STMicroelectronics and AWS collaborate for secure IoT connections

STMicroelectronics, a global semiconductor provider, has created a new AWS FreeRTOS-qualified, TF-M-based reference implementation, working in conjunction with Amazon Web Services (AWS), an ST authorized partner, to easily and securely connect Internet-of-things (IoT) devices to the AWS cloud.

“FreeRTOS, backed by our long-term support libraries, is the perfect platform for connecting resource-constrained devices to powerful cloud services,” said Dave Kranzler, GM, IoT Devices, AWS. “Working with ST to integrate industry-standard Arm open-source secure TF-M software and the STM32U5 MCU’s security features lets developers quickly build edge-to-cloud solutions that resist cyber threats.”

The jointly created solution combines ST’s STM32U5 ultra-low-power microcontrollers (MCUs), FreeRTOS open-source real-time operating system, and Arm trusted-firmware for embedded systems (TF-M). The reference implementation is realized on ST’s B-U585I-IOT02A discovery kit for IoT nodes with STM32U5 MCUs, which contains rich features, including USB, Wi-Fi, and Bluetooth Low Energy connectivity, as well as multiple sensors.

The STSAFE-A110 secure element support is being added and comes pre-loaded with IoT object credentials. It helps secure and simplifies attachment between the connected objects and the AWS cloud.

“The superior security built into our STM32U5 MCUs supports the creation of trusted IoT devices to connect to the AWS cloud,” said Daniel Colonna, marketing director, Microcontroller Division, STMicroelectronics. “Our qualified reference platform represents a significant investment in software integration that saves development time and costs while simplifying compliance with PSA Certified security guidelines.”

FreeRTOS comprises a kernel optimized for resource-constrained embedded systems and software libraries for connecting various types of IoT endpoints to the AWS cloud or other edge devices. AWS’s long-term support (LTS) is maintained on FreeRTOS releases for two years, which provides developers with a stable platform for deploying and maintaining their IoT devices.

The Arm TF-M firmware simplifies protecting embedded systems, including services for secure boot, secure storage, cryptography, and attestation, forming the basis of a trusted execution environment (TEE) on the device. Designed for Arm v8-M architectures, TF-M integrates readily with TrustZone on ST’s STM32U5 MCUs, which feature the Arm Cortex-M33 core.

ST’s STM32U5 MCUs target demanding IoT-edge applications, featuring the advanced 160MHz Cortex-M33 core with Arm TrustZone technology and Armv8-M mainline security extension, up to 2Mbytes on-chip Flash, and extreme power-saving features. With hardware cryptographic accelerators, secure firmware installation and update, and enhanced resistance to physical attacks, the MCUs have achieved PSA Certified Level-3 and SESIP 3 certifications.

Also, their extreme energy-saving design simplifies powering the application and extends battery lifetime in remote applications. Highlights include three different stop modes that maximize opportunities to operate at the lowest possible power and ST’s batch-acquisition mode that captures peripheral data even while the core is powered down.

The STSAFE-A110 EAL5+ certified secure element brings an authentication scheme and personalization service that allow an automated and secured attachment of connected objects to the AWS cloud. It safely relieves the historical burden on IoT-device makers to protect secret credentials during product manufacture.

ST will release a version of the reference implementation based on STM32Cube tools and software in Q3 this year, which will further simplify IoT design leveraging seamless integration with the rest of the STM32 ecosystem.