stm32生态系统帮助客户 - esbf.info · •ecc (elliptic curve cryptography): •key...
TRANSCRIPT
![Page 1: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/1.jpg)
STM32 Ecosystem Enables Customers to Secure Their IoT Applications
STM32生态系统帮助客户实现安全的物联网应用
Stephane Rainsard
Technical Marketing Manager
APAC Region
![Page 2: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/2.jpg)
Ultra-low-power
Mainstream
Cortex-M0
Cortex-M0+Cortex-M3 Cortex-M4 Cortex-M7
High-performance
Wireless
Cortex-M0+ Radio Co-processorLegend:
Great Investment 413 Product Series
More than 50 Product Lines
![Page 3: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/3.jpg)
Security
Great Investment 5
具体系统需要具体分析
让我们一起查看STM32生态系统如何帮助客户实现安全的物联网应用
![Page 4: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/4.jpg)
安全:是一个生态系统
ST最佳产品组合
ST 软件库
大众市场解决方案
现场培训
合作伙伴
Field Training
Secure Firmware Install
Secure Boot – Secure Firmware Upgrade
Mass Market
SW Libraries
(X-Cube-CryptoLib)
New products with new IPs
New solutions available
New products announced
And more…
6
Security
![Page 5: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/5.jpg)
现场培训
合作伙伴
ST最佳产品组合
大众市场解决方案
ST软件库
最佳产品组合
ST最佳产品组合
ST’s best in class portfolio
ST最佳产品组合
7
![Page 6: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/6.jpg)
基于Cortex-M33的第一款STM32
• More security with TrustZone and ST security
implementation• HW to resist to Logical and board level attack
• Lower Power consumption• STM32 ultra-low-power technology
• Integration, Size, performance• More performance, high memory size and wide portfolio
8
现场培训
合作伙伴
大众市场解决方案
ST软件库
ST最佳产品组合
![Page 7: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/7.jpg)
TrustZone:例子
Trusted
& PrivilegedUn-Trusted
& Privileged
STM32L5
Trusted
&Un-Privileged
Un-Trusted
&Un-Privileged
Secured
Keys
Secured
Boot
Sensor IP
RTOS
RF Stack
Secured
data
Sensors
TrustedUn-Trusted
Pri
vile
ged
Un
-Pri
vile
ged
• More partitioning
• Possibility to separate the
trusted and un-trusted area
with privileged and un-
privileged zone
• Strong granularity to define
each part of memory or each
peripheral, DMA channel as
privileged or un-privileged
9
现场培训
合作伙伴
大众市场解决方案
ST软件库
ST最佳产品组合
RF
![Page 8: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/8.jpg)
一整套安全技术
MEMORY and IP
PROTECTION
• Active and static Anti-tamper detection
• Memory Protection Unit (MPU)
• Secure Boot
• Read and Write Protection
• HDP (Hide Protect)
• OTFDEC (On-the-fly decryption) on
Octo SPI to protect external memory
• JTAG fuse
• TrustZone
• Unique Boot Entry
10
现场培训
合作伙伴
大众市场解决方案
ST软件库
ST最佳产品组合
ENCRYPTION
DECRYPTION
AUTHENTIFICATION
• AES-128/256 Encryption
• SHA-256 Authentication
• Private Key Acceleration (PKA):
for RSA, Diffie-Hellmann or ECC
(Elliptic Curve Cryptography)
• Certified Crypto library
• True Random Number Generator
• Unique ID
• OTP Zone
![Page 9: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/9.jpg)
No matter what!
选择STM32WB系列7个关键点让我们脱颖而出
256KB Flash
A large offer
1MB Flash
100-pin3.6 V
1.7 V 48-pin
Massive integration
Cost savingIoT Protection readyDual-core / Full control
Ultra-low-power
Open 2.4 GHz radio
Multi-protocol
Advanced RF tool, Energy control
with C code generation
12
现场培训
合作伙伴
大众市场解决方案
ST软件库
ST最佳产品组合
![Page 10: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/10.jpg)
完备的IoT安全防护Radio Stack And/or Application FW Update
Application Processor
Cortex-M4
FPU + MPU
DSP instruction
64 MHz
Network
Processor
Cortex-M0+
32 MHz
2.4
GH
z r
ad
io
Mo
de
m (
BL
E, 8
02
.14
.5)
Radio
stack
FW
Application
V 2.0
AE
S 1
28
-bit
Empty Flash
Closed Sub-systemRadio + Key storage
Cu
sto
me
r…
Ke
y S
tora
ge..
1 New FW package received
2New FW detected
Update is launched
3App Processor initiate FW update
( include send New FW package
signature for authentication )
4
Authentication signature
matches preprogrammed key
Case not, the process is
aborted and device resets
5New FW package is
decrypted with proprietary
Key. Device upload on going.FW
Application
V 1.0
FW
Application
V 2.0
Empty Flash
Antenna
ST最佳产品组合 13
![Page 11: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/11.jpg)
Security within component• Countermeasures against remote software and board level attacks
• TEE capabilities
• Self-evaluated solution
MCU with eHSM
灵活的安全解决方案
• Pure software countermeasures against remote
software attacks mainly
• Self-evaluated solution
Computer firmware
eHSM : embedded Hardware Security Module
Strong trusted components• Tamper proof solution (Hardware & SoC)
• Certified Common criteria, EMVCo, ...
• Proven against all attacks
(Remote software; Board level and Silicon level attacks)
Secure Element
Solution choice depends of Attack
Robustness & Assurance level
customer demand14
现场培训
合作伙伴
大众市场解决方案
ST软件库
ST最佳产品组合
![Page 12: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/12.jpg)
Security within component• Countermeasures against remote software and board level
attacks
• TEE capabilities
• Self-evaluated solution
MCU with eHSM
灵活的安全解决方案
Strong trusted components• Tamper proof solution (Hardware & SoC)
• Certified Common criteria, EMVCo, ...
• Proven against all attacks
(Remote software; Board level and Silicon level attacks)
Secure Element
eHSM : embedded Hardware Security Module
Tamper-proof secure element
• System-on-Chip with Secure MCU
• Secure embedded OS
• Optimized for IoT devices
• Certified security
• Personalization service
• GP MCU integration libraries
• STM32 MCU expansion board
Complete
ecosystem&
15
现场培训
合作伙伴
大众市场解决方案
ST软件库
ST最佳产品组合
![Page 13: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/13.jpg)
ST最佳产品组合 ST软件库 16
现场培训
合作伙伴
大众市场解决方案
ST软件库
ST软件库
ST SoftwareLibraries
ST软件库
![Page 14: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/14.jpg)
所有STM32可用的软件库• AES-128, AES-192, and AES-256
• ECB (Electronic Codebook Mode)
• CBC (Cipher-Block Chaining) with support
for ciphertext stealing
• CTR (Counter Mode)
• CFB (Cipher Feedback)
• OFB (Output Feedback)
• CCM (Counter with CBC-MAC)
• GCM (Galois Counter Mode)
• CMAC
• KEY WRAP
• XTS (XEX-based tweaked-codebook mode
with ciphertext stealing)
• DES and TripleDES:
• ECB (Electronic Codebook Mode)
• CBC (Cipher-Block Chaining)
• ARC4
• Random bit generator engine based on
DRBG-AES-128
• Hash function: HKDF-SHA-512
• Hash functions with HMAC support:
• MD5
• SHA-1
• SHA-224
• SHA-256
• SHA-384
• SHA-512
• RSA with PKCS#1v1.5
• Encryption/decryption
• Signature
• ECC (Elliptic Curve Cryptography):
• Key generation
• Scalar multiplication (the base for ECDH)
• ECDSA
• ChaCha20
• Poly1305
• Chacha20-Poly1305
• ED25519
• Curve25519
X-C
ub
e-C
ryp
toL
ibA
va
ilable
on a
ll S
TM
32
CAVP
Certified
17
ST最佳产品组合
现场培训
合作伙伴
大众市场解决方案
ST软件库
![Page 15: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/15.jpg)
美国密码算法验证体系 (CAVP)
• Provides validation testing of FIPS-approved and NIST-
recommended cryptographic algorithms and their
individual components
• Issues validation certificates
• Maintains a list of validated algorithms
• Validated X-CUBE-CRYPTOLIB algorithms for STM32
18
X-C
ub
e-C
ryp
toL
ibA
va
ilable
on a
ll S
TM
32
CA
VP
Cert
ifie
d
CAVP
Certified
• AES: #3971
• RSA: #2036
• ECDSA: #874
• SHS: #3275
• DRBG: #1165
• HMAC: #2589
ST最佳产品组合
现场培训
合作伙伴
大众市场解决方案
ST软件库
![Page 16: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/16.jpg)
ST软件库
大众市场解决方案 19
ST最佳产品组合
现场培训
合作伙伴
大众市场解决方案
大众市场解决方案
Mass Market
Solutions
大众市场解决方案
![Page 17: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/17.jpg)
大众市场解决方案
The context : not a single standardized
Secure Boot / Root of Trust model
SB
RoT 1Reset
Stage X
application
SB
RoT 2Reset
Stage X
application
SB
RoT nReset
Stage X
application
Industrial
LPWAN
NB IOT
SB
RoT xReset
Stage X
application
SB
RoT yReset
Stage X
application
SB
RoT zReset
Stage X
application
Cloud
Metering
…
20
ST软件库
ST最佳产品组合
现场培训
合作伙伴
大众市场解决方案
![Page 18: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/18.jpg)
如何支持该方法
• Embedded ROMed code
• ST proposal
• Allow Industries to develop their own
Secure Boot / Root of Trust method
• Propose a way to securely load it into the STM32
• Propose a way to isolate and securely execute it within STM32
SB / RoT approach feasibility remarks
One code on all STM32 May not be market acceptable
Multiple code on STM32
Diversify products
Increase development, qualification,
certification, cost
X-Cube-SBSFU
SFI
STM32
21
ST软件库
ST最佳产品组合
现场培训
合作伙伴
大众市场解决方案
![Page 19: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/19.jpg)
内建SFISecure Firmware Install 安全固件安装
Loading of Confidential / Authentic SB / RoT binary file into
Secure User Area
STM32
Secure Loader
CA certificate, key and SFI services
Provisioned by ST in standard STM32
Mass Market approach
Supported Communication interface
UART / SPI / USB
Secure
User Area
SB / RoT
ResetSFI
User
Application
22
ST软件库
ST最佳产品组合
现场培训
合作伙伴
大众市场解决方案
![Page 20: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/20.jpg)
X-Cube-SBSFU
Secure Boot + Secure
Firmware Update
X-Cube-SBSFU package
available on www.st.com
Provided as source code
Tools and documentation
available
Already for STM32L4,
many more to come…
23
ST软件库
ST最佳产品组合
现场培训
合作伙伴
大众市场解决方案
![Page 21: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/21.jpg)
大众市场解决方案
现场培训 24
ST软件库
ST最佳产品组合
现场培训
合作伙伴
现场培训
FieldTraining
现场培训
![Page 22: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/22.jpg)
为中国各地提供培训
Training Form:• Whole day
• Theory + Hands-on
City: Tier-1 City: • Shanghai, Shenzhen, Beijing
Tier-2 City:• 9 cities including :
Guangzhou, Chengdu, Wuhan,
Xi’an, Qingdao …
2018Sessions: 47
25
大众市场解决方案
ST软件库
ST最佳产品组合
合作伙伴
现场培训
![Page 23: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/23.jpg)
现场培训
合作伙伴 26
大众市场解决方案
ST软件库
ST最佳产品组合
合作伙伴
合作伙伴Partners
合作伙伴
![Page 24: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/24.jpg)
合作伙伴
ST is addressing your application needs by integrating industry’s best
practices and innovative solutions into a complete ecosystem.
ST enables your next idea by bringing ST’s portfolio,
software and tools together with Partner’s solutions
And more…
27
现场培训
大众市场解决方案
ST软件库
ST最佳产品组合
合作伙伴
![Page 25: STM32生态系统帮助客户 - esbf.info · •ECC (Elliptic Curve Cryptography): •Key generation •Scalar multiplication (the base for ECDH) •ECDSA •ChaCha20 •Poly1305](https://reader036.vdocuments.pub/reader036/viewer/2022062602/5f01ff647e708231d40211e2/html5/thumbnails/25.jpg)
Cortex-M0+ Radio Co-processorLegend:
Providing Security IPs,
Libraries, Solutions
across our portfolio
• New Products
• SW Librariesavailable for all STM32
• SFI大众市场方案
• SBSFU
大众市场方案
• Trainings
• Partners Cortex-M0+ Radio Co-processorLegend:
Great Investment 28
现场培训
大众市场解决方案
ST软件库
ST最佳产品组合
合作伙伴