Swiss firm ST Microelectronics is working with Amazon Web Services (AWS) to secure IoT connections to the cloud.

The semiconductor company has created an AWS FreeRTOS-qualified, TF-M-based reference implementation to connect easily and securely IoT devices to the AWS cloud.

“FreeRTOS, backed by our long-term support libraries, is the perfect platform for connecting resource-constrained devices to powerful cloud services,” said Dave Kranzler, general manager of IoT devices at AWS. “Working with STM to integrate industry-standard Arm open-source secure TF-M software and the STM32U5 MCU’s security features lets developers quickly build edge-to-cloud solutions that resist cyber threats.”

The jointly created combination comprises the STM32U5 low-power microcontrollers (MCUs), FreeRTOS open-source real-time operating system, and Arm trusted-firmware for embedded systems (TF-M). The reference implementation is realised on STM’s B-U585I-IOT02A discovery kit for IoT nodes with STM32U5 MCUs, which contains features including USB, wifi and Bluetooth Low Energy connectivity, as well as multiple sensors. The STSafe-A110 secure element support is being added and comes pre-loaded with IoT object credentials. It helps secure and simplify attachment between the connected objects and the AWS cloud.

“The superior security built into our STM32U5 MCUs supports the creation of trusted IoT devices to connect to the AWS cloud,” said Daniel Colonna, STM marketing director. “Our qualified reference platform represents a significant investment in software integration that saves development time and costs while simplifying compliance with PSA certified security guidelines.”

FreeRTOS comprises a kernel optimised for resource-constrained embedded systems and software libraries for connecting various types of IoT endpoints to the AWS cloud or other edge devices. AWS’s long-term support is maintained on FreeRTOS releases for two years, which provides developers with a stable platform for deploying and maintaining their IoT devices.

The Arm TF-M firmware simplifies protecting embedded systems, including services for secure boot, secure storage, cryptography and attestation, forming the basis of a trusted execution environment (TEE) on the device. Designed for Arm v8-M architectures, TF-M integrates readily with TrustZone on STM32U5 MCUs, which use the Arm Cortex-M33 core.

The STM32U5 MCUs target IoT-edge applications, featuring the 160MHz Cortex-M33 core with Arm TrustZone technology and Armv8-M mainline security extension, up to 2Mbyte on-chip flash, and power-saving features. With hardware cryptographic accelerators, secure firmware installation and update, and enhanced resistance to physical attacks, the MCUs have achieved PSA-certified level-three and SESIP 3 certifications. Also, the energy-saving design simplifies powering the application and extends battery lifetime in remote applications. Highlights include three stop modes that increase opportunities to operate at the lowest possible power and STM’s batch-acquisition mode that captures peripheral data even while the core is powered down.

The STSafe-A110 EAL5+ certified secure element brings an authentication scheme and personalisation service that allow an automated and secured attachment of connected objects to the AWS cloud. It safely relieves the historical burden on IoT-device makers to protect secret credentials during product manufacture.

STM plans to release a version of the reference implementation based on STM32Cube tools and software later this year, which should simplify IoT design leveraging seamless integration with the rest of the STM32 ecosystem.