 Bienvenue à ce smoke about STM32U5 Hardware Unique Key. The STM32U5 integrates many new security features. One of them is the Hardware Unique Key. It's a protected and pre-provisioned cryptographic key unique per device. In this presentation, I would like first to show you the security problematics that could be addressed in this mechanism. Then we will go into details of implementation to understand how this key could be used than the secure iOS crypto accelerator. Let's start with the example of a company which has developed an innovative product. This is our innovative company. It has developed for months a new product which embedded valuable data on algorithm. On this one has been tested and validated, the production starts. Then the company start to sell this product all over the world and this product was a real success. But the drawback of this success is that some hackers start to have a deeper look in this product. Hackers manage to find some security weakness in this product. Exploiting this weakness, they were able to extract the valuable data or algorithm and then will sell this information on the dark web. So our innovative company has lost all his investment in research and development. Additionally, if our hacker has some production capabilities, he can produce clone devices and sell them, destroying all the market of our innovative company. So the question now is how to address this problematic of confidentiality and cloning. First, let me propose you a STM32 device with an embedded pre-provision cryptographic key. This one allows to encrypt the crypto data in a secure context which prevents any leakage. Of course, this key is hidden in the device and can't be recovered in any manner. Now, our innovative company will use this new mechanism. At production level, when the code executes for the first time, it could use a pre-provision key to encrypt any valuable asset in the device. Then on the field, the firmware could use an embedded key to decrypt those assets or it could also encrypt some other data if needed. Our hacker will export again a weakness and will extract the code. An embedded asset has been encrypted and has there is no way to recover the key which was used to encrypt them. This time, the hacker won't be able to leak the data on the firmware. But if the hacker has some production capability, he will be able to produce again some clone device. An additional property of this pre-provision key is needed to address this problematic and I guess you already found it. If the pre-provision secret key is unique per device, then any asset encrypted in one MCU can be decrypted on another one. Thanks to the unicity of the pre-provision key, now the asset encrypted is unique per device. That means on the field, each device has a different static content embedded, but with the same dynamic functionality for the product. So if our hacker extract again a firmware with some encrypted assets from one device and flash it in another one, this clone won't be functional. As a key used to decrypt, it's not the same as the one that has been used to encrypt. I hope this previous example helps you to understand how a pre-provision unique key allows to address some security use case. This hardware unique key, also known as HUC, is a new feature embedded in our STM32U5 with hardware cryptographic accelerator.