This article appeared in Microwaves & RF and has been published here with permission.
Through separate collaborative efforts with Amazon Web Services (AWS) and Microsoft, STMicroelectronics is expanding its reach into the IoT space. On the AWS front, STMicro now offers a reference implementation that makes it easy and secure to connect IoT devices to the AWS Cloud. At the same time, in a joint effort with Microsoft, STMicro has worked to strengthen the security of emerging IoT applications.
The AWS Collaboration
STMicro’s work with AWS combines ST’s STM32U5 ultra-low-power microcontrollers (MCUs), the open-source FreeRTOS real-time operating system, and Arm’s trusted firmware for embedded systems (TF-M). The reference implementation is performed on ST’s B-U585I-IOT02A Discovery Kit for IoT Nodes with STM32U5 MCUs, which contains rich features including USB, Wi-Fi, and Bluetooth Low Energy (BLE) connectivity, as well as than several sensors. Support for STSAFE-A110 Secure Elements is being added and comes preloaded with IoT thing credentials. It secures and simplifies the connection between connected objects and the AWS cloud.
FreeRTOS includes an optimized kernel for resource-constrained embedded systems and software libraries for connecting various types of IoT endpoints to the AWS cloud or other edge devices. AWS Long Term Support (LTS) is maintained on FreeRTOS releases for two years, providing developers with a stable platform for deploying and maintaining their IoT devices.
Arm TF-M firmware simplifies the protection of embedded systems, including secure boot, secure storage, cryptography and attestation services, forming the basis of a Trusted Execution Environment (TEE) on the device. Designed for Arm v8-M architectures, TF-M easily integrates with TrustZone on ST’s STM32U5 microcontrollers, which incorporate the Arm Cortex-M33 core.
ST’s STM32U5 MCUs target demanding IoT edge applications, featuring the advanced 160MHz Cortex-M33 core with Arm TrustZone technology and Armv8-M core security extension, up to 2MB on-chip flash memory and extreme power saving features. With hardware cryptographic accelerators, secure firmware installation and updating, and increased resistance to physical attack, the MCUs have achieved PSA Certified Level-3 and SESIP 3 certifications.
Additionally, their extremely power-efficient design simplifies application power and extends battery life in remote applications. Highlights include three different shutdown modes that maximize operating possibilities at the lowest possible power and ST’s batch acquisition mode that captures peripheral data even when the core is powered off.
ST will release a version of the reference implementation based on STM32Cube tools and software in the third quarter of this year, which will further simplify IoT design, taking advantage of seamless integration with the rest of the ecosystem STM32.
ST’s efforts with Microsoft
In a separate partnership, STMicro worked with Microsoft to develop a Microsoft Azure IoT cloud reference implementation. The reference design integrates ST’s ultra-low-power STM32U5 microcontrollers with Microsoft Azure RTOS & IoT middleware and a certified secure implementation of Arm TF-M services for embedded systems. The project produced a TF-M-based Azure IoT cloud reference implementation that leverages the enhanced security features of the STM32U5 complemented by the hardened keystore of an STSAFE-A110 secure element.
IoT device developers face intense time-to-market pressures, even as they must meet the industry’s highest security standards. It is hoped that the STMicro/Microsoft effort will speed up embedded development by increasing security as well as power efficiency and performance.
Microsoft Azure RTOS provides a comprehensive middleware package optimized for resource-constrained connected applications such as IoT edge devices and endpoints. It combines the compact footprint of the ThreadX real-time operating system with memory management and connectivity services, including support for NetX Duo IPv4/IPv6 and TLS secure sockets.
Similar to ST’s collaboration with AWS, the Arm TF-M suite provides reliable services such as secure boot, secure storage, cryptography, and attestation. Designed for Arm Cortex-M processors, the TF-M suite easily integrates with ST’s STM32U5 microcontrollers.
Additional security features of the STM32U5 include resistance to physical attacks and Arm’s TrustZone architecture that provides additional isolation for security-critical resources. The STSAFE-A110 EAL5+ certified secure element provides an authentication scheme and a personalization service allowing automated and secure attachment of objects connected to Microsoft Azure. It securely relieves the historical burden of IoT device manufacturers to protect secret credentials during product manufacturing.
ST will release an STM32Cube-based integration of the reference implementation in Q3 2022 that will further simplify IoT device design, leveraging tight integration with the broader STM32 ecosystem.