STMicroelectronics signing embedded design pacts with Amazon Web Services (AWS) and Microsoft Azure is the latest episode in the semiconductor industry’s push toward securely connecting Internet of Things (IoT) devices to the cloud. A reference platform built around its STM32U5 microcontrollers and STSAFE-A110 secure element incorporated in these MCUs works in conjunction with AWS and Azure platforms to facilitate secure cloud connections for resource-constrained IoT devices.
This reference implementation qualifies for the AWS FreeRTOS as well as Microsoft Azure RTOS & IoT Middleware software platforms. Furthermore, it’s certified to work with the Arm trusted-firmware for embedded systems (TF-M) services for embedded systems. This software integration saves development time and costs, and it simplifies compliance with PSA Certified security guidelines.
Take the case of the reference implementation for the AWS platforms realized on ST’s B-U585I-IOT02A discovery kit for IoT nodes built around the company’s STM32U5 microcontrollers. Here, FreeRTOS, which provides software libraries to connect various IoT endpoints to the AWS cloud or other edge devices, features a kernel optimized for resource-constrained embedded systems. Moreover, AWS’s long-term support (LTS), maintained on FreeRTOS releases for two years, ensures that developers have a stable platform for deploying and maintaining their IoT devices.
Figure 1 Besides STM32U5 microcontroller, the reference implementation includes USB, Wi-Fi, Bluetooth Low Energy connectivity and multiple sensors. Source: STMicroelectronics
The next building block in the fortification of IoT designs—Arm trusted-firmware for embedded systems (TF-M)—offers secure boot, secure storage, cryptography, and attestation services to form the basis of a trusted execution environment (TEE) on the device. The Arm TF-M firmware, designed for Arm v8-M architectures, readily integrates TrustZone capability on MCUs based on the Arm Cortex-M33 core.
Similar pact with Microsoft Azure
STMicro has announced a similar secure cloud connectivity arrangement with Microsoft’s Azure IoT platform. Besides the Arm TF-M support, the reference implementation features Microsoft Azure RTOS, a middleware package optimized for resource-constrained IoT edge devices and endpoints. The software combines the compact footprint of the ThreadX RTOS with memory management and connectivity services, including NetX Duo IPv4/IPv6 and TLS secure socket support.
Figure 2 The embedded security solution combines STM32U5 microcontroller hardware and Azure RTOS & IoT Middleware software. Source: STMicroelectronics
Like the AWS solution, the STM32U5 IoT discovery kit is built around the STM32U5 microcontrollers and STSAFE-A110 secure element incorporated into these MCUs. The STSAFE-A110 secure element comes pre-loaded with IoT object credentials, and that simplifies securing connections between the connected objects and the cloud.
The IoT developers have long struggled to simplify manufacturing, security, and provisioning while confronting trade-offs between security and IT complexity. They could either rely on complex and expensive solutions like hardware security modules (HSM) on their manufacturing lines or implement simpler solutions with substantial security flaws.
The jointly created embedded solutions like the ones ST is offering in collaboration with AWS and Azure relieve IoT makers from the historical burden of protecting secret credentials during product manufacture. These security element-enabled solutions bring an authentication scheme and personalization service that facilitate an automated and secured attachment of connected objects to the cloud.
The cloud-compatible batch of chips is delivered to the manufacturing location, where a technician can register them using a smartphone. At a time when edge-to-cloud links have become a major vulnerability for cyberattacks, it’s a welcome relief. And it’s made possible mainly through the collaboration between embedded processor suppliers like ST and cloud service providers such as Azure and AWS.
Majeed Ahmad, editor-in-chief of EDN and Planet Analog, has covered the electronics design industry for more than two decades.