https://devzone.nordicsemi.com/f/nordic-q-a/101331/kmu-data-integrityHello, We are looking to utilize the KMU of the nRF5340 to store an identity key that will serve as the unique identifier of a device. If the identity key were to be manipulated in any way the device would lose its ability to authenticate and communicateen-USTelligent Community 13Thu, 06 Jul 2023 17:40:34 GMThttps://devzone.nordicsemi.com/thread/435075?ContentTypeID=1Thu, 06 Jul 2023 17:40:34 GMT137ad170-7792-4731-bb38-c0d22fbe4515:79675121-fdba-4eb3-ba32-51b4b80afdc1dejans<p>Hi,<br /><br />We do not have mechanisms for checking the integrity of stored keys on nrf5340.&nbsp;You could try to implement yourself some kind of checksum-like software on top of KMU for integrity checking. You could use identity key (IK) in some cypher where you would compare current (from potentially changed IK) output with the output obtained from known pre-stored IK value. If 2 results are the same, you could then still trust your identity key.<br /><br /></p> [quote user="bjohnsonpt"]<p><span style="font-weight:400;">In addition to cosmic radiation, read disturbance in NAND flash is another potential concern for identity key integrity, where repeated reads of surrounding areas of memory could potentially cause a nearby bit to flip.</span></p> <ul> <li style="font-weight:400;"><span style="font-weight:400;">Is there an available metric for expected read endurance, similar to the </span><a href="https://infocenter.nordicsemi.com/index.jsp?topic=%2Fps_nrf5340%2Fnvmc.html&amp;cp=4_0_0_6_20_8_0&amp;anchor=unique_2137273324"><span style="font-weight:400;">NVMC electrical characteristics table</span></a><span style="font-weight:400;"> for writes and erases?</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Mean time between failure?</span></li></ul>[/quote] <p>I am not aware of the existence of the metrics which you describe that are available in the documentation, but you could try to contact your regional sales manager who could potentially provide more information.<br /><br />Best regards,<br />Dejan</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/434803?ContentTypeID=1Wed, 05 Jul 2023 20:29:17 GMT137ad170-7792-4731-bb38-c0d22fbe4515:7112a8e1-74c2-4c3d-a539-074e3ed0d7cdbjohnsonpt<p><span style="font-weight:400;">Hello Dejan,&nbsp;</span></p> <p></p> <p><span style="font-weight:400;">To confirm, there is no form of error correction (e.g., hardware or software ECC) that covers data stored in the KMU. Is that right?</span><span style="font-weight:400;"><br /><br /></span></p> <p><span style="font-weight:400;">With the KMU being a subset of the UICR, we assume that the underlying storage medium is NAND flash. Is that correct?</span></p> <p></p> <p><span style="font-weight:400;">In addition to cosmic radiation, read disturbance in NAND flash is another potential concern for identity key integrity, where repeated reads of surrounding areas of memory could potentially cause a nearby bit to flip.</span></p> <ul> <li style="font-weight:400;"><span style="font-weight:400;">Is there an available metric for expected read endurance, similar to the </span><a href="https://infocenter.nordicsemi.com/index.jsp?topic=%2Fps_nrf5340%2Fnvmc.html&amp;cp=4_0_0_6_20_8_0&amp;anchor=unique_2137273324"><span style="font-weight:400;">NVMC electrical characteristics table</span></a><span style="font-weight:400;"> for writes and erases?</span></li> <li style="font-weight:400;"><span style="font-weight:400;">Mean time between failure?</span></li> </ul> <p></p> <p><span style="font-weight:400;">What would be the recommended way to recover from a bit flip in the identity key? Is there a way that does not require physical access to the device?</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/433985?ContentTypeID=1Fri, 30 Jun 2023 15:08:51 GMT137ad170-7792-4731-bb38-c0d22fbe4515:f3e0a57a-67f7-4437-9abb-9864c5eb1204dejans<p>Hi,<br /><br />It does not seem to be the way of ensuring that the keys stay unaffected (i.e. intact) after they have been exposed to radiation or cosmic rays.<br /><br />Best regards,<br />Dejan</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/433784?ContentTypeID=1Thu, 29 Jun 2023 19:17:18 GMT137ad170-7792-4731-bb38-c0d22fbe4515:8034124f-6872-45bd-9568-64b7d7812c6cbjohnsonpt<p>Hello Dejan,</p> <p></p> <p>Thanks for looking into that for me. Let me know if you need any more info</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/433775?ContentTypeID=1Thu, 29 Jun 2023 18:10:53 GMT137ad170-7792-4731-bb38-c0d22fbe4515:0f422f2c-71bc-47fe-8116-a2ace2dc65f4dejans<p>Hi,</p> [quote user=""]We are wondering if there are any processes or checks in place to ensure integrity of the stored identity key? We are not terribly concerned with malicious tampering via physical means, but rather we are concerned about bit flips due to cosmic rays or other radiation exposure and corruption due to flash degradation over time, even if only reads are performed on the key.&nbsp;[/quote] <p>I have asked internally. I will get back to you when I get more information regarding your concerns, probably tomorrow or during next week.<br /><br />Best regards,<br />Dejan</p><div style="clear:both;"></div>