• State Not Answered
  • Replies 9 replies
  • Subscribers 73 subscribers
  • Views 10209 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 119701
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

use of ARM TrustZone on nrf52840 for secure storage/trusted region

pietrushnic

Hi all, I have need to create BLE device with ability to securely store private keys and change those. According to presentation from ARM with assistance of CryptoCell and key inside CPU I should be able to create trusted region on flash, which I assume I can use in similar way as secure storage.

Unfortunately there is no information about that in Nordic InfoCenter CryptoCell API say nothing about storing generated keys (or I miss something). Also I can't see detailed specification of CryptoCell-310 (ARM website say mostly about 300 and 312), how 310 is different ?

Are there any additional hardware requirements for my application to implement secure storage for private keys ?

Any information about possible CryptoCell use cases appreciated.

Parents
  • 0

    Cryptocell 310 is the predecessor of 312. If I'm not mistaken the big difference is that 312 is for Arm v8 architecture with a new AHB buss revision (ARM AMBA 5 AHB if I remember correctly). Unfortunately it is not the same as a secure storage elemenet as it is not protected agains decaping. But you can use the cryptocell for Rot of Trust by utilizing the ACL to protect the security keys from the application. Meaning only the cryptocell can access the keys so the application needs to use the cryptocell api's to use the keys. Note that we are working on a secure bootloader dfu example that uses rot of trust. But as pointed out by Roger Clark the cruptocell is a new module introduced on the nRF52840 so we need some time to implement it into our SDK properly and documented it. I'm sorry for the inconvenience. For now I'm afraid we only have the ARM test examples in the alpha SDK.

    Note that Cryptocell is only part of trustzone it is not the same thing as trustzone.

Reply
  • 0

    Cryptocell 310 is the predecessor of 312. If I'm not mistaken the big difference is that 312 is for Arm v8 architecture with a new AHB buss revision (ARM AMBA 5 AHB if I remember correctly). Unfortunately it is not the same as a secure storage elemenet as it is not protected agains decaping. But you can use the cryptocell for Rot of Trust by utilizing the ACL to protect the security keys from the application. Meaning only the cryptocell can access the keys so the application needs to use the cryptocell api's to use the keys. Note that we are working on a secure bootloader dfu example that uses rot of trust. But as pointed out by Roger Clark the cruptocell is a new module introduced on the nRF52840 so we need some time to implement it into our SDK properly and documented it. I'm sorry for the inconvenience. For now I'm afraid we only have the ARM test examples in the alpha SDK.

    Note that Cryptocell is only part of trustzone it is not the same thing as trustzone.

Children
No Data
Related
Terms of service