In separate collaborative efforts with Amazon Web Services (AWS) and Microsoft, STMicroelectronics is extending its reach into the IoT realm. On the AWS front, STMicro now offers a reference implementation that makes for easier and secure connection of IoT devices to the AWS cloud. Meanwhile, in a joint effort with Microsoft, STMicro has endeavored to strengthen the security of emerging IoT applications.
The AWS Collaboration
The work that STMicro has done with AWS combines ST’s STM32U5 ultra-low-power microcontrollers (MCUs), the FreeRTOS open-source real-time operating system, and Arm's Trusted Firmware for embedded systems (TF-M). The reference implementation is realized on ST’s B-U585I-IOT02A Discovery Kit for IoT nodes with STM32U5 MCUs, which contains rich features including USB, Wi-Fi, and Bluetooth Low Energy (BLE) connectivity, as well as multiple sensors. The STSAFE-A110 secure element support is being added and comes pre-loaded with IoT object credentials. It helps secure and simplify attachment between the connected objects and the AWS cloud.
FreeRTOS comprises a kernel optimized for resource-constrained embedded systems and software libraries for connecting various types of IoT endpoints to the AWS cloud or other edge devices. AWS’s long-term support (LTS) is maintained on FreeRTOS releases for two years, which provides developers with a stable platform for deploying and maintaining their IoT devices.
The Arm TF-M firmware simplifies protecting embedded systems, including services for secure boot, secure storage, cryptography, and attestation, forming the basis of a trusted execution environment (TEE) on the device. Designed for Arm v8-M architectures, TF-M integrates readily with TrustZone on ST’s STM32U5 MCUs, which feature the Arm Cortex-M33 core.
ST’s STM32U5 MCUs target demanding IoT edge applications, featuring the advanced 160-MHz Cortex-M33 core with Arm TrustZone technology and Armv8-M mainline security extension, up to 2 MB of on-chip flash, and extreme power-saving features. With hardware cryptographic accelerators, secure firmware installation and update, and enhanced resistance to physical attacks, the MCUs have achieved PSA Certified Level-3 and SESIP 3 certifications.
In addition, their extreme energy-saving design simplifies powering the application and extends battery lifetime in remote applications. Highlights include three different stop modes that maximize opportunities to operate at the lowest possible power and ST’s batch-acquisition mode that captures peripheral data even while the core is powered down.
ST will release a version of the reference implementation based on STM32Cube tools and software in Q3 this year, which will further simplify IoT design, leveraging seamless integration with the rest of the STM32 ecosystem.
ST's Efforts with Microsoft
In a separate partnership, STMicro worked with Microsoft to spin out a Microsoft Azure IoT cloud reference implementation. The reference design integrates ST's ultra-low-power STM32U5 MCUs with Microsoft Azure RTOS & IoT middleware and a certified secure implementation of Arm TF-M services for embedded systems. The project has produced a TF-M-based, Azure IoT cloud reference implementation that leverages the hardened security features of the STM32U5 complemented with the hardened key store of an STSAFE-A110 secure element.
IoT device developers are faced with intense time-to-market pressures even as they must satisfy the highest-level security-industry standards. It's hoped that the STMicro/Microsoft effort will accelerate embedded development by increasing security as well as power efficiency and performance.
Microsoft Azure RTOS provides a comprehensive middleware package optimized for resource-constrained, connected applications such as IoT edge devices and endpoints. It combines the compact footprint of the ThreadX real-time operating system with services for memory management and connectivity, including NetX Duo IPv4/IPv6 and TLS secure socket support.
As it does in ST's collaboration with AWS, the Arm TF-M suite provides trusted services such as secure boot, secure storage, cryptography, and attestation. Architected for Arm Cortex-M processors, the TF-M suite integrates readily with ST’s STM32U5 MCUs.
Additional security features of the STM32U5 include physical-attack resistance and Arm’s TrustZone architecture that provides extra isolation for security-critical resources. The STSAFE-A110 EAL5+ certified secure element brings an authentication scheme and personalization service that enable an automated and secured attachment of connected objects to Microsoft Azure. It safely relieves the historical burden on IoT-device makers to protect secret credentials during product manufacture.
ST will release an STM32Cube-based integration of the reference implementation in Q3 2022 that will further simplify IoT-device design, leveraging tight integration with the wider STM32 ecosystem.