Skip to main content
GRoss.5
GRoss.5
Associate II
September 16, 2022
Solved

Best approach to security with STM32H757

  • September 16, 2022
  • 1 reply
  • 873 views

I am using an STM32H757. I understand how, using the TrustedPackageCreator and an HSM, I can supply our manufactures with an encrypted version of the firmware and limit the number of product instances they can produce. My question is, when the product firmware is being updated in the field does the person doing the updating (service engineer) need an HSM card as well. If so, is there a way to give our service people a card that allows for unlimited firmware updates? If not, what is the best approach to provide our service people with the ability to update the firmware in the field? We would like to avoid the situation were the service engineer cannot update the firmware because the HSM card has no more instances remaining.

This topic has been closed for replies.
Best answer by Bubbles

Hello @Community member​ ,

The HSM is securing the SFI (secure firmware install). But for secure firmware updates in the field, I think you need X-CUBE-SBSFU - Secure boot & secure firmware update software expansion for STM32Cube - STMicroelectronics

I think it's better suited for this role in the product lifetime than SFI. Unless there are some other constraints, like code size.

See Introduction to STM32 microcontrollers security - Application note for more security tips.

BR,

J

1 reply

Bubbles
BubblesBest answer
ST Employee
October 3, 2022

Hello @Community member​ ,

The HSM is securing the SFI (secure firmware install). But for secure firmware updates in the field, I think you need X-CUBE-SBSFU - Secure boot & secure firmware update software expansion for STM32Cube - STMicroelectronics

I think it's better suited for this role in the product lifetime than SFI. Unless there are some other constraints, like code size.

See Introduction to STM32 microcontrollers security - Application note for more security tips.

BR,

J

To give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
Terms & ConditionsAccessibility statement