5

Anonymous