 Hello, everyone, and welcome to our partner webinar, Wolf SSL for STM32 CubeMX V6, presented by ST Microelectronics, Senior Marketing Manager, Loïc Chausa, and Wolf SSL Senior Embedded Software Engineer, David Garski. My name is Riley DeGarmo, and I'll be moderating today's webinar. All attendees will be in listen-only mode. If you have any questions, please use the Q&A box at the bottom of your screen. This webinar will be recorded and made available on our YouTube channel at a later date. I invite you to follow ST and Wolf SSL on our socials, and please feel free to email us with additional questions following the presentation. Before I hand it off to the guys, I'm going to give you a brief introduction to Wolf SSL as a company. Wolf SSL is open-source embedded security software focused on providing lightweight and embedded security solutions for desktop, enterprise, and cloud environments, with an emphasis on speed, size, portability, features, and standards compliance. With SSL TLS products in a crypto library, Wolf SSL is supporting high-security designs in automotive, avionics, and other industries as well. In avionics, Wolf SSL supports complete RTCA DO178C DAO Level A certification. In automotive, we support MIS-REC capabilities. For government consumers, Wolf SSL has a strong history in FIPS 140-2 with upcoming FIPS 140-3. Wolf SSL supports industry standards up to the current TLS 1.3 and DTLS 1.2, is up to 20 times smaller than open SSL, offers a simple API, an open SSL compatibility layer, is backed by the robust Wolf Crypt Cryptography Library, 24x7 support, and much more. Our products are open-source, giving customers the freedom to look under the hood. Wolf SSL was founded in 2004 by Todd Auske and Larry Stefanik when they realized that there wasn't an open-source dual-licensed embedded SSL library available. Open SSL existed at the time, but there was a demand for an alternative that was easily portable, smaller, faster, available under a clear commercial license, was equipped with a clean and modern API, and offered commercial-style developer support. Wolf SSL was born into this market need with an open SSL compatibility layer that we are constantly expanding. The first instance of Wolf SSL was a clean room implementation for MySQL. Today, Wolf SSL secures over 2 billion connections global. We have more than 1,000 OEM customers and dozens of resellers. Wolf SSL is made up of almost 40 dedicated employees in 2020, most of which are engineers. This progress is supported by a strong partner network, with companies like ST that we're thrilled to get to collaborate with. Since the beginning, our engineering team has developed several embedded security products, including WolfCrypt with FIPS certification and a FIPS-ready offering, MQTT up to the V5 specification, SSH V2, a TPM 2.0 portable project, a secure bootloader known as Wolf Boot, as well as Java wrappers and JSSE support. We also offer commercial support for Curl. All of these offerings are accompanied by thorough maintenance and support plans, up to the 24x7 level, once again, something you won't find anywhere else. Wolf SSL is dual licensed, which is to say that we can be shipped with your commercial products or licensed in open source projects under GPL V2. If you have any questions in regards to licensing or our company, feel free to send a note to licensing at wolfssl.com and we'll be happy to help. And now I'll turn it over to David Garski to take a closer look at Wolf SSL technology. Thank you all. Hello, my name is David Garski and today I'm going to talk about our Wolf SSL libraries. We'll start off talking about our TLS and cryptographic library that are bundled together. Wolf SSL is a lightweight library designed for portability and configurability. It's written in C with many wrappers available. We support all the latest standards for TLS and DTLS. It can be built with a small footprint to conserve flash and memory, or we can scale up to high-end desktop servers. Our library is up to 20 times smaller than OpenSSL. We've been ported to a long list of operating systems and can even be used in bare metal. We have an extensive OpenSSL compatibility layer with over 1,000 APIs. We support integration with many open-source projects such as Apache, Lighty, Nginx, MySQL, Curl, OpenVPN, OpenSSH, WPA, Seplican, that is a long, long list. We have hardware crypto acceleration support for Intel, AESNI, AVX, the ARM V8 crypto extensions, Intel Quick Assist and long list of other things. For STM32, we support the symmetric acceleration of AES and SHA-2, and also their PKA, which is public key acceleration for ECC curves. We are NSA Suite B compatible. We've been validated to FIPS 140-2 Level 1, and we're working on FIPS 140-3. We have DO178C certification for aircraft systems, which is like mission critical systems. Here's our list of algorithms supported. This is not a complete list, but it's most of them for a Wolfcrypt library. Common ones are RSA, ECC, AESGCM, CHA-CHA, 20 Poly 1305, Edcurve, for example. For ST, we support the following microcontrollers, their mainstream F1 and G0, the ultra low power L4 and L5, the high performance series, which is the F2, F4, F7 and H7, and their wireless series, the WV55. We support the STM32 public key acceleration for ECC on the L5 and the WV55. We also support crypto co-processors for the STSAFE A100 and A110, which are ECC authentication chips. They use I squared C to accelerate ECC operations and protect the key. We also support the TPM2.0 module, the ST33, which I'll talk about in a second. So quickly, I'm going to go over the Wolf MQGT library. MQGT is a message community telemetry protocol and is a PubSub protocol designed for lightweight systems. So this library was written from scratch in C and supports all the latest standards that are used by all the major cloud providers. So that's version 3.11, version 5, and the new sensor node protocol. It supports all the quality of service levels, supports TLS for encrypting communication using Wolf SSL. It's written with no external dependencies, small code size. It's got network stack ports for Linux, Windows, free RTOS TCP, LWIP. And there's examples for Azure IoT Hub, AWS, IBM Watson. And we have simple client examples. We also have a firmware update example and MQGT as an example. And this can be used with FIPS VR or WolfCrip FIPS. So MQGT is just a lightweight protocol. It's designed to be able to subscribe to a topic and publish a message and receive those. It really efficiently packs messages together, so there's a very low overhead. And with TLS, you can use session resumption to reduce the reconnection time. So Wolf SSH is our SSH client server. It's lightweight and embeddable. It supports SSH v2, which is covered by the RFC. It's not tied to any threading model. It supports password or public-based, a public key-based authentication. Includes support for the secure file transfer protocol and the secure copy protocol. And it supports all these algorithms. And it has been interop tested against open SSH putty for SSHD and BitVis. And we can support FIPS with it as well. So this protocol is designed for secure remote login. And other secure network services designed to provide secure remote access by users or to other computers. It replaced the plaintext legacy protocols like Telnet or login RSH. And it adds authentication encryption as typically used on port 22. So the most common use case for our customers is embedded SSH server. So you can go in remotely and run shell commands or transfer files. So Wolf TPM is based on the TPM 2.0 TCG specification. It uses a trusted platform module, which is a cryptographic hardware module that includes key generation and storage capabilities. It was written originally for version 1.1 back in 2001. This Wolf TPM library uses our TPM 2.0 specification released in 2013. So it implements all of the APIs defined by the specification. And it supports both the spy, iSquared C, some other interfaces like the dev TPM or the TPM software simulators as well. It's designed for easy portability to different platforms. It uses native C code, single IO callback for the hardware interface and there's no external dependencies, no mallet queries. And we have HAL, which is hardware examples for Linux, Raspberry Pi, and STM32 cube HAL. It's been tested with all the TPM vendor chips, including the ST33 TPM module. So we also added wrappers to simplify some really common use cases such as key generation, RSA, NECC, type things, non-volatile access like storing keys or data. There's also examples for all of these things, including TLS client server benchmarking, getting a timestamp, creating a certificate, all those things. So this is just a comparison of features between two common modules, the ST33 and the Infineon SLB 9670. Just compare some of the algorithms and certifications and power and all those things. You're welcome to review those. This is a benchmark between the two, asymmetric benchmarks. This is operations per second for RSA and NECC. So we also have a Wolf boot library, which is a secure boot loader. It's a lightweight, portable secure boot loader and it's a generic implementation. It's easy to port with the HAL API. It runs on virtually any microcontroller. There is no heat memory use. It's all stack-based and it's safe to use in aerospace, medical and automotive, and it's been ported and supported with the VA178. It uses a dual bank mechanism where you have two partitions. The boot loader itself handles the update and will perform the swapping of the partitions and it does it in a fail-safe way where if the power is lost it will resume where it left off when power resumes. It also protects against version downgrade attacks and it has a rollback in case the update fails. It's OS agnostic, so it's running in bare metal and it supports RSA, ECDSA, or ED25519 and it can support SHA256 and SHA334 as well. So it supports external spy flash. You can also update the boot loader but that's not power fail safe. The source code and firmware examples are available. Of course, and it supports all the Cortex-M, the ARM V8 and the RISC processors. So it also includes a key generation and signing tools. These are, there's a version for Python also in C and those can be built on any platform. The C version includes a visual studio project for Windows too. If there is hardware crypto acceleration support in WolfCrypt, then that can be leveraged in WolfBoot as well. So why Wolf has to sell? Well, we built our libraries for portability and performance. So you can build and scale it from a small server to a high end, a small embedded microcontroller all the way to a high end server. We have a strong dedication to testing. We do continual testing with static analyzers and fuzzers, a long list of things we do ongoing. We're mature and widely used securing two billion connections at any one point in time. And we have a commitment to security and features well supported by the community. Thank you so much, David. Let's hand it over to Loïc to introduce ST company and technology. Hello, my name is Loïc Chaussat. I work on STM32 ecosystem marketing at ST in charge of embedded software offered for microcontrollers. I'm very pleased to present you today an announcement of the STM32 Cube ecosystem, during this webinar organized by our partner, Wolf SSL. I would first of all like to quickly introduce ST Microelectronics and STM32 products. ST Microelectronics is one of the world's largest semiconductor companies with almost 10 billion of revenue, 46,000 employees, over 80 sales and marketing offices, serving over 100,000 customers across the globe. ST Microelectronics is delivering a wide range of products, including analog, power conversion ICs, processors and ASICs, memes and imaging sensors, discrete and power to sustain the company's strategy. Smart mobility, power and energy, internet of things and 5G. Today's webinar focus on STM32 microcontrollers. STM32 is the leading family of ARM Cortex-M32 bit general purpose microcontrollers. The portfolio organized by series is continuously expanding, bringing more performance and low power consumption, following market trends such as wireless connectivity, advanced security, or local autonomy with AI. Among the last products introduced on the market, you can find the STM32 WL with integrated sub-gigahertz radio, the STM32 L5 in the ultra low power family with trust zone technology, or the STM32 G4 with more analogs and specific timers for power control. On the high performance side, we can also mention the expanding STM32 H7 series of microcontrollers, as well as the STM32 MP1 Cortex-A base for Linux developers. This wide STM32 portfolio is complemented by a comprehensive ecosystem, including tools, software, documentation, and support. Many solutions around the STM32 are also proposed to enable and speed up application development and certification. Many partners are also contributing to this ecosystem with various products, trainings, or design services. In today's webinar, we focus on new features of the well-known STM32 Cube ecosystem. STM32 Cube ecosystem is now becoming even more user-friendly, more intuitive, and offers the possibility to integrate new packages. A new feature enables the integration of partner software solutions in STM32 Cube projects, getting developers up and running faster on their own STM32 prototyping board. WolfSSL has taken advantage of this new feature and has made its popular embedded SSL TLS software component available as an STM32 Cube expansion pack. The STM32 Cube ecosystem is a software solution for STM32 microcontrollers and microprocessors created for designers and interested in a free, comprehensive development environment and for users looking to integrate STM32 software in their existing IDE, such as Kyle or IAR IDEs. STM32 Cube is a combination of software tools and embedded software libraries. It is a full set of PC software tools addressing each step of a complete development project, configuration, development, programming, and monitoring, as you can see on the left side of the screen. It embeds software bricks, enabling advanced functionalities in STM32 microcontrollers and microprocessors from MCU drivers to more advanced application-oriented features, as shown on the right side of the screen. In this webinar, we focus on STM32 Cube MX and STM32 Cube IDE tools and how users can select and configure software components from STM32 Cube expansion packages announced for STM32 toolset. These expansions are available either from ST, from ST partners, or from the community. Indeed, thanks to the announcements in the STM32 toolset and a new STM32 pack creator utility, everyone can expand STM32 Cube tools with his own software components to create one's own STM32 Cube expansion. This expansion can then be privately shared within a company or with outside stakeholders in the online community or even offered to customers. ST authorized partner WolfSSL is one of the first companies to release such a package, making its software components available in STM32 Cube toolset. David from WolfSSL company will show you shortly how to easily build a new project in STM32 Cube MX or STM32 Cube IDE. STM32 Cube MX software configuration tool helps users choose and configure STM32 devices thanks to many software wizards, including Pinout, Conflict Solver, Peripheral Core Affinity, and so on. It can also be used to evaluate different power consumption scenarios thanks to its power consumption calculator. After configuring the embedded software bricks of STM32 Cube MCU packages, including HRL and LL gravers, Ertos and Middleware, the project generation settings are defined according to user choices. STM32 Cube MX will generate a project with initialization C code for STM32 devices which can be opened in the user's preferred IDE, including IAR embedded workbench and ArmKyle MDK. On top of this, user can now browse STM32 Cube expansion in the STM32 Cube MX tool and open them. It's also possible to import additional packages that are not listed in STM32 Cube MX tool. Users can select and configure software components from these packages. STM32 Cube MX will then generate a project including these software components for users' own hardware configuration. There are two ways to use STM32 Cube tools. The first one on the left is to start with STM32 Cube MX configuration tool. You can generate projects for several ideas, including IAR, embedded workbench, ArmKyle MDK, or STM32 Cube IDE. If you are using STM32 Cube IDE to write, compile, and debug your own code, you can directly start in STM32 Cube IDE as it integrates all STM32 Cube MX functionalities to offer all-in-one tool experience. This is option 2, which David will be showing you in a few minutes in his demo. In STM32 Cube expansion packages, you can find ready-to-use project examples you could directly open in your preferred IDE. Pre-configured to compile and run out of the box on specific ST boards. So far, if you were using STM32 Cube MX tool, you had to generate your project after configuring peripherals and middleware and air-dose from STM32 Cube MCU package. Then you had to open the project in your IDE and add software components from STM32 Cube expansion packages manually. That is, all-source and header files. Configuration was also manual in header files. Now, the support of STM32 Cube expansion packages in STM32 Cube MX tool will get you up and running faster on your own STM32 board prototype. Importing expansion software components directly in STM32 Cube MX tool and configuring them before generating the IDE project for your chosen MCU or board target. If you would like to create your own STM32 Cube expansion, a new utility called STM32 Pack Creator is available in the installation folder of STM32 Cube MX tool. It can generate a PDF file according to the CMC Pack standard. This file describes software components in the packages with dependencies and can be read by STM32 Cube MX or Cube IDE tools or any other tool adopting this standard, such as the Harmgyle MDK, for instance. In addition, STM32 Pack Creator allows you to develop the configuration panel and to generate corresponding files for STM32 Cube MX or STM32 Cube IDE tool. If you would like to have more information on how to create an STM32 Cube expansion, visit the dedicated STM32 wiki page. You will find three project samples with step-by-step tutorial videos and detailed documentation. If you didn't have the chance to attend the webinar held on September 22 named Accelerating STM32 Application Development with New STM32 Cube Tools, check out the webinar replay. Thank you for your attention. I will now let David continue the session. Hello. Welcome to this demonstration of the Wolf SSL Cube MX Pack for the STM32 tools. So this pack makes it easy to install the Wolf SSL and Wolf Crip libraries for supporting the ST microcontrollers. This pack was created using this wiki page right here, which is available on the ST website, and the STM32 pack creator tool. And it was based on a Simpsons pack. And to install the pack, the first thing we're going to do is go to the Wolf SSL website. So wolfsassel.com forward slash docs, docs forward slash stm32. And then we'll click on this link here to download the pack. Now I've already done that, it's right here. So the first thing we're going to do is go to the STM32 cube MX tool, which I already have open right here. And we're going to click on this button that says install or remove embedded software packages. So at the top here is the vendor, and ours is not here. So we're going to install it. So we'll click this from local button. And we'll go locate it in my downloads here. And this is based on our latest 4.5.0 release and this is GPL v2 license. We also offer a commercial license for purchase. So as you can see, the pack is installed here and we're done with this part of it. So now I'm going to take you over to the cube IDE. This is just a new workspace. And we're going to create a new STM32 project. There's also a way you can do it from an existing IOC file, which I'll show you after this. So for this demo, I'm going to be using the STM32-F407 discovery board, this one right here. It's a Cortex-M4, runs at 168 megahertz. It's pretty inexpensive. And we're just going to call this a wolf demo and say finish. And it's asking me if I want to initialize all the microcontroller peripherals to their default mode. I'm going to say yes. And then it's asking me if I want to open the ST Cubemax device configuration tool, which I said yes, looks like there's a newer packets downloading. So inside here, it shows you the actual microcontroller and each of the pins and what they are assigned, what functions they're assigned to. And once this is done downloading, we're going to go to the software packs button up here and we're going to add Wolf as a Seline. Oh, it still has to download. I'm just going to click cancel and see if that'll still let me finish here. OK, so we're going to go to software packs. We're going to say select components. And we'll go down to Wolf as a Cell here. And you can see the modules. We have the core part and the TLS part and the test part. So I'm going to select all three of these for this example because I want to include the test code. All right. And so that shows up down here. And we check this box. And you'll get a whole bunch of different configuration options that you can choose. So for this example, I'm going to use Friartos. I'm going to choose our single precision cortex M-Math, which has a bunch of assembly speed ups for this chip. And everything else is fine. So you can just see all the list of options here. And we have more, and I'll show you where this gets generated so you can customize it. So I'm also going to turn on Friartos with the Simpsys V2. And the first thing I'm going to do here is increase the heap space. And the next thing I'm going to do is I'm going to add a task for the WolfCrypt demo. And this is just for the demo. I think I'm going to use 16k here. That's size and words. It's actually a little larger than that. And it could be smaller. I'm just giving it lots of space to work with here. WolfCrypt demo is the name of the function. And this is an external function. So it's in our code. So this is just setting it up so that there's a task that will get run automatically in this example. So those are the two things I did there. Next, we'll want to turn on the RNG peripheral for the random number generation. UART2 is the one used on this board for the printf that we're going to set up. So that's on PA2 and 3. And then, let's see, we're going to turn on the RTC just so it's there for certificates. And then we're also going to go into the sys. And we're going to change the clock source for the Rtusted timer, a timer one. It's just something they want ST likes. And then I wanted to make sure that the speed of the chip is at its full. So it's already there, 168 megahertz. And that should be everything we need. So let's go ahead and save this and generate the code. Now it's going to switch to the CC++ perspective. Oh, it really wants to extract this package here. I must have been an update because I wasn't doing this before. Well, I guess I can let that finish. And I'll talk about a few other things. So on this page, some of the instructions that I'm telling you are here, some are not. One of the things is inside, if you go to github.com slash wolf as a cell, and you go into this directory, IDE STM 32 cube, you're going to see some more information about building for the STM 32 targets. And for example, using the hardware crypto acceleration, using the pack. And then in the end, when we get this running, you're going to have a menu like this where you can run different features to validate the board. There's also some benchmarks posted. These were collected for several different boards, which might be useful for you. There is a template for the configuration file that gets generated when this is done, which I'll show you. And those options in the configuration tool, they get set here. And then it yields these build options below. So for the board, we're using this STM 32 F407. I think it's in this list somewhere here, right here. What it's doing is defining this build option for this UART on the console. And the other file that's interesting is the main.c. This is just an example for the generated main.c. And there's a couple of interesting bits in here that we'll want to copy-paste out that help set up the printf support. And for whatever reason, on this, the pack and the generated code, the printf doesn't work out of the box. So I had to copy and put in a few chunks of code, specifically these ones, which we'll do in a minute here. Yep, this one right here. And then this is that wiki page I was talking about. All right, it looks like it's done. So this is on the ST website for creating these packs. All right, it's almost done. Okay, so it generated this project. And if you go into this Welfast Cell Directory, you'll see that configuration file I was talking about. And you can see that it'll highlight the F-407 section right here. And this IOC file is actually what is right here and it's all the configuration information. I'm gonna go ahead and close that. And then the actual Welfast Cell Code is inside right here. And the demo that is being run is actually in this directory right here. So it's this code. And the other thing is, so for this demo, it requires printf float support. So we're gonna go in here into settings and we're gonna turn that on for the compiler. Great, oh, it's right here, these two. And then we'll close that. And then we're gonna build the project. And then you wanna have your favorite, whatever your favorite software is for connecting to the UART. So with this board, there's a single ST-Link connection that also has a debug UART on it. And that's what I'm using here. Just shows up as a USB serial port. So now that I've built this, I'm gonna right click and I'm gonna say debug as, we're gonna run it. Let's say, okay, so this will use the ST-Link debugger to load the application into Flash. And it's asking if I wanna switch to the debug perspective. I say yes, and this is actually what was loaded on there before, let me clear that. And we're in the main, oh, yep, and it's not gonna work, I forgot. Okay, so it's trying to print up but it's not actually going to the right place. And so what we're gonna do is what I talked about a second ago, which is we are going to copy a couple pieces of code, specifically this section. And it's going to go right here. If you put it between the user code marks here, the kubemex tool will not override it when it regenerates the code. And then we're gonna put this one right in, I think we will put it, just put it right here. Build this again and we'll load it up one more time. Yes, my fault. I mean, I need to actually change this to this handy UART macro right here. And then that would be a lot easier for everybody. Yeah, so it's actually UART too. I'm just gonna change like that, that should build fine. Well, I had not validated that. We're gonna go to how UART too. This is just saying when a print off character comes in, it's gonna send it to this UART before I can include that. All right, so now we're gonna go ahead and debug it one more time and I will show you the demo and that pretty much concludes it. There is one other thing I will show you while this is happening and it's the location. So inside your home directory, ST puts all the packs into this ST32 cube repository directory. And inside here, you can find that Wolf as a cell pack and there's also some example projects. So for all these different boards we have put together an ILC file which you can actually open and use directly. And I will demonstrate that very quickly after we run this. So now we should actually have something here and I can run the WolfCrypt test. And I can also run the benchmark. One thing to note is I'm in the debug configuration. If you do release, it's significantly faster because of the optimizations. So those tests finish and we'll fire off some benchmarks. And if you see these numbers right here come in blank that means you didn't have the float support for print off turned on. Okay, so that's the basic demo and there's also some TLS examples and you can show your Cypher Suite list. So the other thing I was gonna show was using an existing ILC file. So for this, the steps are very similar except for we're gonna go new STM32 project from existing ILC and we're gonna go browse into that directory I was just showing you over here. Gonna browse into here and we're gonna grab this ILC file. You like my Blazing Fast internet? Some more things to download. All right, we're almost there. So these existing ILC files have already been configured with those settings we went through before. I'm just gonna choose the same one right here. So you can just click any of these ILC files. And when you say finish it's gonna give you the same configuration, the CUBE MX configuration screen but all the things that I went through were already set up like the WolfCrypt demo task, the heap, all those things they're already set up and more Festa cells configured for all these things. So you can just open it and generate the code and the project is ready to go. This one. So another thing that's interesting is there is a template for that generated configuration file. It's called an FTL and it sits inside this CUBE MX templates directory. And this file which I may perhaps be able to open in here. It looks like this and if you wanted to add a new platform and have it generate the code automatically you could do this and just edit this FTL file. The other thing that you can do, so let's say this Wolf demo here you could actually go in and add a preprocessor macro inside here. You could add one called Wolf as a cell user settings. And what you could do is actually take this configuration file make a copy of it and paste it in here and rename it to user settings.h. I haven't tried this but it worked fine. So this is actually just setting up a custom build file that you can use but we'll no longer use the generator line it'll use this one. So that's an option. So defining that Wolf SSL user settings will reroute to this file. And yeah, I think that covers all the really important stuff. It's been great. Thanks for watching this demo. If you have any questions I'd be happy to answer them. You can always send an email to support at wolfssl.com. My name is David Garski and it's been a pleasure. Thanks.