This repository provides a complete MQTT-over-TLS reference for the STM32N6570-DK paired with the ST67W611M1.
It is built for a repeatable bring-up workflow: flash, provision, validate, and then move to source-level build/debug in STM32CubeIDE. Validated broker flows in this repository are AWS IoT Core and Mosquitto.
This firmware leverages the STM32N6570's advanced cryptographic hardware accelerators to enhance security performance:
| Accelerator | Feature | Use Case |
|---|---|---|
| RNG | Hardware Random Number Generator | Secure key generation, TLS nonce/IV generation |
| HASH | SHA256 hardware hashing | Certificate validation, MQTT message integrity |
| AES | AES-128/256 encryption/decryption | TLS symmetric encryption, symmetric key operations |
| PKA | Public Key Accelerator | TLS handshake (ECDSA), certificate-based authentication |
These accelerators are enabled by default in MbedTLS via hardware abstraction interfaces (aes_alt, sha256_alt, rng_alt, ecp_alt) and are automatically used during TLS handshakes and cryptographic operations. This results in:
- ✅ Faster TLS handshakes (PKA acceleration for elliptic curve operations)
- ✅ Reduced CPU load during encryption/decryption
- ✅ Lower power consumption for IoT deployments
- ✅ Improved throughput for secure MQTT communication
Configuration details: See CRYPTO_ACCELERATORS.md and Appli/Core/Inc/mbedtls_config_hw.h.
- Hardware:
- STM32N6570-DK (with integrated cryptographic accelerators)
- ST67W611M1 (T02 mission profile, Wi-Fi 6)
- Security:
- Hardware-accelerated cryptography (RNG, SHA256, AES, PKA)
- MbedTLS 3.1.1 with hardware abstraction layer
- PKCS#11-based key and certificate management
- Secure provisioning workflows
- Application demos:
- LED control over MQTT
- Button event reporting over MQTT
- Provisioning targets:
- AWS IoT Core
- Mosquitto
- STM32CubeProgrammer (required for flashing)
- STM32CubeIDE (required for build/debug from source)
- STM32CubeMX (required for project regeneration)
If you use AWS IoT Core:
- Clone with submodules:
git clone https://github.com/SlimJallouli/stm32n6570_dk_w6x_iot_reference.git --recurse-submodules
- Update ST67 to T02 mission profile using
NCP_update_mission_profile_t02: - Move to the scripts directory:
cd bin
- Edit broker and Wi-Fi settings in
config.json - Run:
.\run_all.ps1
- Open serial logs and validate LED/Button MQTT behavior.
For full scripted flashing/provisioning details, see bin/readme.md.
The Appli project in STM32CubeIDE comes with two build configurations, allowing you to choose between hardware-accelerated and software-only cryptography:
| Configuration | Crypto Implementation | Performance | Use Case |
|---|---|---|---|
| HW_Crypto (default) | Hardware accelerators (RNG, SHA256, AES, PKA) | ⚡ Fast, low CPU/power | Production, performance-critical deployments |
| SW_Crypto | Pure software implementation (mbedTLS standard) | Standard | Development, testing, validation without hardware features |
Switching configurations:
- In STM32CubeIDE: Right-click
Appli→ Build Configurations → Set Active - Or use the configuration dropdown in the toolbar
- Rebuild the project (Project → Clean / Build)
Both configurations use identical MQTT/FreeRTOS/LwIP stacks and are binary-compatible for provisioning workflows—only the crypto backend differs.
flowchart TD
A[StartDefaultTask] --> B[Task_CLI]
A --> C[KVStore_init]
A --> D[net_main - ST67]
A --> E[vMQTTAgentTask]
E --> F[vLEDTask]
E --> G[vButtonTask]
| Topic | File |
|---|---|
| Architecture and middleware | docs/architecture.md |
| Software components | docs/software_components.md |
| Securing the application | docs/securing_the_application.md |
| Flash and RAM memory layout | docs/memory_layout.md |
| Hardware crypto accelerators | Appli/Core/Src/crypto/CRYPTO_ACCELERATORS.md |
| Build, debug, and flash | docs/debug.md |
| Scripted flash/provision flow | bin/readme.md |
| MQTT topic/data model | docs/mqtt_data_model.md |
| AWS provisioning | docs/provisioning_aws.md |
| Mosquitto provisioning | docs/provisioning_mosquitto.md |
| Repository structure | docs/repo_structure.md |
| Troubleshooting | docs/troubleshooting.md |
- Button app: Appli/Common/app/button/readme.md
- LED app: Appli/Common/app/led/readme.md
- CLI: Appli/Common/cli/ReadMe.md
- Crypto: Appli/Common/crypto/ReadMe.md
- KVStore: Appli/Common/kvstore/ReadMe.md
- corePKCS11: https://github.com/FreeRTOS/corePKCS11
- LittleFS: https://github.com/littlefs-project/littlefs
- Import both projects into STM32CubeIDE:
FSBLAppli
- Build and debug/flash details: