Building a secure firmware stack for a field-deployed embedded device in critical infrastructure is harder than any whiteboard diagram suggests and the consequences of getting it wrong are real.
In this talk, I'll walk through a complete, production-grade security implementation aligned with SESIP on the STM32H5 from the ground up: starting with Option Bytes (RDP, TZEN) before a single line of firmware runs, generating authentication and encryption private/public key pairs, building a cryptographic identity using root CA to leaf certificate chains, signing bootloaders with STM32TrustedPackageCreator, and injecting device identity via Segger DevPro.
Then we go deeper: anchoring the chain of trust with STiROT, enforcing secure boot, hardening firmware upgrades, and finally locking down the JTAG debug interface against physical attackers using certificate-based authentication.
You'll leave with a concrete, end-to-end blueprint you can apply to your own Cortex-M devices just not theory, but the exact sequence a production deployment demand.