Okuqukethwe fihla
1 Iphakheji Yesofthiwe ye-X-CUBE-STSE01
2 Isingeniso
3 ulwazi oluvamile
4 Incazelo evamile
5 Isofthiwe yokubonisa
6 Uhlu lwamagama
7 Umlando wokubuyekeza
8 ISAZISO ESIBALULEKILE – FUNDA NGOKUQAPHELA
9 Amadokhumenti / Izinsiza
9.1 Izithenjwa

X-CUBE-LOGO

Iphakheji Yesofthiwe ye-X-CUBE-STSE01

X-CUBE-STSE-Software-Package (4)

Isingeniso

This user manual describes how to get started with the X-CUBE-STSE01 software package.
The X-CUBE-STSE01 software package is a software component that provides several demonstration codes, which use the STSAFE-A110 and STSAFE-A120 device features from a host microcontroller.
These demonstration codes utilize the STSELib (Secured Element middleware) built on the STM32Cube software technology to ease portability across different STM32 microcontrollers. In addition, it is MCU-agnostic for portability to other MCUs.
These demonstration codes illustrate the following features:

  • Authentication.
  • Secured data storage.
  • Secured usage counter.
  • Ukumatanisa.
  • Key establishment.
  • Local envelope wrapping.
  • Key pair generation.

ulwazi oluvamile

  • The X-CUBE-STSE01 software package is a reference to integrate the STSAFE-A110 and STSAFE-A120 secure element services into a host MCU’s operating system (OS) and its application.
  • It contains the STSAFE-A110 and STSAFE-A120 driver and demonstration codes to be executed on STM32 32-bit microcontrollers based on the Arm® Cortex®-M processor.
  • I-Arm inguphawu lokuthengisa olubhalisiwe lwe-Arm Limited (noma izinkampani ezingaphansi kwayo) e-US kanye/noma kwenye indawo.
  • The X-CUBE-STSE01 software package is developed in ANSI C. Nevertheless, the platform-independent architecture allows easy portability to a variety of different platforms.
  • The table below presents the definition of acronyms that are relevant for a better understanding of this document.

Isici esivikelekile se-STSAFE-A1x0

I-STSAFE-A110 ne-STSAFE-A120 ziyisixazululo esivikeleke kakhulu esisebenza njengento evikelekile enikeza ubuqiniso nezinsizakalo zokuphatha idatha kubasingathi basendaweni noma abakude. Iqukethe isisombululo esigcwele se-turnkey esinesistimu yokusebenza evikelekile esebenza esizukulwaneni sakamuva sama-microcontrollers avikelekile.
The STSAFE-A110 and STSAFE-A120 can be integrated in IoT (Internet of things) devices, smart-home, smart-city and industrial applications, consumer electronics devices, consumables and accessories. Its key features are

  • Ukuqinisekisa (kwama-peripherals, i-IoT namadivayisi we-USB Type-C®).
  • Vikela ukusungulwa kwesiteshi nomsingathi okude okuhlanganisa nokuxhawulana kwe-transport layer security (TLS).
  • Isevisi yokuqinisekisa isiginesha (vikela i-boot kanye nokuthuthukiswa kwe-firmware).
  • Ukuqapha ukusetshenziswa okunezinto zokubala ezivikelekile.
  • Ukumatanisa nesiteshi esivikelekile nesicubunguli sohlelo lokusebenza.
  • Ukugoqa kanye nokuqaqa izimvilophu zokusingatha zendawo noma ezikude.
  • Ukupheqa kokhiye ku-chip.

Incazelo ye-STSecureElement Library (STSELib).

Lesi sigaba sichaza okuqukethwe kwephakheji ye-STSELib middleware kanye nendlela yokuyisebenzisa.

Incazelo evamile

I-STSELib middleware iyisethi yezingxenye zesofthiwe eziklanyelwe:

  • xhumanisa idivayisi yesici evikelekile ye-STSAFE-A110 kanye ne-STSAFE-A120 ene-MCU.
  • sebenzisa izimo zokusetshenziswa ezijwayelekile kakhulu ze-STSAFE-A110 kanye ne-STSAFE-A120.
  • I-STSELib middleware ihlanganiswe ngokugcwele ngaphakathi kwamaphakheji e-ST njengengxenye ye-middleware ukwengeza izici ezivikelekile.
  • I-STSELib middleware inikeza isethi ephelele yezinga eliphezulu lemisebenzi ye-Application Programming Interface kumthuthukisi wesistimu eshumekiwe. Le Middleware iveza ukwakheka nokulandelana kwemiyalo edingekayo ukuze kuqinisekiswe idivayisi, izisetshenziswa nokuvikelwa komkhiqizo okusebenzisekayo kusetshenziswa i-STMicroelectronics STSAFE-Umndeni wesici esivikelekile.
  • Le middleware ivumela ukuhlanganiswa okungenamthungo kwe-STSAFE-A eyodwa noma eziningi ku-MCU/MPU ecosystem ehlukahlukene yokusingatha.
  • Bheka kumanothi okukhishwa atholakala kufolda yempande yephakheji ukuze uthole ulwazi mayelana nezinguqulo ze-IDE ezisekelwayo.

Izakhiwo
I-STSELib middleware inamamojula amathathu esoftware njengoba kuboniswe esithombeni esingezansi. Isendlalelo ngasinye sihlinzeka ngezinga elihlukile lokukhishwa kwesistimu kumthuthukisi wesistimu eshumekiwe.

X-CUBE-STSE-Software-Package (2)

Isibalo esingezansi sibonisa i-STSELib middleware ehlanganiswe kuhlelo lokusebenza olujwayelekile lwe-STM32Cube, olusebenza ebhodini lokunweba le-X-NUCLEO-SAFEA1 noma i-X-NUCLEO-ESE01A1 elifakwe ebhodini le-STM32 Nucleo.

Umfanekiso 2. X-CUBE-STSE01 umdwebo webhulokhi lesicelo

X-CUBE-STSE-Software-Package (3)

Ukuze unikeze i-hardware engcono kakhulu nokuzimela kweplatifomu, i-middleware ye-STSELib ayixhumekile ngokuqondile ku-STM32Cube HAL, kodwa ngokusebenzisa isixhumi esibonakalayo. files isetshenziswa ezingeni lesicelo

  • Isendlalelo se-Application Programming Interface (API).
    Lesi sendlalelo sesofthiwe indawo yokungena yohlelo lokusebenza. Ihlinzeka ngesethi yemisebenzi yezinga eliphezulu evumela ukusebenzisana ne-STMicroelectronics Secure Elements. Isendlalelo se-Api sihlinzeka ngokufushanisa kuhlelo lokusebenza oluhlukile njengokuphathwa kwe-Secure Element, Ukuqinisekisa, Isitoreji Sedatha, Ukuphathwa Kokhiye.
  • Isendlalelo sesevisi
    Isendlalelo se-SERVICE sinikeza isethi yamasevisi omkhiqizo afometha yonke imiyalo esekelwa into evikelekile eqondiwe futhi ibike impendulo kuzindlalelo eziphezulu ze-API/Application. Lesi sendlalelo singasetshenziswa ngokuqondile kuhlelo lokusebenza (kumsebenzisi othuthukile).
  • Isendlalelo esiyinhloko
    Iqukethe incazelo ejwayelekile ye-ST Secure Element kanye nemisebenzi yokuxhumana nento evikelekile eqondiwe.
    Isendlalelo esiyinhloko siphatha uhlaka lwemilayezo futhi sihlinzeka ngokufinyezwa kweplathifomu yezendlalelo ezingenhla.

Isakhiwo sefolda
Isibalo esingezansi sibonisa isakhiwo sefolda ye-X-CUBE-STSE01.

X-CUBE-STSE-Software-Package (4)

Isofthiwe yokubonisa

Lesi sigaba sibonisa isofthiwe yokubonisa esekelwe ku-STSELib middleware.

Ukuqinisekisa
This demonstration illustrates the command flow where the STSAFE-A110/STSAFE-A120 is mounted on a device that authenticates to a remote host (IoT device case), the local host being used as a pass-through to the remote server.
The scenario where the STSAFE-A110/STSAFE-A120 is mounted on a peripheral that authenticates to a local host, for exampi-le yemidlalo, izesekeli zeselula noma izinto ezidlekayo, iyafana ncamashi.
Ngezinjongo zokubonisa, abasingathi basendaweni nabakude bayidivayisi efanayo lapha.

  1. Extract, parse and verify the STSAFE-A110/ STSAFE-A120’s public certificate stored in the data partition zone 0 of the device in order to get the public key:
    • Read the certificate using the STSELib middleware through the STSAFE-A110/STSAFE-A120’s zone 0.
    • Parse the certificate using the cryptographic library’s parser.
    • Read the CA certificate (available through the code).
    • Parse the CA certificate using the cryptographic library’s parser.
    • Verify the certificate validity using the CA certificate through the cryptographic library.
    • Get the public key from the STSAFE-A110/STSAFE-A120 X.509 certificate.
  2. Generate and verify the signature over a challenge number:
    • Generate a challenge number (random number).
    • Hash the challenge.
    • Fetch a signature over the hashed challenge using the STSAFE-A110/ STSAFE-A120 private key slot 0 through the STSELib middleware.
    • Parse the generated signature using the cryptographic library.
    • Verify the generated signature using the STSAFE-A110/STSAFE-A120’s public key through the cryptographic library.
    • When this is valid, the host knows that the peripheral or IoT is authentic.

Ukumatanisa (Ukuhlinzekwa Kokhiye Wokusingatha)
Le khodi example establishes a pairing between an device and the MCU it is connected to. The pairing allows the exchanges between the device and the MCU to be authenticated (that is, signed and verified). The STSAFE-A110 device becomes usable only in combination with the MCU it is paired with.
The pairing consists of the host MCU sending a host MAC key and a host cipher key to the STSAFE-A110 Both keys are stored to the protected NVM of the STSAFE-A110 and should be stored to the flash memory of the STM32 device.
By default, in this example, the host MCU sends well-known keys to the STSAFE-A110 (see command flow below) that are highly recommended to use for demonstration purposes. The code also allows the generation of random keys.
Moreover, the code example generates a local envelope key when the corresponding slot is not already populated in the STSAFE-A110. When the local envelope slot is populated, the STSAFE-A110 device allows the host MCU to wrap/unwrap a local envelope to securely store a key on the host MCU’s side.
Note: The pairing code example kumele isetshenziswe ngempumelelo ngaphambi kokusebenzisa yonke ikhodi elandelayo exampLes.

Ukugeleza komyalo

  1. Generate the local envelope key in the STSAFE-A110 using the STSELib middleware.
    By default, this command is activated
    Lokhu kusebenza kwenzeka kuphela uma isikhala sikakhiye wemvilophu yasendaweni ye-STSAFE-A110 singakagcwaliswa.
  2. Define two 128-bit numbers to use as the host MAC key and the host cipher key.
    By default, golden known keys are used. They have the following values:
    • Host MAC key
      0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF
    • Host Cipher Key 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF,0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF
  3. Store the host MAC key and the host cipher key to their respective slot in the STSAFE-A110/STSAFE-A120.
  4. Store the host MAC key and the host cipher key to the STM32’s flash memory.

Ukusungulwa okungukhiye (ukhiye we-Symmetric AES-128 CMAC)
Lo mboniso ubonisa isimo lapho idivayisi ye-STSAFE-A110 ifakwe khona kudivayisi (efana nedivayisi ye-IoT), exhumana neseva ekude, futhi idinga ukusungula isiteshi esivikelekile ukuze ishintshisane ngedatha nayo.
Kulesi example, idivayisi ye-STM32 idlala indima yakho kokubili iseva yesilawuli kude (umsingathi wesilawuli kude) kanye nomsingathi wasendaweni oxhunywe kudivayisi ye-STSAFE-A110.
Umgomo walesi simo sokusebenzisa ukukhombisa indlela yokusungula imfihlo eyabiwe phakathi komsingathi wasendaweni kanye neseva ekude kusetshenziswa i-elliptic curve Diffie-Hellman scheme enokhiye omile (ECDH) noma we-ephemeral (ECDHE) ku-STSAFE-A110
Imfihlo okwabelwana ngayo kufanele iphinde ithathwe kukhiye oyedwa noma ngaphezulu osebenzayo (akuboniswanga lapha). Laba okhiye bokusebenza bangasetshenziswa kuzivumelwano zokuxhumana ezifana ne-TLS, isiboneloample yokuvikela ubumfihlo, ubuqotho kanye nobuqiniso bedatha eshintshisana phakathi komsingathi wendawo kanye neseva ekude.

Ukugeleza komyalo
Umfanekiso 4. Ukugeleza komyalo wokusungula ukhiye ubonisa ukugeleza komyalo:

  • Okhiye bosokhaya berimothi abayimfihlo nabasesidlangalaleni banekhodi eqinile kukhodi example.
  • The local host sends the Generate Keypair command to the STSAFE-A110/STSAFE-A120 to generate the key pair on its ephemeral slot (slot 0xFF).
  • The STSAFE-A110 sends back the public key (which corresponds to slot 0xFF) to the STM32 (representing the remote host).
  • The STM32 computes the remote host’s secret (using the STSAFE device’s public key and the remote host’s private key).
  • The STM32 sends the remote host’s public key to the STSAFE-A110/STSAFE-A120 and asks the STSAFE-A110/STSAFE-A120 to compute the local host’s secret using the API.
  • I-STSAFE-A110/ STSAFE-A120 ibuyisela imfihlo yosokhaya wasendaweni ku-STM32.
  • The STM32 compares the two secrets and prints the result. If the secrets are the same, the secret establishment is successful.

X-CUBE-STSE-Software-Package (1)

Goqa/qaqa izimvilophu zendawo

  • This demonstration illustrates the case where the STSAFE-A110/STSAFE-A120 wraps/unwraps the local envelope in order to securely store a secret to any non-volatile memory (NVM).
  • Encryption/decryption keys can be securely stored in that manner to additional memory or within the STSAFE-A110/STSAFE-A120’s user data memory.
  • The wrapping mechanism is used to protect a secret or plain text. The output of wrapping is an envelope encrypted with an AES key wrap algorithm, and that contains the key or plain text to be protected. Command flow
  • The local and remote hosts are the same device here.
  1. Generate random data assimilated to a local envelope.
  2. Wrap the local envelope using the STSELib middleware API.
  3. Store the wrapped envelope.
  4.  Unwrap the wrapped envelope using the STSELIB middleware.
  5.  Compare the unwrapped envelope to the initial local envelope. They should be equal.

Ukukhiqiza okubili okubalulekile
Lo mboniso ubonisa ukugeleza komyalo lapho idivayisi ye-STSAFE-A110/STSAFE-A120 ifakwe khona kumsingathi wendawo. Umsingathi wesilawuli kude ucela lo msingathi wasendaweni ukuthi enze ipheya yokhiye (ukhiye oyimfihlo nokhiye osesidlangalaleni) ku-slot 1 bese asayinda inselele (inombolo engahleliwe) ngokhiye oyimfihlo okhiqiziwe.
Umsingathi wesilawuli kude uzokwazi ukuqinisekisa isiginesha ngokhiye osesidlangalaleni okhiqiziwe.
Lokhu kuboniswa kuyafana nokuboniswa kobuqiniso okunokwehluka okubili:

  • Ipheya eyinhloko ekubonisweni kobuQinisekisa isivele yenziwe (ku-slot 0), kanti, kule ex.ample, we generate the key pair on slot 1. The STSAFE-A110/STSAFE-A120 device can also generate the key pair on slot 0xFF, but only for key establishment purposes.
  • The public key in the Authentication demonstration is extracted from the certificate in zone 0. In this example, the public key is sent back with the STSAFE-A110/STSAFE-A120 response to the Generate Keypair command.

Ukugeleza komyalo
Ngezinjongo zokubonisa, abasingathi basendaweni nabakude bayidivayisi efanayo lapha.

  1. The host sends the Generate Keypair command to the STSAFE-A110/STSAFE-A120 which sends back the public key to the host MCU.
  2. The host generates a challenge (48-byte random number) using the Generate Random API. The STSAFE-A110 sends back the generated random number.
  3. The host computes the hash of the generated number using the cryptographic library.
  4. The host asks the STSAFE-A110/STSAFE-A120 to generate a signature of the computed hash using the
    Generate Signature API. The STSAFE-A110/ STSAFE-A120 sends back the generated signature.
  5. The host verifies the generated signature with the public key sent by the STSAFE-A110/ STSAFE-A120 in step 1.
  6. The signature verification result is printed.

Uhlu lwamagama

Isifinyezo Incazelo
I-AES Izinga Lokubethela Elithuthukisiwe
I-ANSI I-American National Standards Institute
I-API Isixhumi esibonakalayo sohlelo lokusebenza
I-BSP Iphakethe losekelo lwebhodi
CA Igunya Lokunikeza Izitifiketi
CC Imibandela Ejwayelekile
C-I-MAC Ikhodi yokuqinisekisa yomlayezo womyalo
ECC I-cryptography yejika le-elliptic
ECDH Elliptic curve Diffie–Hellman
ECDHE Elliptic curve Diffie–Hellman – ephemeral
I-EWARM IAR Embedded Workbench® for Arm®
HAL Isendlalelo se-Hardware abstraction
I/O Okokufaka/okuphumayo
I-IAR Systems® World leader in software tools and services for embedded systems development.
I-IDE Indawo yokuthuthukisa edidiyelwe. Uhlelo lokusebenza lwesofthiwe oluhlinzeka ngezinsiza eziphelele kubahleli bezinhlelo zekhompyutha ukuze kuthuthukiswe isofthiwe.
I-IoT I-inthanethi yezinto
I²C I-Inter-integrated circuit (IIC)
LL Abashayeli bezinga eliphansi
I-MAC Ikhodi yokuqinisekisa umlayezo
I-MCU Iyunithi ye-Microcontroller
I-MDK-ARM Keil® microcontroller development kit for Arm®
I-MPU Iyunithi yokuvikela inkumbulo
I-NVM Inkumbulo engaguquki
OS Isistimu esebenzayo
SE Isici esivikelekile
SHA Vikela i-algorithm ye-Hash
I-SLA Isivumelwano selayisensi yesofthiwe
ST I-STMicroelectronics
I-TLS Ukuphepha Kwezendlalelo Zokuthutha
I-USB Ibhasi le-Universal Serial

Umlando wokubuyekeza

Usuku Buyekeza Izinguquko
23-Juni-2025 1 Ukukhishwa kokuqala.

ISAZISO ESIBALULEKILE – FUNDA NGOKUQAPHELA

  • I-STMicroelectronics NV nezinkampani ezingaphansi kwayo (“ST”) igodla ilungelo lokwenza izinguquko, ukulungisa, izithuthukisi, ukuguqulwa, nokuthuthukiswa kwemikhiqizo ye-ST kanye/noma kulo mbhalo nganoma yisiphi isikhathi ngaphandle kwesaziso. Abathengi kufanele bathole ulwazi lwakamuva olufanele ngemikhiqizo ye-ST ngaphambi kokufaka ama-oda. Imikhiqizo ye-ST ithengiswa ngokulandela imigomo nemibandela ye-ST yokuthengisa ekhona ngesikhathi sokuvunywa kwe-oda.
  • Abathengi banomthwalo wemfanelo kuphela ekukhetheni, ekukhethweni, nasekusetshenzisweni kwemikhiqizo ye-ST futhi i-ST ayithathi sikweletu sosizo lwesicelo noma idizayini yemikhiqizo yabathengi.
  • Ayikho ilayisensi, eshiwo noma eshiwoyo, kunoma yiliphi ilungelo lempahla yengqondo elinikezwa i-ST lapha.
  • Ukudayiswa kabusha kwemikhiqizo ye-ST nezinhlinzeko ezihlukile kulwazi olubekwe lapha kuzovala noma yisiphi isiqinisekiso esinikezwe i-ST salowo mkhiqizo.
  • Ilogo ye-ST kanye ne-ST yizimpawu zokuthengisa ze-ST. Ukuze uthole ulwazi olwengeziwe mayelana nezimpawu zokuthengisa ze-ST, bheka ku www.st.com/trademarks. Wonke amanye amagama omkhiqizo noma wesevisi ayimpahla yabanikazi abafanele.
  • Ulwazi olukule dokhumenti luthatha indawo futhi luthatha indawo yolwazi olwalunikezwe ngaphambilini kunoma yiziphi izinguqulo zangaphambili zalo mbhalo.
  • © 2025 STMicroelectronics – Wonke amalungelo agodliwe

Amadokhumenti / Izinsiza

Iphakheji Yesofthiwe ye-ST X-CUBE-STSE01 [pdf] Imaniwali yosebenzisayo
I-X-CUBE-STSE01 Iphakheji Yesofthiwe, Iphakheji Yesofthiwe, Isofthiwe

Izithenjwa

Shiya amazwana

Ikheli lakho le-imeyili ngeke lishicilelwe. Izinkambu ezidingekayo zimakiwe *