Hardware-backed cryptographic module for Linux-based SDV platforms.
STM32L552ZE-Q Nucleo as HSM peripheral over USB to Raspberry Pi. Full V-model — requirements, architecture, implementation, verification. Rust throughout.
Built as a reference implementation for Eclipse SCORE's Security & Cryptography feature
(experimental_security_crypto), which has 43 defined requirements and no implementation.
Raspberry Pi (HPC proxy) STM32L552ZE-Q Nucleo (HSM)
┌─────────────────────────┐ ┌────────────────────────────┐
│ host/ Rust library │ │ firmware/ Embassy Rust │
│ ┌─────────────────┐ │ │ ┌──────────────────────┐ │
│ │ Hardware backend│◄──┼── USB CDC ──┼─►│ NS: USB gateway │ │
│ ├─────────────────┤ │ │ ├──────────────────────┤ │
│ │ SW fallback │ │ │ │ S: AES/PKA/HASH │ │
│ │ (rustcrypto) │ │ │ │ RNG / Key store │ │
│ └─────────────────┘ │ │ └──────────────────────┘ │
│ Common API │ │ TrustZone boundary │
└─────────────────────────┘ └────────────────────────────┘
Key principle: key material never leaves the L55. Only opaque handles cross the USB boundary.
| Component | Role |
|---|---|
| STM32L552ZE-Q NUCLEO-L552ZE-Q | HSM — Cortex-M33 TrustZone, HW AES/PKA/HASH/RNG |
| Raspberry Pi (USB host) | HPC proxy — runs host library |
| USB-A to Micro-USB | Power + data — single cable |
firmware/ — STM32L552 Embassy Rust firmware (HSM device)
host/ — Raspberry Pi Rust library (hardware + software backends)
docs/ — V-model artifacts (requirements, architecture, plans, safety)
| Category | Count | Coverage |
|---|---|---|
| Unit tests (host) | 54 | Safety, transport, crypto, mock backend |
| Integration tests (ITP) | 58 | TSR-TIG, NMG, SMG, RLG, SSG, IVG, CG |
| Qualification tests (QTE) | 57 | All 16 FSRs (FSR-01 through FSR-16) |
| Feature tests | 104 | SW backend, session, update, activation, onboard comm, certs, constant-time |
| Doc-tests | 1 | API examples |
| Total | 274 |
# Run all tests
cargo test --workspace --features "mock,certs"
# Clippy
cargo clippy --workspace --all-targets --features "mock,certs" -- -D warningsPhases 0–9 complete. Phase 10 evidence collection complete — 274 tests passing, CI green, docs updated. HIL hardware verification (4 tests on Pi + Nucleo) pending.
Apache-2.0 — see LICENSE.