 Merci France, pour cette introduction. Maintenant, nous allons commencer avec le manager de sécurité. Le propos de cette étape est d'installer le manager de sécurité avec une spéciale focus sur la fonctionnalité associée. Je vais introduire, première, la zone TROS et aussi le nouveau state de producteur STM32H5. Ensuite, nous allons installer le manager de sécurité et l'application d'utilisation qui utilise le manager de sécurité. Vous pourrez voir comment cela fonctionne et ce que l'on peut faire pour la première introduction. Pour comprendre le manager de sécurité, vous devez vraiment comprendre la zone TROS. Nous allons prendre 5 minutes sur ce sujet. La zone TROS was introduced by ARM in the Cortex M33 and M23. ST is using only the M33. This new concept introduces a new internal state called secure that allows to create isolation between two different areas. The secure and what we call the non secure or trusted non trusted. This is an internal isolation that is controlled by hardware. When you are executing in a non secure state, you cannot access to any resource located on the secure side. The main purpose of this is to isolate the secret assets on the secure side. The key store, also the cryptographic operation using the key stored in the key store and to store anything you need to keep secret. On the interested part, the non secure, it's usually where lies the normal application that is communicating with the outside. Because of communication, you may have some surface of attack and even if a hacker is able to take control over the device, for example taking control over the program counter on the non secure side, this hacker will have no way to access to the secure side. That's the reason of this isolation. You understand it addresses the attacks from the remote. An attacker is using a remote access. For example, Ethernet or Wi-Fi connection or any connection with protocol and tries to tamper the device through this remote connection. Here we have the secure code on the secure side. The key store, the cryptographic and the secret assets and on the non secure side the application protocol. That's the main point of isolating secure and non secure. To go a little further now to understand how it works. After boot, so after the reset, the program counter is executing in secure side. So the point of the secure part is to configure the platform and decide which part is secure, which part is non secure. So you have a full configurability of the platform to say which part of the internal flash of the internal ROM is secure and which part is non secure, which peripheral like UART, ADC, any peripheral of the microcontroller can be set secure or non secure. So this is where the main configuration occurs. Then once the secure code has executed as configured the platform checked that everything is okay it can jump to the non secure application. Non secure application is doing what the device is made for and is able to call a secure API that is implemented on the secure side. So the secure API acts as a gateway to secure code. So the secure code decides what kind of service it will provide to the non secure side. So it's up to you if you own the secure code you can implement what you want. In our case with secure manager all this part will be implemented by the secure manager. That's the way it works with the TROS zone. Now a second introduction is the new product state. As you may know on the STM32 H5 we introduce a product state instead of RDP. It's not completely new. For example the open state is exactly the same as RDP level 0. RDP if you are aware of STM32 is the radar protection and acts also as a device life cycle. RDP 0 is open, RDP 1 the flash is protected but you can still access to the JTAG to be able to do a regression to RDP level 0 and RDP 2 the device is locked. You cannot access it anymore with the JTAG and the application that is already there is running without problem. Here we have so open state equivalent of RDP level 0. We have a closed state. So this is now the state that will be used in the field. It is equivalent to the KDE RDP 2. So we have a device where you can use the keys to regress the device, the STM32 U5. So the closed state is equivalent to this KDE RDP 2. This means you have no JTAG or SW access but you can still do a regression. The locked state is equivalent to RDP level 2. So you have no way to come back and there is this chosen closed that is equivalent to RDP level 0.5 where only secure memory is protected. It allows the development in a non secure side. So to sum up RDP level 0 you have access to all the parts when chosen is activated on non secure and secure. With chosen closed you remove the access to the secure part and leave access to the non secure. And you will see that that state will be the state we will use for the secure manager in development. Then in a product state closed you are like equivalent to RDP level 1 but with no more JTAG access. So it's more equivalent to as I said KDE RDP 2. And there is no JTAG access but with the possibility to come back you will see this later. And the locked state no possibility to reopen the device. So now we are ready to discover the secure manager. Just as I said secure manager lies on the secure part. So all what we provide with secure manager will be located on the secure side and we provide an application example that is on a non secure side and that is able to use a secure API. And this secure manager is provided with this secure manager application kit which is the concatenation of the standard cube H5 with secure manager zip file that you need to add on top of it. And with this installation of the workshop you should have done already this un zip and you should have in your PC in such a way where you have the cube and after installing the secure manager you have this secure manager with scripts and resource associated to secure manager the debug authentication scripts that we will see later during the workshop SMAK application that is an example of the usage of the secure manager API and really an example of how to use this API and the API itself that provides standard PACE services So in the ecosystem we will install first the secure manager with the default application and on the second step we will compile and download the SMAK example So let's start with this first step Here I have connected my board and you can see that there is a demo application by default that is on this board that is based on TouchGFX with a display so you should connect first your board to your PC to be able to go on and now we are ready to download the secure manager on the target So to do this we will start from our initial board in virgin state which is not really the case we have already some code inside it but it's not important here We will launch a script that is using a STM32Q programmer that will download everything needed on the target it will configure, set up the trust zone put all these components on the secure side and a very simple lead bling default application on the non-secure side So if I go to the next slide you can see we need to launch a single script provisioning auto.bat So to do this I advise you for this workshop to create two shortcuts one on the security workshop so here on the directory you can use to do the hands-on so we propose training STM32H5 security workshop and here you can add the hands-on material and the hands-on directory where you will generate the code and the hands-on material is the one that you should have downloaded and the second shortcut should be on the firmware package you have installed and here it should be by default installed in your directory your own user directory STM32Q repository if you have a space it will not work in this version it should work in the next one I think it will be fixed if you have a space in this directory just copy this firmware in another directory to do this example what you need to do is to go in the project and we use this H573 discovery board and go to ROT meaning route of trust provisioning you can see normally a secure manager directory and here you have this provisioning auto.bat so just launch provisioning auto.bat this will launch a script that is doing several steps so on first step it is building checking the configuration files then you can see that we are preparing internal trusted storage we are preparing a SFI file that is an encrypted file and then we switch to secure installation and then you can see that the board now is downloading we can see here if you can see the LED blinking showing that it is downloading and then at the end you have this LED blink occurring now just launch TerraTerm and create a new connection and look for ST-Link virtual comport and connect to it so I can delete the other one and if I press reset you will see that the board sends the version of the secure manager and something else that is called ST-ROT we will detail this a bit later so now you have downloaded the secure manager with the default application you can see here the LED blinking we have set up the serial port just make sure that you have set up the right speed I added it on my side that's why it was working fine then we press the reset button so now we have downloaded this secure manager we can compile and download the SM-AK to do this you first need to launch the STM32 cube ID so let's launch this ID I have it here cube ID 1.14.0 so use for example this directory non, sorry yes, this one and create here a directory folder so I call it workspace and copy this just for this training and I launch a workspace you can see it generates a metadata here and we will have the STM32 cube ID launching just close this and open the project so the project is located in our secure in our cube firmware so just go to project h5 discovery kit application ROT application and SM-AK app click on cube ID I will close this and select folder and you can open it after this you just need to compile so you can build the application pressing on the hammer here the compilation output is in this window and you can see that at the beginning we have launched it's too late we have launched a pre-build and we launch also a post-build script to sign the binaries we will see later why it is important so you should have this post-build dot-bat that is finishing successfully so now we have our application it is a simple example that we will download to the target so to do this you can launch debug as just click left click here and you can do debug as cc++ by default you have two different debug configuration please use the debug download configuration so here you should see something like this because if you didn't update the ST-Link firmware it will propose you to update it so press yes this you have this pop-up window that allows you to open the ST-Link in update mode and you can see here that we have a new version of the ST-Link, you just need to upgrade it as soon as it is finished you can launch again the download on the target so it's finished now you have already this default that is available default configuration it will start to again to recompile and download on the target ok, here you can switch to the debug perspective and you can see that the application was downloaded successfully and now we are at the beginning of the example application you can launch it resume and if I come back to the comports you can see that now we have a demo application with 5 different menus that we will explain a little more now I will first open a little more screen I press a key and go and press 1 for internal trusted storage so this first menu is for the internal trusted storage can be called also as a secure storage where you can see different APIs, first set for new data and the second state for factory data so this means that with this trusted storage you can provide some data to this storage and then get it back get information about this data and remove it so you can see one, I have some example here to write data I call an API to get it back so I get the same if I get information this is the attributes related to this data and then I can remove it if I try to get data again it will fail because I already removed it and the second set of menu is for factory data this means that we can provide at factory preprovision internal trusted storage and here if we try to set so I press 5 you can see that it fails because data is already in the trusted storage we cannot overwrite it but here we can get the value so it depends if I press get info the fact that you can get the information of the data here depends on the flags that you have here that allows you to read the content of the key it's possible to avoid this to keep the secret inside the secure part and to be used only by the cryptographic operations and if I try to now to remove this data it will fail also because it's supposed not to be removed so this is it for the internal trusted storage next point is cryptography so you can see we have standard cryptography with a random generator symmetric cryptography with a different chaining mode with a gcm cbc ccm the hash 2 different hash and then asymmetric cryptography with RSA and ECDSA where we can generate signatures and things like this so we can press 1 for random so you have a random and if I press 2 you can see all the PSA APIs that are used and all this gives you implementation examples inside the code that is here so we are the SMAK that we are providing here all the example we have the different code so in the crypt.c the example of the different codes to the to the PSA API so for example SSI message getK attributes these kind of things you can have also in the crypto test command you have a many implementation example and that's the proposal of this you can see that we can generate a signature using dua user key factory ITS key we will see it a bit later then we have this initial attestation if I press 1 we get an attestation that is signed by initial attestation private key that provides all the details of the version and the hash of the different components this allows server to make sure that the device it is talking to so this initial attestation is a standard way of doing specify by arm then you have firmware update and here you can see we have several menus and mainly you can see menus related to non-secure application so non-secure application is the one we have here so we can update this SMAK app for instance we have also menus related to secure manager to be able to update and install a new version of secure manager and the last one for STU rot you have seen already and Fabres will talk a bit more later about what it means basically it's a second stage bootloader and the last point is the certificate so you can see that we provide two certificates DUA X509 certificate DUA user and initial attestation certificate so two different certificates that are pre provision on each device each H5 has its own certificate with own private key associated to the public key in the certificate so this allows you to identify each device you have from IoT point of view so this is a first overview of what you get with secure manager and this SMAK application with all the examples we have so now I will come back to the slides and here as a conclusion we have seen that installing secure manager is quite simple and the point that we can develop a non secure application that is working with the secure manager and we could see an overview of the content provided by this example application we call SMAK so I leave the floor to Fabres who will give you details about this new solution and overall strategy regarding the security thank you for your attention