 Je vais vous montrer dans cette démarche comment l'STM32 trust vous aide dans l'implémentation de la communication sécuritaire dans votre device. Nous allons utiliser deux bords NFC-bord communiquant au NFC et STM32-L476-Nucléo-bord. Nous allons les attaquer ensemble pour travailler comme un dévice, comme ça, pressé et c'est OK. C'est le dévice qu'on va démontrer. Nous avons un USB plug-in ici qui nous permet de poursuivre le dévice et aussi de l'outre-traces. Je vais plug-in ce dévice à la PC. Ici. C'est là. La prochaine étape est d'éloigner une application à l'intérieur. Cette application, j'ai construit en utilisant un exemple qu'on donne sur ST.com. Après construire, nous avons une grande binary que nous avons besoin d'éloigner à l'arrivée. Pour l'éloigner, j'ai juste besoin d'un drag-and-drop d'un virtual drive créé par le ST-Link ici, de l'explorer. Et ensuite, il sera flash sur l'arrivée. La application va automatiquement commencer et nous verrons les traces sur le terminal. La première des traces sont les traces sur le Secure Boot. Donc, l'ASB-SFU, la main propose est de vérifier l'authenticité de l'application. Donc, il va vérifier la signature de l'application et ensuite, si tout est bien, il va lancer l'application. Le dévice est dans un state virgent. Il est en train d'experter avec le premier dévice. Alors, let's take the smartphone. So, you should have installed the application that is associated to this demo. Here, when I put the smartphone near the NFC tag, the application is starting automatically and then I press the arrow and the pairing is starting automatically. And then you can see in the traces the full pairing process that is ongoing. Once this is done, no other smartphone can connect to this device. This is the point of the pairing. The pairing itself is just basically an exchange of public key. The device sends its public key to the smartphone and the smartphone sends its public key to the device. And once they have stored this public key, they can establish a secure link thanks to cryptographic operation. And all these cryptographic operations are done inside the secure engine that is provided in the SBSFU. You can add your own secure service inside and so you can add everything you want to implement your secure communication for your device. The use of the asymmetric cryptography allows this pairing process to avoid sending in the air any secret. One feature of this application is the transmission of a GPG image from the device to the smartphone. So I press on the read and decrypt image. So the device is sending encrypted GPG image to the smartphone. Next point is secure firmware update. You need first to have something to update. So you have your application and you want to update it because you want to put a new feature. So you generate a new application, a new binary. And thanks to SBSFU scripts, you generate an update image that is encrypted and signed. And so you can send it through internet to un secure world. Nobody can do anything with it thanks to the signature. And it cannot read the content because it's encrypted. So let's do it. So I put back the smartphone on the device. Now they are connected. And I press encrypt and upgrade. And I select user app v2. And this starts uploading the v2 firmware that is encrypted. The downloading is done by the application itself and the application is actually writing this firmware in a spare part of the flash of the device. And once it's done, here it's done, the device is rebooting. And so we can see in the traces that the device has restarted. And we can see that the new application is installed. The signature is checked, it is decrypted. SBSFU is swapping the old firmware and the new firmware. Once this is done, the SBSFU is rechecking everything is OK and launching the new firmware. Once it's done, we can put back the mobile phone on the device and check again the read and decrypt image. The purpose of this update was to change this image. So it's a new picture and just to show you there was an update that was done. In a nutshell, with this demo, you can experience yourself the Secure Boot, Secure Firmware update provided by the SBSFU. And thanks to the framework that is provided inside to secure the services, implement your own protocol to secure the communication with your devices.