STM32HSM-V2BE

STM32HSM-V2 hardware security module (HSM) is used to secure the programming of STM32 products, and to avoid product counterfeiting at contract manufacturers' premises. The secure firmware install (SFI) feature allows secure downloading of customer firmware to STM32 products that embed a secure bootloader. Original equipment manufacturers (OEM) working on a specific STM32 product receive the relevant ST public key to be stored to one or more STM32HSM-V2 HSMs using the STM32CubeProgrammer and STM32 Trusted Package Creator software tools. Using the same toolchain, after defining the firmware encryption key and encrypting its firmware, the OEM also stores the encryption key to one or more STM32HSM-V2 HSMs, and sets the number of authorized SFI operations for each HSM. Contract manufacturers must then use these STM32HSM-V2 HSMs to load encrypted firmware to the STM32 devices: each STM32HSM-V2 HSM only allows the OEM-defined number of SFI operations before irreversible deactivation.

• Genuine firmware identification (firmware identifier)
• Identification of STM32 products with secure firmware install (SFI) functionality
• Management of STMicroelectronics (ST) public keys associated with STM32 products
• License generation using a customer-defined firmware encryption key
• Secure counter allowing the generation of a predefined number of licenses
• Direct support of the STM32CubeProgrammer software tool (STM32CubeProg) including the STM32 Trusted
• Package creator tool