Matter : DAC private key protection

Hi,

We've been developing a Matter product and using the default factory data integration as outlined here: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/matter/nrfconnect_factory_data_configuration.html

However, this stores the DAC private key in plaintext on the flash for as far as I can see.

The documentation states

"The private key associated with the Device Attestation Certificate (DAC). This key should be encrypted and maximum security should be guaranteed while generating and providing it to factory data."

which I assume is about how it gets put into factory data in production, but are there any guidelines wrt the protection of this key on the device itself? Encryption? Readback protection? What are the options here?

Kind regards and thanks,

-Alex

Parents

0 Amanda Hsieh over 1 year ago

Hi Alex,

In general the Matter Attestation process is described both in the Matter Core specification and in our documentation: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/protocols/matter/end_product/attestation.html

The cryptographic procedure is described in this section: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/nrf/protocols/matter/end_product/attestation.html#device-attestation-procedure

DAC Private Key is used to verify that we are a truth owner of DAC certificate - and it is done according to the Device Attestation Procedure mentioned above. In factory data module, indeed that DAC Private Key is stored in raw format. You may change this behaviour by modifying/overwriting certain methods: https://developer.nordicsemi.com/nRF_Connect_SDK/doc/latest/matter/nrfconnect_factory_data_configuration.html#using-own-factory-data-implementation
For example this one:CHIP_ERROR SignWithDeviceAttestationKey(const ByteSpan & messageToSign, MutableByteSpan & outSignBuffer) override;

Regards,
Amanda H.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 abollaert over 1 year ago in reply to Amanda Hsieh

Hi, thanks for replying.

So you basically need to supply your own factory data implementation if you want to do this (possibly using cryptocell). An alternative would be to have some form of readback protection, is this possible?

Kind regards and thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 abollaert over 1 year ago in reply to Amanda Hsieh

Hi, thanks for replying.

So you basically need to supply your own factory data implementation if you want to do this (possibly using cryptocell). An alternative would be to have some form of readback protection, is this possible?

Kind regards and thanks
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Amanda Hsieh over 1 year ago in reply to abollaert

Hi,

For the nRF Connect platform, the factory data is stored by default in a separate partition of the internal flash memory. This helps to keep the factory data secure by applying hardware write protection.

Note: Due to hardware limitations, in the nRF Connect platform, protection against writing can be applied only to the internal memory partition. The Fprotect is the hardware flash protection driver, and we used it to ensure write protection of the factory data partition in internal flash memory.

-Amanda H.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel