ST's Embedded Design Agreement with Amazon Web Services (AWS) and Microsoft Azure is the latest advancement in the semiconductor industry's push to securely connect Internet of Things (IoT) devices to the cloud. The reference platform built around its STM32U5 microcontrollers and the STSAFE-A110 secure element integrated in these MCUs works with AWS and Azure platforms to facilitate secure cloud connectivity of resource-constrained IoT devices.
This reference implementation is for AWS FreeRTOS and Microsoft Azure RTOS and IoT middleware software platforms. Additionally, it is certified for the Arm Trusted Firmware (TF-M) service for embedded systems. This software integration saves development time and cost and simplifies compliance with PSA certified safety guidelines.
Take, for example, a reference implementation of the AWS platform implemented on ST's B-U585I-IOT02A discovery kit for IoT nodes built around the company's STM32U5 microcontroller. Here, FreeRTOS provides software libraries for connecting various IoT endpoints to the AWS cloud or other edge devices, with a kernel optimized for resource-constrained embedded systems. Additionally, AWS's Long Term Support (LTS) is maintained on FreeRTOS releases for two years, ensuring developers have a stable platform to deploy and maintain their IoT devices
In addition to the STM32U5 microcontroller shown above, the reference implementation includes USB, Wi-Fi, Bluetooth low energy connectivity and several sensors.
The next building block for hardening IoT designs - Arm Trusted Firmware for Embedded Systems (TF-M) - provides secure boot, secure storage, encryption and attestation services to form a trusted execution environment (TEE) basic equipment. Arm TF-M firmware is designed for Arm v8-M architecture to easily integrate TrustZone functionality on Arm Cortex-M33 core based MCUs.
Similar agreement with Microsoft Azure
STMicro has announced a similar arrangement for secure cloud connectivity with Microsoft's Azure IoT platform. In addition to Arm TF-M support, the reference implementation features Microsoft Azure RTOS, a middleware package optimized for resource-constrained IoT edge devices and endpoints. The software combines the compact footprint of ThreadX RTOS with memory management and connectivity services, including NetX Duo IPv4/IPv6 and TLS Secure Sockets support.
The embedded security solution pictured above combines STM32U5 microcontroller hardware and Azure RTOS & IoT middleware software
Like the AWS solution, the STM32U5 IoT Discovery Kit is built around the STM32U5 microcontrollers and the STSAFE-A110 secure element integrated into these MCUs. The STSAFE-A110 Secure Element comes preloaded with IoT object credentials, simplifying secure connections between connected objects and the cloud.
IoT developers have long struggled to simplify manufacturing, security, and configuration, while facing trade-offs between security and IT complexity. They either rely on complex and expensive solutions, such as hardware security modules (HSMs) on their production lines, or implement simpler solutions with numerous security holes.
Co-created embedded solutions, such as those offered by ST in partnership with AWS and Azure, relieve IoT manufacturers of the historical burden of protecting confidential credentials during product manufacturing. These secure element-enabled solutions bring authentication schemes and personalization services to help connect objects to the cloud automatically and securely.
A cloud-compatible batch of chips is delivered to a manufacturing site, where a technician can register it with a smartphone. This is a welcome relief at a time when the edge-to-cloud link has become a major vulnerability in cyberattacks. This is mainly achieved through collaboration between embedded processor vendors such as ST and cloud service providers such as Azure and AWS.
