Secure by design - empowering compliance through secure embedded solutions

Security integration is becoming a core design requirement and critical to identifying aspects early in the design development cycle. Increasing regulations, particularly the EU Cyber Resilience Act (CRA) is putting a focus on cybersecurity requirements for digital products. It is important to be famliar with embedded security standards for hardware and software solutions to mitigate risk and vulnerabitlities throughout a product's lifecycle.

STMicroelectronics provides a comprehensive portfolio of secure microcontrollers, MPUs, and security frameworks designed to simplify compliance with global regulations like the CRA. ST's secure MCU ecosystem enables engineers to build secure-by-design architectures, accelerate certification, and reduce time-to-market while navigating CRA compliance with confidence.

  • Hardware
  • Software
  • Development Security Op
  • Certification Readiness

Security-enabled hardware for every application

STM32H5 Series Arm® Cortex®-M33-Based MCUs

Secure Manager featuring Secure Boot, TrustZone, crypto accelerators, lifecycle management

STM32N6 Series MCUs

Neural-ART Accelerator™ for power-efficient edge AI applications with 600 GOPS of processing

STM32H7R7/S7 Bootflash MCU

Scalable and secure bootflash microcontroller is designed for industrial, medical, and consumer applications

STM32L5 Ultra-Low-Power Microcontrollers

Ultra-low-power microcontrollers add security with Arm® Cortex®-M33 and TrustZone®

STM32U0 Microcontrollers

Contributes to a more sustainable approach

STM32U5 Series Ultra-Low-Power MCUs

Power-saving MCUs meet the most demanding power/performance requirements for smart applications

STM32U3x5 Series Ultra-Low-Power Embedded MCUs

ULP products increase battery lifetime in activity tracking devices

STM32WBA 32-Bit MCU Wireless Series

Wireless MCU brings designers the performance, efficiency, and security required for Bluetooth® Low Energy 5.3

STM32MP25 Second-Generation Application Processors

Second-generation STM32 microprocessors enable secure computing and advanced edge AI

STSAFE-A110 Secure Element for Brand Protection

Optimized secure element provides services for authentication and secure connections

STSAFE-A120 Secure Authentication Companion

Secure authentication companion devices are designed for consumables, accessories, and connected objects

Simplify development with STM32Trust Ecosystem & Security Frameworks

STM32Trust Ecosystem

  • Full suite of security libraries, middleware, and design resources
  • Enables easy integration of secure boot, firmware update, and isolation
  • Framework for CRA-ready design
  • Set of security services
  • Access to qualified partners

STM32Trust

ST Partner Program

Secure boot and Secure firmware update

Product Security Functions and Regulations

STM32Trust software security policies

STM32TRUSTEE-SM - Secure manager embedded software for STM32Cube

Secure Firmware Components

  • SBSFU (Secure Boot & Secure Firmware Update)
  • SFI (Secure Firmware Installation)
  • Cryptographic library

X-CUBE-SBSFU - Secure boot & secure firmware update software expansion for STM32Cube

STM32HSM for Secure Programming

X-CUBE-SFI - Secure Firmware Install demonstration software package and tools

X-CUBE-CRYPTOLIB - STM32 cryptographic firmware library software expansion for STM32Cube

STM32TRUSTEE-SM - Secure manager embedded software for STM32Cube

Secure OTA Update Stack

  • SBSFU (Secure Boot & Secure Firmware Update)
  • True RNG, PKA, AES, TrustZone, HUK, dual-bank updates

X-CUBE-SBSFU - Secure boot & secure firmware update software expansion for STM32Cube

Secure boot and Secure firmware update

STM32TRUSTEE-SM - Secure manager embedded software for STM32Cube

Software Compliance

  • Secure Development Lifecycle
  • SBOM generation
  • License tracking
  • Vulnerability reporting

STM32Trust software security policies

Security:STM32 Software security policies Q&A

Integrated Secure Development Lifecycle

Security is a priority at every stage of product development. Building security from the start includes assessing risks, secure coding practices, and regular security testing. The result? To mitigate vulnerabilities early for robust, reliable protection in your design needs.

Security Development Lifecycle Management

Secure Development Best Practice

Software Security Assurance

Pre-certified solutions to accelerate CRA/RED/NIST compliance and reduce risk

Design for security continues throughout the development process to ensure products and processes meet recognized international security frameworks and certification requirements. This proactive approach of certification readiness enables customers to integrate ST products into secure applications with confidence.

Security Assurance

Mulitple certification scheme

  • EAL5+ - STSAFE secure elements supported by STM32Trust are Common Criteria EAL5+ certified
  • FIPS, and CAVP, ESV - ST products are certified under FIPS standards (like FIPS 140-2 and the new FIPS 140-3), having their algorithms validated through CAVP, and their entropy sources tested via the Entropy Source Validation (ESV) program
  • SESIP defined by Global Platform
  • PSA (Platform Security Assurance) defined by Arm SESIP

Cryptographic Algorithm Validation Program

CAVP Testing: Random Number Generators

SESIP Certificates - TrustCB

PSA Certified Products

Regulation & Conformance

STM32Trust centralizes security and compliance resources to offer a clear path for developers to enter regulated markets.

STM32Trust

Documentation and support for worldwide regulated markets.

Security regulations

FAQs

The Cyber Resilience Act (CRA) is crucial for embedded systems as it introduces horizontal cybersecurity requirements for all products with digital elements in the EU market. It mandates manufacturers to improve security from the design phase through the entire lifecycle, including updates and vulnerability handling. Embedded systems, often integral to IoT and critical infrastructure, must comply with these requirements to ensure resilience against cyber threats. The CRA also provides pathways for compliance, such as certification schemes like EUCC, harmonized standards, and conformity assessments. By addressing cybersecurity risks, the CRA enhances transparency, security, and trust in embedded systems[.

There is no formal method to pre-certify products for CRA compliance at this time. Multiple application standards and harmonized standards are currently being developed to enable device manufacturers to achieve full compliance.

With decades of security expertise, a secure development process in place, a global security assurance program, and a wide range of STM32 and STSAFE products at the top of security levels, ST is well-positioned to prepare its products for CRA compliance on a large scale.

Within the STM32 Developer zone, the most comprehensive and free-of-charge ecosystem of solutions for developers, users can access the complete portfolio of devices, hardware and software development tools, the broadest range of examples and embedded software, the latest security features, as well as artificial intelligence and wireless solutions.

ST offers a set of essential security functions for each STM32 product, implemented in hardware or software, along with security services supported by security assurance.

In addition to providing the highest level of security available on the market today, STSAFE enables manufacturers to enhance their security with several use cases, such as attestation, key vault, secure update, and root of trust. STSAFE also offers key provisioning services, significantly simplifying secure manufacturing processes.

To assist developers, a wide range of qualified ST partners are available.

Resources

How and Why Microcontrollers Can Help Democratize Access to Edge AI

Match Application Requirements More Effectively with Highly Integrated Arm® Cortex® MCUs

Let’s Talk Technical: Embedded Security and the Cyber Resilience Act

Videos