https://devzone.nordicsemi.com/f/nordic-q-a/103939/nrf-anticloning-methodsHello, I&#39;m wondering how you tackle the issues for manufacturing companies to prevent overproduction or firmware modification to remove anticloning features of the firmware. For the nRF91 and others, you have an immutable bootloader, which imposes aen-USTelligent Community 13Wed, 20 Sep 2023 12:30:09 GMThttps://devzone.nordicsemi.com/thread/446875?ContentTypeID=1Wed, 20 Sep 2023 12:30:09 GMT137ad170-7792-4731-bb38-c0d22fbe4515:908ec998-3946-472f-ab83-cfea85c73238Einar Thorsrud<p>Hi,</p> [quote user=""]Do the nRF91 and nRF52 series have some kind of firmware verification feature such as only signed immutable bootloaders are booted? So the integrity of the immutable bootloader is verified?[/quote] <p>In the nRF52, nRF53 and nRF91 root of thrust is established by the immutable bootloader (in nRF53 and nRF91 there is also the use of the KMU but that is details in this regard). See <a href="https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/an-introduction-to-trusted-firmware-m-t-m">An Introduction to Trusted Firmware-M (TF-M)</a>&nbsp;for an introduction to this. These devices to not have a hardware root of trust. This&nbsp;will improve&nbsp;in&nbsp;coming products, but I cannot discuss non-public devices. I suggest you contact your Nordic regional sales manager about new features in new products.</p> [quote user=""]Do you provide services to pre-flash your chips and lock them so the manufacturer does not have access to the immutable firmware?[/quote] <p>We do not normally provide programming services, but I suggest you ask sales about that. Ignoring that, it is possible to protect the content of the flash from being read back using the Access port protection mechanism. So if the devices are programmed beforehand and that is enabled, the connect cannot be read back at a later stage (including on the manufacturing line). Note that it will also not be possible to write anything via SWD after this point. See <a href="https://infocenter.nordicsemi.com/topic/ps_nrf5340/ctrl-ap.html?cp=4_0_0_7_9">CTRL-AP</a>&nbsp;for details.</p> [quote user=""]Do you have any suggestions on how to go around this problem?[/quote] <p>If the devices are used together with something cloud connected, you can typically&nbsp;use that to validate the identity of a device. And if&nbsp;someone have been able to clone the device identity it may be possible to detect that on the cloud side during onboarding for instance. There are also approaches that can be used like generating identity keys on the device and never making those accessible from the outside world (this is possible with the nF5340 and nRF91 where symmetrical keys kan be stored in the KMU with&nbsp;permissions&nbsp;preventing them from being read out). I suggest having a look at the <a href="https://devzone.nordicsemi.com/nordic/nordic-blog/b/blog/posts/securing-iot-products-with-psa-certified-apis">Securing IoT products with PSA Certified APIs</a>&nbsp;blog post, as well as the <a href="https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.4.2/nrf/samples/tfm/tfm_psa_template/README.html">TF-M: PSA template</a> and accompanying <a href="https://developer.nordicsemi.com/nRF_Connect_SDK/doc/2.4.2/nrf/samples/tfm/provisioning_image/README.html">TF-M: Provisioning image</a>.</p><div style="clear:both;"></div>