Trusted products and services for embedded security. Join-us on Linkedin

ProvenRun at SIDO 2022

ProvenRun will be exhibiting on the STMicroelectronics pavilion. We will showcase our solutions for the IoT market and how we can help customers resolve their security challenges. Come and meet us:

14 – 15 September 2022
Cité Internationale – Lyon – France
booth W212

A partnership to enable a sound and strong IoT ecosystem

If you’re coming to SIDO in Lyon, don’t miss the opportunity to visit the STMicroelectronics booth. ST Experts and several Authorized partner will be delighted to answer your questions and tell you more about integrated solution addressing AI, connectivity and security for the IoT. Take a look at what we have prepared for you:

Secure Firmware Update Over-The-Air: Demonstration

Firmware update is a must, but needs also to be secured.

Many firmware update solutions are insecure because they rely on agents running in the same address space as the underlying Rich OS (Android, Linux, etc).  They are therefore vulnerable to the large numbers of local and remote attacks that affect Rich OSs, which makes it impossible to trust the authenticity and confidentiality of the firmware update package.

Our solution to harden the security of the firmware update is to relies on the use of a secure OS. It provides a secure execution environment that is protected from attacks that can be perform from the Rich OS, to make sure that the firmware of the device stays authentic and cannot be downgraded.

Hardware description

Board

  • STM32MP157F-EV1 from STMicroelectronics

Processor

  • STM32mp1
    • 2x Cortex-A7 @ up to 800 MHz
      • L1 32-Kbyte I / 32-Kbyte D for each core
      • 256-Kbyte unified level 2 cache
      • Arm® NEON™ and Arm® TrustZone®
    • 1x Cortex-M4 @ 209 MHz

Memory

  • External DDR memory up to 1 Gbyte
    • up to LPDDR2/LPDDR3-1066 16/32-bit
    • up to DDR3/DDR3L-1066 16/32-bit
  • 708 Kbytes of internal SRAM:
  • Dual mode Quad-SPI memory interface
  • Flexible external memory controller with up to 16-bit data bus

Security

  • Secure boot, TrustZone® peripherals, active tamper
  • Cortex®-M4 resources isolation
  • 3072-bit fuses including 96-bit unique ID, up to 1184-bit available for user

Hardware acceleration

  • AES 128, 192, 256, TDES
  • HASH (MD5, SHA-1, SHA224, SHA256), HMAC
  • 2 × true random number generator (3 oscillators each)
  • 2 × CRC calculation unit

Acceleration/Connectivity

  • 3D Graphic Processing Unit
  • 3 DMA controllers to unload the CPU
  • Up to 176 I/O ports with interrupt capability
    • Up to 8 secure I/Os
    • Up to 6 Wakeup, 3 tampers, 1 active tamper
  • Up to 37 communication peripherals
  • 6 analog peripherals
  • Up to 29 timers and 3 watchdogs

Software description

TEE / Secure OS


Rich OS

  • STM32 MPU OpenSTLinux

Update Server

  • VPN and Python-based HTTP server (Raspberry Pi)

Secure FOTA overview

STMicro’s STM32mp1 microprocessor features trustZone technology, which allows the creation and isolation of two execution environments: The normal world where openSTLinux is executed for the user part, and the secure world where ProvenCore is used to host the security critical services. In this demo we used ProvenCore to significantly harden the security of the firmware update service, by migrating part of the firmware update functionality in the secure world of the TrustZone.

We secure the communication with the remote server containing the updates, opening a VPN connection and guaranteeing the confidentiality of the keys by managing them in the secure world. We also guarantee the integrity of the update by performing the verification in a dedicated secure service. This way, even if the rich environment is corrupted, there is no way for the attacker to download and install malware.

We can achieve different levels of protection depending on your needs, from protecting the integrity of the software to ensuring the availability of the update service.

Workshop (in French):

Face aux enjeux de sécurité et de protection des données des objets connéctés, états des lieux des solutions récentes les mieux adaptées pour une application donnée

Ensuring the security of connected objects and the protection of the data they exchange is becoming a vital issue for many companies. The loss of control of an object, the leakage of private data, can quickly lead to dramatic consequences on the credibility of a product or a service offer. Together, manufacturers of connected objects, suppliers of software solutions, suppliers of hardware solutions and electronic components, we will discuss the latest solutions that allow us to size and implement effective security countermeasures and adapted to a given application

Speaker

Frédéric Piller (Lacroix)
Thierry Crespo (STMicroelectronics)
Laurent Deny (STMicroelectronics)
Eric Faure (ProvenRun)


When

September 14, at 1:00 PM CEST (45 min)


Where

Salle Workshop Ouest

Your contacts for the SIDO

Jerome Bring

Director – Global Sales & Business Development
jerome.bring@provenrun.com

Eric Faure

Global Field Engineering Manager
eric.faure@provenrun.com