 Hello and welcome to this presentation of the STM32U5 Security Certification. STM32U5 is PSA Certified Level 3 and CSIP Level 3 passing tests for logical, bored and basic physical resistance that confirm a substantial level of cyber protection. PSA Level 3 stands for Platform Security Architecture Level 3. It establishes trust through a multi-level assurance program for chips containing a security component called PSA Root of Trust that provides trusted functionality to the platform. The multi-level scheme has been designed to help device makers and businesses get the level of security they need for their use case. CSIP Level 3 stands for Security Evaluation Standard for IoT Platforms. The CSIP, published by Global Platform, defines a standard for trustworthy assessment of the security of the IoT platforms such that this can be reused in fulfilling the requirements of various commercial product domains. CSIP Assurance Level 3, CSIP 3, is a traditional white box vulnerability analysis. The evaluation is structured around a time-limited source code analysis combined with a time-limited penetration testing effort. The STM32U5 is also compliant with Arm Trusted Based System Architecture, or TBSA, requirements and features of the Arm V8M Trust Zone technology that enable robust levels of protection at all cost points for IoT devices. The technology reduces the potential for attack by isolating the critical security firmware, assets and private information from the rest of the application. The security certification brings a lot of benefits. Allows ST to progress and strengthen its expertise through standard certification procedures, proves the security robustness of the STM32, gains the confidence of customers dealing with security and eases the certification process, establishes the STM32 as a reference in terms of security features in the IoT security world. To pass PSA Level 3 and CC Level 3 certifications, the STM32U5 embeds multiple security features, general-purpose cryptographic acceleration, secure storage, secure firmware installation and secure boot. The secure AES 256-bit security coprocessor supports side-channel countermeasures and mitigations. The STM32U5 features a non-chip enhanced storage technology using hardware-secret non-volatile unique keys and application-defined Volatile hardware-secret key. You can refer to the presentation entitled Keystore. The battery-powered Volatile secure storage is automatically erased in the case of TAMPA. You can refer to the presentation entitled Antitamp. Multiple hardware protection mechanisms can be used to protect the contents of the flash memory. Readout protection, secure hide protection and write protection. The scope for a PSA Certified Level 3 security evaluation or target of evaluation or TOE is the combination of the hardware and firmware components supporting a device compliant with PSA certified specifications. The platform components that are in the scope of the security evaluation are PSA-updatable route of trust such as software isolation framework protecting more trusted software from less trusted software. This is based on generic services such as binding, initial attestation, generate cryptographic services, firmware update validation. PSA-immutable route of trust for example boot ROM, root secrets and IDs, isolation hardware, security lifecycle management and enforcement. This component cannot be updated. Trusted subsystems used by the PSA route of trust such as security subsystems, trusted peripherals which include both hardware and software components are also in the scope of evaluation. The STM32U5 certification relies on the STM32 hardware and the software framework. This software framework is based on trusted firmware for Cortex-M or TFM and ST secure boot and a secure firmware update solution also called SBS-FU. Trust zone on the STM32U5 includes more granular levels by combining trusted and privileged environments. For instance, the firmware will most likely be in a trusted and privileged environment while the sensitive part of an application will execute in a trusted but non-privileged area and common programs stay in non-trusted and non-privileged systems. The modularity makes it easier to protect sensitive code in the case of an intrusion in one of the less secure environments. Thank you for attending this presentation.