 Hello and welcome to this online training module dedicated to the advanced security features of the STM32WL5 Root Security Services, or RSS. RSS is used to load content in the secure or non-secure flash memory. The RSS provides runtime root security services used by the STM32 Secure Firmware Install Solution, or SFI. For more information on protected memories, please refer to the online training module STM32WL5 Security Memories Protection. The flash memory has an information block containing system memory from which the CPU1 or Cortex-M4 boots in system memory boot mode. This area is reserved and contains the bootloader used to reprogram the flash memory through one of the following interfaces, USART1, I2C1, or SPI. It is programmed by STMicroelectronics when the device is manufactured and protected against spurious write-erase operations. For further details, refer to the application note STM32Microcontroller System Memory Boot Mode, or AN2606. System memory from which the CPU2 Cortex-M0 plus boots in system memory boot mode. This area is reserved and contains the SFI RSS firmware used to authenticate and install the firmware in flash memory through one of the following interfaces, USART, I2C, or SPI. It is programmed by STMicroelectronics when the device is manufactured and protected against spurious write-erase operations. On the STM32WL5X microcontroller, the secure bootloader is stored in the internal flash memory or system memory and supports the following interfaces, USART, SPI, and JTAG. The STM32WL5X secure bootloader allows the execution of the SFI process several times after complete erase of the internal user flash memory if erasure is allowed by installed application. The embedded bootloader is used to program flash memory and runs on the CPU, Cortex-M4. It can be used to load content in non-secure memory areas. The embedded secure firmware install process as part of the root security services or SFI RSS allows the programming of the flash as the embedded bootloader. It runs on the CPU2 or Cortex-M0 plus and can be used to load content in both secure and non-secure memory areas. The secure bootloader is a standard ST bootloader with additional security features. During the SFI process, the secure bootloader never allows any other code to access the user flash memory or SRAM. Secure Firmware Install or SFI is a global solution for the STM32WL5 series of microcontrollers, allowing secure and counted installation of OEM firmware in untrusted production environment, such as OEM contract manufacturer. SFI is implemented using the secure RSS and the secure bootloader. OEM firmware protected by SFI can be stored in the device's embedded flash. The STM32WL5 SFI solution consists in having the whole OEM firmware and the option bytes encrypted with an AES secret key, thanks to STM32 Trusted Package Creator Tool. This is done during OEM firmware development. Confidentiality of this AES secret key is ensured using an STM32 device unique key pair with the private key readable only by the RSS. For more information, please refer to application note AN5511 for secure firmware install or SFI solutions. Only genuine ST microelectronics STM32WL5 microcontrollers can install the protected firmware via SFI. The number of STM32 devices on which the firmware has been installed can be counted inside the hardware security module or HSM associated with the SFI process. See next slide. OEM firmware and the option bytes are encrypted thanks to STM32 Trusted Package Creator Tool during OEM firmware development. OEM also uses this tool to program the hardware security module or HSM with its AES secret key, its nonce, and a maximum installation counter. The OEM contract manufacturer uses STM32 CUBE programmer and provisioned HSM to initiate SFI process and sends encrypted SFI image to the STM32WL5 device. Authenticity, integrity, and confidentiality of the OEM internal firmware and option bytes are checked before embedded flash is programmed with decrypted firmware and option bytes. Secure firmware install to internal flash memory goes as follows. Numerical steps are represented on the schematic. 1. OEM creates OEMFW or .SFI. 2. OEM provisions OEMFW key in HSM. 3. CUBE programmer gets certificate. 4. HSM creates the license. 5. STM32 gets the license. 6. STM32 gets the OEMFW or .SFI. 7. STM32 decrypts the OEMFW and OB. 8. STM32 programs the OEMFW and OB. Please refer to memory protection, flash, or boot training if you want to know more on those topics. Also, find a list of peripherals related to the RSS and the SFI. For more details, please refer to application note AN2606 about STM32 microcontroller system memory boot mode, application note AN4992 about overview of secure firmware install or SFI, and application note AN5511 about STM32 WL5X SFI tools, bootloader, and RSS interface. User manuals for STM32 CUBE programmer and STM32 trusted package creator are also available on the ST website.