 Hello and welcome to this presentation of the STM32U5 Symmetric Crypto Co-Processors. It covers the features of the AES and SAES modules, which are widely used for cryptographic applications. The AES Accelerator supports three operation modes, encryption, decryption, key derivation for decryption. It processes 128-bit data blocks using an encryption key that is either 128 or 256 bits long, based on the selected chaining mode. Atomic keywriting and key loading from SAES Peripheral are new features offered by the STM32U5. Initiating the key loading sequence sets the busy flag and clears the key valid flag. Once the amount of bits defined by key size is transferred to the AES keyRX registers, busy is cleared and key valid set and the end bit becomes writable. That ensures that the key loading operation is successfully completed. The table indicates the number of clock cycles required to process a 128-bit block of data according to the chaining mode and the key size. The AES module can load shared keys from the SAES module. This procedure is controlled by SAES. This AES block diagram highlights the new features supported by the STM32U5 compared to STM32L5. The key valid flag and the key error interrupt flag are new. Key valid is set when a valid key is loaded in key registers. Key EIF is set when key information failed to load into key registers. The other flags are also present in the STM32L5. The read error flag or RD error is set in the AES status register when an unexpected read operation is detected during the computation phase or during the input phase. The write error flag or WR error is set in the AES status register when an unexpected write operation is detected during the output phase or during the computation phase. An interrupt can be generated when one of these two error flags is set if the read or write error interrupt enable or RWEIE bit in the AES interrupt enable register was previously set. Two extra flags are available for the AES accelerator to indicate the status of current operation. The computation complete flag or CCF is set by hardware when the computation is complete. An interrupt is generated if the CCF interrupt enable bit was previously set. The busy flag used only with GCM mode indicates that the higher priority message can interrupt the current message during the GCM payload phase in encryption mode. The AES module supports hardware key sharing with site channel resistant SES peripherals controlled by a CES. The SES implement features which are similar to the AES module they're written in grey. The new features are written in blue. Only ECB and CBC chaining modes are supported. SES has the possibility to load secret keys by hardware, the boot hardware key or BHK and derived hardware unique key or DHUK usable but not readable by the application. The SES peripheral can wrap for encryption and unwrap for decryption application keys using these hardware secret keys DHUK XORed or not with the application key BHK. With this feature, AES keys can be made usable by application software without being exposed in clear text. The SES module incorporates a protection against site channel attacks or SCA including differential power analysis or DPA. The table indicates the number of clock cycles required to process a 128-bit block of data according to the chaining mode and key size. Note that performance is lower than AES. The SHSI clock provided by the RCC has a 48 MHz frequency with plus or minus 15% jitter. This SES block diagram highlights the new features supported by the SES compared to AES. First, the 48 MHz kernel clock is unobservable. It's not visible externally. Then, SES fetches random numbers from the RNG peripheral automatically after a module reset triggered in the RCC. SES cannot be used when RNG EIF is set. This flag is set when an error is detected while fetching a random number from RNG peripheral due to, for example, bad entropy. SES has the possibility to load the secret keys DHUK and BHK by hardware. These keys can be cleared and erased when a tamper is detected, making all secrets undecipherable by the attacker. Note that any key managed by SES including DHUK and BHK can be shared with the AES module when the SES key sharing function is activated. For more details on the new Enhanced Secure Key Storage feature and wrap and share key modes, please refer to Enhanced Secure Key Storage training module.