 Hello, and welcome to this presentation of the STM32WL5 Cortex M0 Plus security features. The Cortex M0 Plus security manages the firmware and peripheral security, allowing the secure handling of cryptographic and the sub-gigahertz radio communication. It also provides secure firmware install and secure firmware update features. The Cortex M0 Plus security uses secure options to control flash memory, SRAM 1, SRAM 2, debug and sub-gigahertz serial peripheral interface security. Cryptographic peripherals like Advanced Encryption Standard or AES, Private Key Accelerator or PKA and True Random Number Generator or TRNG security are managed dynamically at run time by the secure Cortex M0 Plus core through secure register bits in the Global Trust Zone Controller. Security infringements are reported to the secure Cortex M0 Plus through illegal access events monitored in the Global Trust Zone Controller. The Cortex M0 Plus security is based on giving exclusive access to secure areas in flash memory SRAM 1 and SRAM 2. Additionally, peripherals such as sub-gigahertz serial peripheral interface, AES, Private Key Accelerator and True Random Number Generator can be made secure to allow secure radio communication and cryptography and key generation. Direct memory access channels can be secured on a channel base, allowing secure data transfer and channel control. The secure memory areas and peripherals are not accessible by the Cortex M4 and neither through the debugger when secure debugging is disabled. In addition to security, memories and peripherals can be protected by privilege. The Cortex M0 Plus security is to be enabled by the customer when installing the Cortex M0 Plus firmware. Once installed, security is completely handled by the Cortex M0 Plus itself. At STM32WL5 production, the Cortex M0 Plus security is disabled. The secure firmware install allows the secure installation of the Cortex M0 Plus firmware. Any subsequent Cortex M0 Plus firmware update may be handled by the secure boot secure firmware update installed on the Cortex M0 Plus. Also, the sub-gigahertz radio security shall be defined when installing the Cortex M0 Plus firmware. The AES, PKA and RNG peripheral security is fully handled by the Cortex M0 Plus at runtime whenever needed by the Cortex M0 Plus application. The direct memory access channels can also be secured when needed at runtime by the Cortex M0 Plus. Furthermore, the Cortex M0 Plus is equipped with privileged protection, which can be enabled at runtime by the Cortex M0 Plus firmware. It allows protection of the Cortex M0 Plus secure privileged resources from secure unprivileged accesses. The protection can be enabled at runtime by the Cortex M4 firmware. It allows protection of the Cortex M4 non-secure privileged Cortex M4 privilege resources from unprivileged accesses. The protection can be enabled at runtime by the Cortex M4 firmware. It allows protection of the Cortex M4 non-secure privileged Cortex M4 privilege resources from unprivileged accesses. The Cortex M0 Plus security is controlled through secure user options loaded at device startup in the secure Flash registers. The secure user options can only be modified by the secure Cortex M0 Plus, in other words, to change parameters when a secure Cortex M0 Plus software is updated. The non-secure Cortex M4 has read access to the secure user options to be able to determine the security configuration. Memory security is enabled and configured by secure user options. The Flash security disable bit, or FSD, enables the global Cortex M0 Plus security. The secure Flash start address, or SFSA, defines the start address watermark from which the Flash memory is secure. The backup RAM security disable bit, or BRSD, controls the security on the backup SRAM2, and the secure backup RAM start address, or SBRSA, defines the start address watermark from which the backup SRAM2 is secure. The non-backup RAM security disable bit, or NBRSD, is used to enable security on the SRAM1, and the secure non-backup RAM start address, or SNBRSA, defines the start address watermark from which the SRAM1 is secure. The enable security environment bit, or ESC, when read, provides information whether the device is secured or bought. When written, this bit allows the regression of the security at the same time when regressing RDP. The Flash memory hide protection disable, or HD pad bit, enables the hide protected area in the Cortex M0 Plus secure Flash area. The hide protection start address defines the start address watermark from which the Flash memory is hide protected. The secure boot and secure firmware update are located in this area. It is executed once after a Cortex M0 Plus reset, and subsequently hidden until a next reset. The debug access to the secure Cortex M0 Plus, and all secure resources, is controlled by the debug disable security bit, or DDS. The CPU's boot lock bit allows the creation of a root of trust for the Cortex M0 Plus boot, which is useful with a secure boot or a secure firmware update. The top of the memories can be secured for exclusive Cortex M0 Plus access. The top of the Flash memory starting from the secure Flash start address watermark is secure when the Flash security disable bit is set to zero. The top of the backup SRAM2 starting from the secure backup RAM start address watermark is secure when both the Flash security disable and backup RAM security disable bits are set to zero. The top of the SRAM1 starting from the secure non-backup RAM start address watermark is secure when both the Flash security disable and non-backup RAM security disable bits are set to zero. It is possible to only secure the Flash memory without any RAM security, however it is recommended to secure both the Flash memory and RAM used by the Cortex M0 Plus software. Within the secure Flash area, a hide protected area can be defined by the hide protection disable and the hide protection start address watermark. The STM32WL5 microcontroller has a single Flash memory for both the Cortex M4 and Cortex M0 Plus software. The Cortex M0 Plus security prevents secure Flash memory pages from being erased by the non-secure Cortex M4 core. A Cortex M4 Flash mass erase operation will be rejected and a multiple block erase has to be used to erase the Cortex M4 software. When regressing the read protection or RDP from level 1 to level 0, only the non-secure part of the Flash memory will be erased. The secure Cortex M0 Plus software will be retained. The complete Flash memory is mass erased and the security is removed only when regressing the read protection from level 1 to level 0 and at the same time enable security environment. In this case, all software secure and non-secure is erased. The Cortex M0 Plus boot reset vector is to be programmed in the secure boot reset vector option and secure CPU2 option. At production time, the Cortex M0 boot reset vector points to the middle of the Flash memory. In secure mode, the Cortex M0 Plus boot reset vector can only be changed by the secure Cortex M0 Plus side. Cortex M0 Plus debug access is controlled by the debug disable option bit. It is independent from security and can be enabled and disabled in both secure and non-secure modes. In secure mode, debug access control can only be changed by the secure Cortex M0 Plus side. Sub gigahertz radio access can be secured by the sub gigahertz radio serial peripheral interface security disable user option. It allows securing the sub gigahertz radio for exclusive Cortex M0 Plus access. When enabled, sub gigahertz radio access is secured from reset. The AES accelerator 1 public key accelerator and true random number generator peripherals can dynamically be secured at runtime by Cortex M0 Plus firmware. DMA channels can dynamically be secured at runtime by Cortex M0 Plus firmware. The security information can be read by the non-secure Cortex M4 to get information on the peripheral security status. Privilege protection gives exclusive access to privileged accesses. Each memory has a single watermark allowing the memory to be split into a privileged part and an unprivileged part. The secureable peripherals also allow for privilege protection. Privilege protection can be enabled at runtime. The STM32WL5 includes a pre-programmed secure firmware install or SFI firmware in its system memory which allows the secure installation of any Cortex M0 Plus software. For subsequent firmware updates, a secure firmware update function can be installed in the hide protected secure flash area. A secure Cortex M0 Plus software update is possible in all read protection or RDP levels 0, 1, and 2. Illegal accesses to secure and or privileged resources can be signaled to the Cortex M0 Plus. It is up to the Cortex M0 Plus firmware to take appropriate action. And illegal access wakes up the Cortex M0 Plus from any operating state including reset. This slide lists the events handled by the Cortex M4 core resulting from the Cortex M0 Plus security features. Any Cortex M4 instruction fetch from secure memory areas generates a boss error. Reading secure areas returns data value zero. Only the security configuration user options and peripheral security configuration bits can be read by the non-secure Cortex M4 core. This slide lists the events handled by the Cortex M0 Plus resulting from the Cortex M0 Plus security features. Any Cortex M4 illegal access to secure resources generates an illegal access event sent to the Cortex M0. In addition to this training you may find the flash memory interface, global trust zone controller, power controller, and DMA and DMA MUX modules useful.