 Hello, my name is Tim the concert product marketing engineer and today I'll be discussing our new addition to the FCM 32 family our SM 32 L 5 which continues a low power footprint with enhanced security features This is our first SM 32 based on Cortex and 33 which includes trust zone harvest great features Which will highlight a bit later the L 5 continues a low power DNA of our SM 30 family and adding a bit more DMS on my performance increase in comparison to our standard Cortex M4 To get a better view of the device Let's start off with a block diagram of the new STM 32 L 5 as Mentioned before this device embeds on new Cortex M33 with up to 512 kb dual-bank flash and 256 kbs RAM The L 5 has a rich features Spending with connectivity portion. We're offering new USB type-c and PD part of the support Can FD and not to spy while still supporting standard features such as I2C spy and use art As for the encryption block we are added features such as private key authentication Along with on-the-fly decryption, which I'll highlight and go deeper later Yeah, long front is quite extensive Which we're offering to ADC blocks and are available with dual competitors and op-amps Timers on the L 5 is quite extensive as we support various functions such as compare capture PWM and can be easily cascaded with one other For the L 5 we're offering seven device packages total Santa Packers such as the LTFP Qfm and BGA will be available one mass market customers Customers will develop in design with a very strict size constraint away from level to scale package or WLCS P Will be made be made available with a point four millimeter pitch In addition crypto and non-crypto version of guys will be made available to the public Continuing on with the low power footprint. I wanted to highlight the power modes of the SN2205 device Here's a breakdown of various power modes and the respective consumption numbers The device can support up to 110 megabytes operating frequency while consuming just 60 micrograms for memories I also wanted to highlight our stop mode which offers the largest number of WLCS sources over the SM block will retain With the consumption of just three micrograms As with our previous types the lower power state you are into the less WLCS are available in your application In addition, please find the associated WLCS time for each of the low power modes to the left of the graph Now we'll be doing a deep dive in the specific IPs or peripherals that have been improved on the SM32 L5 First we will start on the SM32 L5 system architecture and peripherals The SM32 L5 increased performance is highlighted by the 8k iCache which is brand new to L5 architecture The SM32 L5 allows for quite a bit of remapping logic of either external or internal memory which can be cached as well Want to highlight the diagram below? It shows the bus measures of each of the bus master's delays that can interface one other to the associated data path Next up we'll be discussing the new on-the-fly decryption or OTF DEC which is a new feature on our L5 microcontroller In certain use cases applications use external flash to either store data or extend the program memory code These external flash devices can be easily moved and soldered to new boards to be read out or Exposed connectivity signals can be programmed to be found We highly recommend that data on external flash are fully encrypted to prevent data lines to be spied and read out However, you're keeping data in an application increasing the access and latency time The SM32 L5 and its on-the-fly decryption sit right above the octaspi peripheral This allows data and or code to be read and decrypted almost simultaneously with very little or low latency There are no wasted cycles that have Decrypting data and rewriting to the flash After the on-the-fly decryption is set up and initialized Weed or fetch instructions from external flash are completely transparent from the MCU core The user will use the on-the-fly decryption through several use cases in the development cycle First in their own facility you should be able to send the firmware or data to external flash from the SM32 non-encrypted Second at the subcontractor or CM the user can now send encrypted firmware data to the external flash to the SM32 The user now can then decide to decrypt the device You can send alias via the on-the-fly decryption or through a simple dongle Continuing on with this enhanced security features over SM32 L5 I will now be discussing a new PKA or public key accelerator IP PKA on the SM32 L5 is a new IP that is able to accelerate private key authentication which greatly reduces CPU processing time PKA supports many security standards such as NIST and IEEE which are widely used in today's market PKA has a huge application benefits in particular when a device is fully connected to the internet EL5 and the PKA Portable can be used to establish a secure communication channel from one node to server Provide integrity and authentication via electronic signatures Please find the table of the private key authenticator processing time on the SM32 L5 Operations like modular explorer operations and ECDSA verification are highlighted here The table shows the respective computational time in milliseconds depending on the operand length Continuing on with our security features on the SM32 L5 Let's take a look at the new tamper features of the microcontroller Originally the passive tamper pins simply check the static level of the device pins The active tamper pins allow for more comprehensive check Continuously sending out a random pattern to the tamper pins, which is then generated by the internal random number generator This can also detect long parents of zeros and or ones Impending on the software configuration time This is an overview of the tamper IP block which includes eight external tamper pins and 16 internal tamper detection sources The external tamper pins can be configured for edge detection or leveled section with or without filtering Or active tamper, which increases the free level by auto checking that the tamper pins are not externally open or short Any tamper detection can generate an RTC time generated In addition any tamper detection can be can erase the backup measures, which are retained in low power modes Next I want to discuss the new power control architecture that is new for the SM32 L5 Here we have a snapshot of the current power architecture of the SM32 L4 family Here we have five different VDD rails supporting various domains Wanted to highlight the VDD and digital lane which takes in this 1.7 volt to 3.6 VDD and powers the standby circuitry clocks and internal voltage regulator The internal regulator in turn powers the core device and flash through the V core rail For the SM32 L5 There is a built-in SMPS step-down converter, which is a highly power efficient DC-DC non-linear switcher That improves greatly the low power performance when the VDD voltage level is high enough The SMPS step-down converter can be switched in bypass mode at any time by the application software The SMPS block does require a few external points, which illustrated in the circuitry below The pinouts for the SMPS inputs are available on certain packages of the SM32 L5 The SM32 L5 has two internal multirators The main regulator is used for active, sleep, and stop zero modes while the low power regular is activated for low power run, low power sleep, and stop one and two along the standby As mentioned before, the V-Bat rail can be used to keep the RTC alive along with preserving a few backup measures The V-Bat can be powered by either an external battery or an external supercap With the L5, depending on the user's output frequency requirement, the main regulator can be configured up to three voltage ranges to the VLS bits in the power control register As you can see, the higher output frequency, the higher output voltage, the main regulator is needed from 1.0 all the way up to 1.28 volts Now, we will discuss in greater detail the trust zone architecture, which is unique to the Cortex M33 core on our L5 device With the L5, the security architecture is based on ARM V8 main extensions When the trust zone is enabled, there are two specific units that are able to define permissions on whether they are secure and non-secure The first is the SAU, the security attribution unit And the second is the IDAU, the implementation defining attribution unit With the STM-32L5 and trust zone fully activated, the big difference between a secure peripheral and trust zone aware peripheral is that the secure peripheral has a firewall gate that prevents and protects communication from other parts of the L5 device Here is a breakdown on all trust zone aware peripherals and how they are connected in the bus measures via APB or HXG buses All other remaining peripherals not listed here are fully secureable For simplicity, please consider the trust zone bit similar to the RDP level and can be fully turned back to original state Regressing of the trust zone feature or TVN bit can only be done when changing RDP from level 1 to level 0 In addition, some other security features are also deactivated like secure in-ups and watermark memory errors that have been defined For the next topic, we will now highlight the new flash interface that is present on the STM-32L5 microcontroller Here is the memory map of the flash memory architecture that is present on the STM-32L5 The L5 is a dual bank cable device that allows read while write access for each of the 256k wide bank segments The flash memory is segmented and partitioned in 128 pages at 2 kilobytes per page For the STM-32L5 bank-shopping extension is fully supported In addition, ECU scene is supported and we have added another RDP level 0.5 to the L5 which I will highlight in the upcoming slide deck As mentioned previously, the L5 has added a new RDP level of protection level 0.5 When level 0.5 is activated and is only available when the trust zone is enabled The debug access to secure error is prohibited Debug access to non-secure error is still possible and non-secure programming is still available on the device I want to highlight that RDP level 2 is still available on the L5 and this is our recommendation for device security This further eliminates any type of debug capability be it through the JTAG or SWD and it's irreversible and cannot be regressed Now, I will be discussing a new security feature on our STM-32L5 which is our root security service, better known as RSS The RSS is a memory segment in the internal boot loader that allows for firmware validation and provisioning Once a firmware image has been verified Secure APIs in the system memory boot loader can be used to update the internal memory to stand on purple interfaces such as UART, SPY, and I2C Here is a breakdown and memory map of the system flash with the RSS One feature of the RSS allows for the STM-32L5 a unique boot entry point and is capable of storing both private and public key device provisioning The boot loader listed in gray still shares the same entry points as before UART, SPY, and USB An overview of the L5 boot path would depend on the trust zone bit status or TZEN bit If TZEN or trust zone bit is zero the L5 can either boot on application code or the boot loader, which is a legacy mode and the RSS is not used If enabled, the RSS can check the firmware images and validate them before invoking the boot loader to update the flash contents On to the next topic, SFI or secure firmware injection will be discussed now SFI can help remedy a problem that most of our customers will face They do not want their code or firmware to be accessible by anyone SFI supports loading of a full encrypted firmware files using either the STM-32 boot loader and SFI services and firmware is decrypted and programmed into the STM-32 user flash SFI with STM-32 embeds a small certificate that allows the device to be authenticated New tools like the trusted package creator are able to encrypt using an image with a specific firmware key The SFI is based on the following features from providing a secure loader to firmware confidentiality that allowing device certification to be used with a strong cryptography library The STM-32 trusted package creator is a new tool to the STM-32 ecosystem that can be used to generate SFI and SMI files with a defined firmware key This ensures that firmware remains confidential and secure Trusted package creator works both as a standard GUI interface or via command line This program is PC-based and supported both on Windows and Ubuntu and included in the STM-32Q programmer installation package The STM-32HSM is a secure microcontroller which supports ISO 7816 command format that can be used to securely transfer customer information After defining the firmware encryption key and encrypting the firmware the customer can store their encryption key to one or more HSM and tips the number authorized SFI operations like counter values using the STM-32Q programmer and STM-32 trusted package creator software tools CMS must utilize the STM-32HSM to load encryption firmware to the SMI devices Each HSM only allows the SMI to find number of programming operations before it reversibly deactivated A better way to view the entire rule of trust is the following diagram First, the development starts with the customer firmware and is using the trusted package creator to send the encrypted image to the SMI The information stored on this can include the STM-32 chip certification and private keys The STM receives the encrypted image along with the STM-HSM module to both validate the image along with the control of the number of boards produced Changing gears and discussing with the STM-32L5 improvements on security features and IP I wanted to take the time now to highlight the additions to the STM-32L5 ecosystem offering The XCube-SBSFU is further expanded with the STM-32L5 The TFM or trusted firmware framework offers new features such as secure storage and execution The diagram on the left shows visually how the L5 is fully hardware partitioned from untrusted and unprivileged segments to segments that are trusted where the secure boot former is located and stored Thanks to our dedicated application team, the STM-32L5 has been officially announced as the first PSA level 2 certified MCU Please follow the link below for more details of the full certification process Customers would find this certification valuable if their application is looking for a third-party validation of the security architecture and code framework The STM-32L5 allows the same ecosystem offerings as PSA devices in our family Generic middleware such as FreeRTOS and USB device stacks will be offered along with dedicated middleware such as our USB power delivery drivers and touch sensing library In terms of peripheral drivers, we'll be offering both HAL APIs which will allow very simple importability between the family also offering our low lever or LL APIs which will offer a more optimized library for more memory-sensitive customers Project examples for each development kit are available with more than 300 specific examples that have been verified on TILE, IAR, and CUBE IDE tool chains The STM-32L5 is fully supported by the STM-32Q programmer GUI which is an easy to use program that can support flash program via JTAG, SWD, or through the onboard bootloader The STM-32Q programmer is fully supported on Windows and Linux station platforms In addition to the flash memory blocks, option bytes can be modified and programmed as well This tool can be used in conjunction with the STM-32HSM module as stated and discussed earlier in the slide deck Here we have our all-in-one STM-32 development tool which is our STM-32 CUBE IDE CUBE IDE has been fully validated with our STM-32L5 device A customer can easily start off with the product selected and properly select which peripheral or feature they want to enable and use After the customer can generate the proper enlisted action code and begin the development using GCC for their toolchain with GDB and OpenLCD being fully supported for debugging STM-32Q IDE is fully supported on Windows, Linux, and macOS The STM-32L5 will be offered in the same three flavors of our evaluation kits First, the evaluation board which is a full feature board with the highest number of peripherals bonded out supported Second is our discovery kit which is a bit more flexible in terms of prototype but has a small LCD for demo purposes and last is our basic new build 144 board All three embed the onboard STM-32 programmer All you need for programming is a simple micro USB cable In addition, customers can use these kits as reference designs to begin their application As the schematics, grovers, and bombs are fully offered and can be downloaded fully on our st.com website Here I wanted to highlight an interesting application using two products from our ST product portfolio which can be used for a digital signature application Using a combination of a Nucleo L5 board X Nucleo NSC expansion board, and an ST-25TV tag you can build a secured NSC reader and tag solution This system employs the STM-32L5 microcontroller ST-25R3911B high performance NSC transceiver and the ST-25TV NSC tag IC with embedded digital signature tamper detection and password protection The trust 25 products aim to protect the brand at an embedded level A digital signature is encoded in the IC in a secure location within ST The algorithm that is used to verify the signature can only be distributed under NDA with ST We use the same secure encoding environment as all other bank grade personalization of our smart card products The HSTM hardware security model that we use is FIPS1402 certified Here we have a block diagram of the ST-25 and STM-32L5 for digital signature verification This solution can be used in a device where a disposable component is used Applications such as a toothbrush, water filter, solute on can identify the tag within the disposal component This not only protects the revenue stream but also the safety of the end customer There is also an implication for physical identification as well as such solution can go into a kiosk or a card will identify the user For more information on our STM-32L5 security offering and NSC solutions please visit ST.com Thank you