Security for Mass Market IoT Devices

Case Study | STMicroelectronics

Skip to content

STMicroelectronics, one of the world’s largest semiconductor companies and a leading integrated device manufacturer, has certified many different product series with PSA Certified. Their certifications include:

PSA Certified Level 3 introduces logical and physical security certification to bring more recognition and adoption for the secure general-purpose MCU IoT market. The PSA Certified program enables the STM32U585, and the previously certified STM32 platforms, to be recognized as trusted secure micro-controllers to aid design-in and development of IoT devices. STM32 and PSA Certified are part of the STM32Trust security framework launched in 2018 to support STMicroelectronics customers in a comprehensive security approach.

Christophe Mani, STM32 Ecosystem Security Marketing Manager, STMicroelectronics

IoT Devices Need Consumer Trust

“Although there are several security certification processes available, PSA Certified is the only one that goes right to the heart of the device, to the operating system and the silicon itself,” explains Christophe Mani, STM32 ecosystem security marketing manager at ST. “It validates that the hardware implementation and OS have robust security in place and that the platform is secure.” PSA Certified also provides ST and its customers’ security standards that help ensure the interoperability of IoT products across mass markets, a key requirement for device manufacturers looking to integrate multiple technologies and reduce complexity. “With the IoT expanding to include devices in more categories, such as healthcare and household products, companies must be able to create IoT devices that consumers trust,” Mani says. “PSA Certified shows that the ST solution is secure and easy to implement. Device manufacturers can offer consumer products that are less impacted by price and can innovate quickly without the heavy burden of specialized engineering expertise.” Many ST customers lack security expertise and would prefer to focus on their application design and development where they have a competitive edge. For them, additional security means a larger development and production process that can quickly drive up costs. We have to take a mass-market approach to security with shared information and standards so that all of our customers, right down to the sole proprietor in his or her garage, can make a device that is secure and meets local regulations at a price point the market can tolerate.” Mani says. “PSA Certified offers that support and assurance.”

Worldwide IoT Security

ST believes that the PSA Certified label can help companies worldwide bolster the security of their IoT devices. To push this message with their own customers and retain a competitive edge, back in 2020, ST was the first-ever partner to achieve PSA Certified Level 2 for their STM32L5 family of MCUs. They have also achieved PSA Certified Level 3 for their new STM32U585 series based on TF-M Open Source. “PSA Certified brings everything together and gives the IoT mass market a reference package for security,” Mani explains. “We can deliver a known level of security to our customers and as attempted hacks and security breaches become more prevalent, this, in turn, helps our customers build more secure devices.”