 Maintenant, let's have a look at our STM32 trust global security ecosystem offer, what it is and what it provides. In the next 30 minutes, I'm going to provide you a brief overview of the STM32 trust offer, followed by some customer examples and use cases describing their key security needs. Before to look at the 12 security functions, which we have defined and which are supported, both by hardware resources and software packages, all across our product portfolio. Then we'll focus on two reference package solutions to support secure firmware install and secure boot and secure firmware updates. And finally, I will conclude with the key security evaluations and certifications that we are running to assess the robustness of our offer. So now let's start with a brief overview of the STM32 trust, what it is and what it provides. Well, with the increasing number of connected devices, there are more challenges associated with devices security to protect the firmware, to secure the user data or to secure the communication. Hence, to help developers to tackle those challenges, the STM32 trust offers a robust multi-level strategy to enhance the security of your product design using our STM32 microcontrollers and potentially STSafe secure elements. So basically, the STM32 trust is our security framework combining our knowledge, our software ecosystem, and the security services of our microcontrollers. The solutions offer a complete toolset for code and execution protection, it ensures IP protection, data security, and that validated credentials are used and it also helps to grant a firmware authenticity and secure firmware update. Finally, the STM32 trust brings 12 core security functions to align with customer use cases and security standards as well. So now let's review some customer examples and security use cases. We'll talk about six typical use cases to describe the key security needs of most of our customers. First example, Bob est CEO of a company designing toys developing both the hardware and the firmware. And he would like to make sure the firmware developed by his team is protected from theft and would only run on the hardware developed by his team. So basically, he wants to avoid any cloning of his devices. To achieve this, Bob needs to ensure that the firmware is not stolen during production and that there is no overproduction of his devices. So there is a need for secure manufacturing to secure the installation of his firmware by entrusted third party and to control the production quantities. He also wants to make sure the firmware is not stolen on the field and can't be extracted or modified. So he needs to protect his firmware IP and to secure the update of his firmware throughout the device lifecycle. And finally, he needs to detect and lock possible attacks in the field to prevent tampering with his devices. Second example, John est at the head of a company selling firmware IP that provides specific features and receives royalty payments from its customers. The firmware developed by his team is very valuable and features configuration options that can be further enabled by the user. To secure his business, John needs to isolate and to protect his firmware IP from customer ones so that it can't be extracted and copied. He also needs to ensure that he can securely update his firmware IP independently of the customer one. And finally, as his firmware provides also configuration options he wants to make sure that those options can't be enabled by customers without related payments. So he needs to define interchangeable application states to securely protect and lock these options. Third example, Marc sells very expensive equipment which are not replaced very often. So he wants to offer a firmware update service for instance to upgrade the product features over time. But he wants this service to only update his equipment and cannot run on competitors one. And he would like also to make sure only his firmware runs on his equipment and to prevent a third party firmware to be installed on his equipment which could generate some bad behaviors. To achieve this, Marc needs to identify and authenticate his equipment into which he will deploy his service. He also needs to implement a secure firmware update in order to check the integrity and authenticity of new software released before to install it. And finally, he needs to implement a secure boot to check the authenticity of the firmware running on his devices. Fourth example, Oliver is selling devices that report sensitive data to a central server. Oliver needs to make sure the data cannot be exposed to people outside of his company and that it is protected. To reach his objectives and make sure the data remains secret while being transmitted to the central server, Oliver needs to enable end-to-end secure data communication between his devices and the central server. So he needs to encrypt all the data communication in order to guarantee the integrity and confidentiality of the data exchange and store locally without exposing the encryption key so that nobody can decrypt the data. And he also needs to identify and authenticate the devices and the server exchanging this data to make sure these are the right devices talking to the right server so that devices are not transmitting data to unknown parties. Fifth example, Rose controls her fleet of devices from a remote server. And she wants to be sure no counterfeiting or malicious devices are running with her server and would like to have full control over her devices. To achieve this, Rose needs to check the genuineness of her brand devices so she needs to be able to authenticate these devices with unique identity which has been previously and securely personalized during manufacturing. She also needs to secure the communication between our devices and the remote server in order to protect the data exchange. And finally, she needs to ensure the unique identity and access rights cannot be changed with secure storage and secure personalization of these secrets. Sixth and last example Jack is collecting user data within his devices as part of a larger system. Jack devices and system needs to be in line with regulations such as GDPR to be able to promote and sell devices. To comply with this Jack needs a secure boot to ensure the integrity of the platform collecting and storing this data in order to avoid malware to expose them. He also needs to enable secure data communication between his devices and his system in order to ensure data is not exposed while communicating. And finally, he needs a secure storage to ensure the confidentiality of the user data which are collected and stored locally. So when we look at all those customers' examples and use cases, what we can see is that there is a common set of security functions which are required to secure all those customers' products. So that we have defined a list of these security functions which we have also mapped across our product portfolio. Hence the STM32 trust brings 12 security functions to align with both customer use cases and security standards. The STM32 trust brings also all the assets, documentation, software, tools to cover the 12 security functions which are listed here below. So starting on the right, the two first security functions are secure boot and secure and sell and update which are needed to ensure the authenticity and integrity of a firmware before executing or programming it. Then we have secure storage to secure store sensitive data or keys inside the device. We have also isolation which is the function to isolate trusted and non trusted parts of an application from each other. Then abnormal situation on the link. For example, when tamper is detected to erase backup registers and help to design to process cryptographic algorithms typically to encrypt sensitive data and to secure data communications. Let's continue on the left with audit and log to keep trust of security events like how many unexpected resets or reasons of the last reboot of the device. Then we have identifications, authentication, attestation which is the function to prove the unique identity of a device or software to any server or application. Silicon device life cycle which typically allows to control the ability to debug or to access the flash content from when the device is manufactured or put in the field. We also have software IP protection which is an important function to protect the software IP against unwanted external or internal reading and against any manipulation of this software. Then secure manufacturing which provides the ability to secure the installation of the device firmware by untrusted sort part factory and to control the production quantities. And the last one, application life cycles to be able to set and lock un changeable application states typically to protect configuration options. This slide I won't commentate. Later on you can refer to this one and take the time you need to review the summary definitions of those 12 security functions which is basically the summary of what I have just said before. What is much more important and more interesting is to look at this table where you will find a mapping of these 12 security functions across our STM32 and STSF products portfolio with highlight of the features supported by the silicon or by the firmware and the link to our reference solutions. Starting on the left side the first part is for our standard STM32 MCU series based on ARM Cortex M0 M3, M4 and M7 And here you can see in the first sub-colon that those products support most of the 12 security functions by the silicon itself and then in the second sub-colon you will find the firmware packages we can provide as part of our ecosystem to help you to implement these functions. So things like the SBECQ reference implementations for secure boot firmware updates key management services on L4 for secure storage the crypto libraries and finally the SFI solutions for secure manufacturing in combination with the STM32 hardware security module limited to H7 and L4 only for time being. The second part in the middle is for our application processor STM32 MP1, MPU series with dual Cortex A7 and Cortex M4 Again, the silicon itself can support most of the 12 security functions but many difference comes from the firmware packages this time it supports a ROM secure boot with OTP keys to authenticate and start the first stage boot loader based on ARM trusted firmware for Cortex A we can also provide OptiSecurityOS which is an open source portable trusted execution environment to manage security services such as secure install and secure update secure storage code isolation crypto enjine and IP protection as well and finally we can also support secure manufacturing with secure secret provisioning in combination with STM32 hardware security modules The third part is for our latest STM32 L5 MCU series based on ARM Cortex M33 processor which provides enhanced security thanks to trust zone and ST security implementation so this product support all the 12 security functions by the silicon itself and combine with ARM trusted firmware for Cortex M this is a unique platform supporting all the functions like secure boot and secure firmware updates with TFMSBSFU and then finally the fourth part is for our secure elements family not as an alternative but in addition to all of these products you can add header, STSafe, A or our trusted platform modules to enhance the robustness of some of the security functions both devices providing state of the art security based on smart card technology now let's focus on two of those security functions to see how they are supported across our products portfolio in more details so the first one is secure boot function which you are aware of now to help you to implement these functions in your next product design we can provide three different code examples header the xcube sbsfu reference implementation typically for standard STM32 L4 then the trusted firmware for Cortex M version for STM32 L5 with trust zone and finally the trusted firmware for Cortex A version for STM32 MP1 with first stage secure boot loader to implement this secure boot the three firmware packages leverage the hardware resources of the targeted platform like read protection write protection and memory protection unit on standard products like STM32 L4 unique boot on tree and high protect on US products like STM32 G0 G4 and L5 or memory management unit and secure boot ROM on STM32 MP1 application processor and finally as I did on the previous slide you can enhance the robustness of the secure boots by adding the STSafe secure element to store the certificate used in this process the second one is secure manufacturing of your devices to help you to implement these functions we can provide the STM32 hardware security modules which is effectively a smart card that you can use with the STM32 cube programmer to generate and store the encryption key and in combination with the SFI secure firmware install service to secure the programming of STM32 in understood environments this SFI service leverage the RSS root security service on the STM32 H7 L4 and L5 and the secure boot with secure secret provisioning on the STM32 MP1 then for the products which don't support those silicon features we can provide a fast-run programming services in our factories for all our STM32 series except the STM32 MP1 subject to minimum ordering quantities and added cost so it means we will program your firmware and set the option bytes of the device in our factories before to deliver the part to you and finally you can also add the STSafe secure elements already pre-personalized with customer certificate and credentials now some more content detail about these two reference package solutions to support secure firmware install and secure boot and secure firmware updates in particular how it works so as previously said secure firmware install solution provide protection when devices have been programmed for the first time in untrusted environment current issue is that customers have to transfer their firmware unencrypted to a third-party manufacturing to get their devices program while this factory is not necessarily trusted this solution offers a complete tool set to encrypt the firmware safely transfer the firmware and customer credentials to the programming partner and to securely flash the STM32 so how it works after firmware development and validation developers can use the trusted package creator software to encrypt the firmware and also to store the encryption key into the STM32 hardware security modules on the same way it can be used by a third-party IP provider to encrypt their own software IP then you can safely transfer both the encrypted firmware and the encryption key protected by the physical STM32 hardware security modules to the untrusted factory finally using header the STM32 cube programmer one of our recommended partner programming tools with the right security features Gainwing STM32 will be authenticated the firmware will be decrypted and securely flashed with control of the production quantities so the programming tool first authenticated Gainwing STM32 thanks to its unique keeper previously programmed by ST establish a secure channel to safely transfer the encryption key from the STM32 hardware security modules to the STM32 and also transfer the encrypted firmware to the STM32 hence both the firmware and the encryption key are never seen uninterrupted outside the STM32 then inside the STM32 the firmware is decrypted and programming the flash and the option bytes are set to ensure that it cannot be read back on top you can control the production quantities so if the STM32 hardware security modules can be configured to generate 10,000 units of installation license you will be able to flash only 10,000 units of STM32 for secure boot and secure firmware updates as you have already seen we provide the X-Cube SBCFU solution which is a set of software reference source codes for secure execution and the bread of STM32 microcontroller building applications it includes 3 software modules the secure boot checking the authenticity and integrity of user application code before every execution the secure engine providing a protected environment managing the critical data such as firmware decryption key and performing the cryptography operation and the secure firmware updates receiving the encrypted firmware image decrypting it then checking the authenticity and integrity of the new image before installing it the X-Cube SBCFU also shows how to set up all STM32 memory protection mechanisms to isolate secure boot and firmware update functions from the main application and there is also a reference implementation with the STSafe secure elements to enhance the robustness level of the final implementation Another very important point when talking about security is related to the evaluations and certification of the devices and the reference software implementations that we are running to assess the robustness of our solutions Main propose of this is to provide to our customers evidence that they can trust the security of our hardware and software solutions for developing their products and potentially to reuse the evaluation results to pass their own application specific security certification if needed to address their markets such as PCI for port of sales application or IOC62443 for industrial applications So there are a couple of standards particularly important and which we have decided to follow First standard is CESIP which is the security evaluation standard for IOT platforms issued by Global Platform Association which is recognized worldwide for its security standards and certifications This standard describe the security functional requirements and the security assurance requirements of an IOT platform and let's say that CESIP is the first certification methodology well adapt to MCU product Here as you can see the STM32-L476 in combination with the X-Cube SBSFU package is the first GPMCU platform to pass CESIP level 3 certification which is the assurance to sustain a wide box time limited vulnerability analysis The certificate displayed here is also available on trustCB website Important to note STMicroelectronic is the first company with such certification level on GPMCU Second standard which we follow is PESA certification which is the Arm Based Security Assurance Scheme for IOT devices and services The security certification provides 3 progressive levels of assurance and robustness while the functional API certification provides a set of easy to use built-in security functions Here as you can see the STM32-L5 in combination with TFM is the first GPMCU platform to pass PESA security certification level 1 & 2 and PESA functional API certification The certificate displayed here is also available on PESA certified website Again important to note STMicroelectronic is the first company to receive PESA level 2 certification on GPMCU This table summarise all the evaluations and certification we have got so far For Arm PSA we have the STM32-L4 and the STM32-L5 certified PESA security level 1 and the STM32-L5 in combination with TFM certified PESA security level 2 and compliant to PESA functional API For CESIP the STM32-L4 in combination with Easecube SPSU is certified CESIP level 1 & level 3 et très récently we have got also the STM32-L5 in combination with TFM certified CESIP level 3 Then on top of the Arm PSA and CESIP certifications we also have the STSafe Secure Elements which are common criteria certified at a banking level for state of the art security and finally we have also demonstrated the possibility to build a system on chip solution based on the STM32-L4 fully compliant to payment cart industry standards for point of sales applications I will now conclude with some takeaways and key points to remember from this presentation To summarize this presentation the STM32 trust security ecosystem is a unique and certified one stop shop solution helping you to implement security in your new product design Starting from customer use cases and security needs we have defined a set of 12 core security functions which are the foundation to fulfill all the common security needs These functions are implemented and supported across our product portfolio using our STM32 microcontrollers and potentially our STSafe Secure Elements and we also provide reference packages for seamless implementations of a secure boot and secure firmware updates or for secure manufacturing of your devices and finally we have evaluated and certified our hardware platforms in combination with reference software packages according to new security standards being the first on the market certified PEC level 2 and CZP level 3 so that at the end of the day customers can really trust our deliveries to secure their product that's all for the STM32 trust security ecosystem presentation further information are available on our website thank you very much for your attention