 Hello and welcome to this presentation of the STM32WB Root Security Services features. The Root Security Services, or RSS, is a protected firmware executed by the Cortex M0 Plus Core. It is used to securely install and update the wireless stack using cryptographic mechanisms to ensure its integrity and authentication. The update of the wireless stack is key to guaranteeing the best performance and security level throughout the device's lifetime. Authentication of the wireless firmware is granted by ST Microelectronics by default. However, a double authentication can be added by the customer. The RSS firmware itself can be updated. The RSS also provides a secure slot for storing cryptographic keys. This way, secret keys can be provisioned and used by user applications without direct access to their value. The RSS firmware, as well as the wireless stack, are a sensitive code with embedded cryptographic data. Therefore, it is stored in the secure part of the flash memory accessible only by the Cortex M0 Plus Core. Code and data stored in this memory part cannot be accessed by any application running on the Cortex M4 Core. They cannot be accessed by the debug port, either. Volatile data needed for execution are secured to in the secure part of the SRAM2 memory. The RSS firmware and wireless stack are exclusive. The Cortex M0 Plus Core can execute either one or the other. By default, when no wireless stack is installed, the RSS is active. Then, after first install, the wireless stack becomes active. New access to the RSS is granted either by a bootloader command or by an application message through the Inter-Processor Communication Controller, or IPCC. The wireless stack can be updated in one of two ways, depending on the availability of a physical or wired link on the device. A direct access through a physical link for using the bootloader allows you to perform the first install of the wireless stack. Afterwards, the stack can be updated by first removing the current stack and hence reducing the amount of memory needed for the operation. There is only enough space for one stack in the flash memory. The STM32 Cube Programmer tool can be used to directly access the bootloader and dedicated commands. The second way for updating the wireless stack is to do it over the air, or OTA. This requires the use of the current wireless stack for downloading the new one. It means that an extra flash memory area must be available for the update. The OTA application example is available in the new STM32 Cube firmware package. New firmware can be downloaded either using the STBLE sensor mobile application or the STM32 Cube Monitor RF tool and BLE dongle. This slide presents the direct access procedure for updating the wireless stack. The procedure is automatically performed by the RSS firmware once the update command has been sent by the bootloader. First, the current wireless stack is removed. Then, the encrypted and signed new wireless stack is downloaded in the flash memory. Sensitive operations of decryption, integrity and authentication checks are done by RSS firmware inside the protected flash memory area. In the last step of the procedure, option bytes related to the wireless execution configuration are set with the proper values. At the end of the procedure, the wireless stack becomes active. This slide presents the over the air procedure for updating the wireless stack. This procedure requires a wireless application from the user side able to provide a download service to a remote client. On request from this client, the user application downloads the new wireless stack to the device's flash memory. Then it sends a message to the RSS to start the update procedure. The encrypted and signed new wireless stack is downloaded in the flash memory before being decrypted and authenticated. After all checks have been passed, the current stack is removed and replaced by the new one. In the last step of the procedure, option bytes related to the wireless execution configuration are set with the proper values. At the end of the procedure, the new wireless stack becomes active. This slide presents the RSS firmware update procedure. The RSS firmware itself can be updated. Two slots are available for the RSS firmware. One for the active RSS code and one for the installation of a new one. The new encrypted and signed RSS firmware is downloaded either via a wired connection or over the air. Once decrypted and authenticated, the new RSS is active. Then the old one is removed and its slot becomes free for a future update. The wireless stack is developed, encrypted and signed by ST. Its encryption is insured by the AES algorithm and its signature relies on an elliptical curve algorithm. A second authentication level can be added by the customer. This second level of authentication can be required to ensure that only specified versions of the wireless stack can be downloaded. Customer authentication uses the same elliptic curve algorithm. A public-private key pair is used. The private key is used to sign the stack image using the STM32 trusted package creator. The public key is stored in the secure part of the flash memory using the STM32 cube programmer and a specific RSS service. The RSS offers a secure slot for storing the AES cryptographic keys. These keys are intended for use with the AES1 IP. The key register of this hardware block is only accessible by the Cortex M0 Plus in a secure configuration. The AES1 block of data is sent and fetched by the user application, while the key register is loaded or unloaded by the RSS upon user request. From the user point of view, the key is referenced by its index inside the RSS, and its value can never be accessed. Keys can be provisioned using the STM32 cube programmer tool through the device bootloader. Keys can be sent in the clear or can be first encrypted using a master encryption key. This master key is previously provisioned in a safe place. All root secure services, including provisioning, are available at application run time. Four services are available to the user application for key management. Right service for storing additional keys. Load service for AES1 key register programming. Unload service for cleaning the AES1 key register after application completion. Block service to prevent any reuse by another process of a given key until the next reset. This service can be used in a user secure boot application, for example. In addition to this training, you may find the flash memory interface and system configuration trainings useful.