EYE on NPI: STSAFE chip collection from ST #CyberSecurity #Security #EyeOnNPI @digikey

This week’s EYE ON NPI (video) takes a closer look at security! The STSAFE chip collection from ST is a super easy and inexpensive way to add hardened security to your project – giving you a lot of flexibility when deciding on core chipsets.

Why is a separate chip important? Microcontrollers often store their code in flash memory, so even if you hard-code authentication keys in flash or EEPROM, it can be read out by dumping the firmware. Yes, even if you have a chip that has firmware-readback turned off, it’s possible to trick chips into revealing their secrets! As hackers ourselves, we’ve seen novel and effective techniques for unlocking microcontroller firmware that would normally be in State-actor’s toolkits available at hobbyist costs. Techniques like epoxy-removal and pinpoint UV erasing, power glitching, bootloader buffer overflows, key brute-force guessing, decompilation, power-usage instruction tracking can be used to disable or circumvent firmware protection fuses.

In addition, many products are now embedded Linux computers running a plain filesystem with executables that cannot be secured.  So, given that your microcontroller memory should not be considered a secure storage,  you may want to consider using a secure element chip. These chips are designed to withstand many attacks and can be programmed with the private key at your factory. Then, the secrets never leave the secure chip. Instead of having a private key sit in microcontroller memory where it could be read out, data that needs to be authenticated or encrypted is sent back and forth through I2C. It’s a little extra BoM cost but is a nice way to keep the secrets in a lock-box.

We’ve seen these chips used for a variety of purposes – TLS handshake speed-up, firmware verification, device authentication, message signing and authentication, and of course secure-channel establishment. We teamed up with Digi-Key to make a video series to cover IoT security – best practices and techniques – which also covers secure chips so if you want a deep dive into IoT security check out this guide and video!

When sourcing a security chip, you want a trustworthy supplier who takes security seriously – the chips are not expensive, but you want to make sure the supply chain is accounted for. ST is a well known semiconductor company that we’d recommend and trust for any of our uses!

The STSAFE-A100 is a highly secure solution that acts as a secure element providing authentication and data management services to a local or remote host. It consists of a full turnkey solution with a secure operating system running on the latest generation of secure microcontrollers.
The STSAFE-A100 can be integrated in IoT (Internet of things) devices, smart-home, smart-city and industrial applications, consumer electronics devices, consumables and accessories.

If you want to get started with the STSAFE, you can pick up this handy board, it is Arduino-header compatible. You can plug it into an ST Nucleo dev board. In particular, the STM32L476RG is used for the X-CUBE example firmware so we recommend picking up a NUCLEO-L476RG as well.

The ST dev boards are really affordable and come with a built-in debug/programming chipset for quick setup. Development is done in ST’s IDE setup, if you’ve never used it before, please check out Shawn Hymel’s excellent video series that takes you step by step through setting up to use STM32Cube IDE.


Adafruit publishes a wide range of writing and video content, including interviews and reporting on the maker market and the wider technology world. Our standards page is intended as a guide to best practices that Adafruit uses, as well as an outline of the ethical standards Adafruit aspires to. While Adafruit is not an independent journalistic institution, Adafruit strives to be a fair, informative, and positive voice within the community – check it out here: adafruit.com/editorialstandards

Join Adafruit on Mastodon

Adafruit is on Mastodon, join in! adafruit.com/mastodon

Stop breadboarding and soldering – start making immediately! Adafruit’s Circuit Playground is jam-packed with LEDs, sensors, buttons, alligator clip pads and more. Build projects with Circuit Playground in a few minutes with the drag-and-drop MakeCode programming site, learn computer science using the CS Discoveries class on code.org, jump into CircuitPython to learn Python and hardware together, TinyGO, or even use the Arduino IDE. Circuit Playground Express is the newest and best Circuit Playground board, with support for CircuitPython, MakeCode, and Arduino. It has a powerful processor, 10 NeoPixels, mini speaker, InfraRed receive and transmit, two buttons, a switch, 14 alligator clip pads, and lots of sensors: capacitive touch, IR proximity, temperature, light, motion and sound. A whole wide world of electronics and coding is waiting for you, and it fits in the palm of your hand.

Have an amazing project to share? The Electronics Show and Tell is every Wednesday at 7pm ET! To join, head over to YouTube and check out the show’s live chat – we’ll post the link there.

Join us every Wednesday night at 8pm ET for Ask an Engineer!

Join over 36,000+ makers on Adafruit’s Discord channels and be part of the community! http://adafru.it/discord

CircuitPython – The easiest way to program microcontrollers – CircuitPython.org

Maker Business — “Packaging” chips in the US

Wearables — Enclosures help fight body humidity in costumes

Electronics — Transformers: More than meets the eye!

Python for Microcontrollers — Python on Microcontrollers Newsletter: Silicon Labs introduces CircuitPython support, and more! #CircuitPython #Python #micropython @ThePSF @Raspberry_Pi

Adafruit IoT Monthly — Guardian Robot, Weather-wise Umbrella Stand, and more!

Microsoft MakeCode — MakeCode Thank You!

EYE on NPI — Maxim’s Himalaya uSLIC Step-Down Power Module #EyeOnNPI @maximintegrated @digikey

New Products – Adafruit Industries – Makers, hackers, artists, designers and engineers! — #NewProds 7/19/23 Feat. Adafruit Matrix Portal S3 CircuitPython Powered Internet Display!

Get the only spam-free daily newsletter about wearables, running a "maker business", electronic tips and more! Subscribe at AdafruitDaily.com !

No Comments

No comments yet.

Sorry, the comment form is closed at this time.