Case Study | ST Microelectronics

Security for Mass Market IoT Devices

As the growing number of IoT devices leads to more security concerns, PSA Certified lets STMicroelectronics build on a secure and independently validated foundation, to deliver peace of mind to its customers and support innovation across industries.

STMicroelectronics, one of the world’s largest semiconductor companies and a leading integrated device manufacturer, has certified three product series with PSA Certified. The STM32L4 is an ultra-low-power MCU based on the Arm Cortex-M4 processor for high performance and security via STMicroelectronics’s firewall implementation. The STM32L5 MCU series is based on the Arm Cortex-M33 processor with Arm TrustZone and is aimed at IoT devices in the medical, industrial, and consumer fields. The STM32U5 series harnesses the security features of the Arm Cortex-M33 with TrustZone, combined with STMicroelectronics security implementations, to provide a new optimal balance between performance, power, and security.

PSA Certified Level 3 introduces logical and physical security certification to bring more recognition and adoption for the secure general-purpose MCU IoT market. The PSA Certified program enables the STM32U585, and the previously certified STM32 platforms, to be recognized as trusted secure micro-controllers to aid design-in and development of IoT devices. STM32 and PSA Certified are part of the STM32Trust security framework launched in 2018 to support STMicroelectronics customers in a comprehensive security approach.
Christophe Mani, STM32 Ecosystem Security Marketing Manager, STMicroelectronics

IoT Devices Consumer Trust

“Although there are several security certification processes available, PSA Certified is the only one that goes right to the heart of the device, to the operating system and the silicon itself,” explains Christophe Mani, STM32 ecosystem security marketing manager at ST. “It validates that the hardware implementation and OS have robust security in place and that the platform is secure.” PSA Certified also provides ST and its customers' security standards that help ensure the interoperability of IoT products across mass markets, a key requirement for device manufacturers looking to integrate multiple technologies and reduce complexity. “With the IoT expanding to include devices in more categories, such as healthcare and household products, companies must be able to create IoT devices that consumers trust,” Mani says. “PSA Certified shows that the ST solution is secure and easy to implement. Device manufacturers can offer consumer products that are less impacted by price and can innovate quickly without the heavy burden of specialized engineering expertise.” Many ST customers lack security expertise and would prefer to focus on their application design and development where they have a competitive edge. For them, additional security means a larger development and production process that can quickly drive up costs. We have to take a mass-market approach to security with shared information and standards so that all of our customers, right down to the sole proprietor in his or her garage, can make a device that is secure and meets local regulations at a price point the market can tolerate.” Mani says. “PSA Certified offers that support and assurance."

STM32U585 TF-M



Worldwide IoT Security

ST believes that the PSA Certified label can help companies worldwide bolster the security of their IoT devices. To push this message with their own customers and retain a competitive edge, back in 2020, ST was the first-ever partner to achieve PSA Certified Level 2 for their STM32L5 family of MCUs. They have also achieved PSA Certified Level 3 for their new STM32U585 series based on TF-M Open Source. “PSA Certified brings everything together and gives the IoT mass market a reference package for security,” Mani explains. “We can deliver a known level of security to our customers and as attempted hacks and security breaches become more prevalent, this, in turn, helps our customers build more secure devices.”

The STMicroelectronics team celebrate their PSA Certified Level 3 achievement

Demonstrate Your Security Credentials to Your Customers

PSA Certified is a global partnership providing a security framework and independent evaluation that demonstrates your commitment to security. We offer a real solution to the business and cybersecurity challenges to build trust in the IoT and help you to deliver confidence to your customers.

Next Steps

Join the fastest growing security ecosystem, all aligned on a common foundation that builds trust in the Internet of Things.

Share this page

The PSA Certified name, PSA Certified logos, PSA Functional API Certified logo featured on this website are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. Other brands and names mentioned on this website may be the trademarks of their respective owners.

Copyright © 2021 Arm Limited (or its affiliates). All rights reserved.

Sign Up to Receive the Latest from PSA Certified