use of ARM TrustZone on nrf52840 for secure storage/trusted region

RE: use of ARM TrustZone on nrf52840 for secure storage/trusted region

run_ar — Thu, 16 Feb 2017 08:24:43 GMT

Cryptocell 310 is the predecessor of 312. If I'm not mistaken the big difference is that 312 is for Arm v8 architecture with a new AHB buss revision (ARM AMBA 5 AHB if I remember correctly). Unfortunately it is not the same as a secure storage elemenet as it is not protected agains decaping. But you can use the cryptocell for Rot of Trust by utilizing the ACL to protect the security keys from the application. Meaning only the cryptocell can access the keys so the application needs to use the cryptocell api's to use the keys. Note that we are working on a secure bootloader dfu example that uses rot of trust. But as pointed out by Roger Clark the cruptocell is a new module introduced on the nRF52840 so we need some time to implement it into our SDK properly and documented it. I'm sorry for the inconvenience. For now I'm afraid we only have the ARM test examples in the alpha SDK.

Note that Cryptocell is only part of trustzone it is not the same thing as trustzone.

RE: use of ARM TrustZone on nrf52840 for secure storage/trusted region

Roger Clark — Wed, 15 Feb 2017 20:07:59 GMT

Interesting...

I presume that the lack of information on how to use this, is because this feature is only in the 840, and the SDK is only at Alpha.

RE: use of ARM TrustZone on nrf52840 for secure storage/trusted region

pietrushnic — Wed, 15 Feb 2017 10:29:30 GMT

www.nordicsemi.com/.../ARM-CryptoCell-310

RE: use of ARM TrustZone on nrf52840 for secure storage/trusted region

Roger Clark — Wed, 15 Feb 2017 01:47:23 GMT

BTW.

If this feature within the ARM part of the MCU ? or and external IC

Is it definitely implemented in the nRF52? IC manufacturers have a huge degree of flexibiliy about which parts of the ARM infrastructure they use.

About all that is common between various ARM MCU's is the core processor instruction set

RE: use of ARM TrustZone on nrf52840 for secure storage/trusted region

Roger Clark — Wed, 15 Feb 2017 01:44:57 GMT

LOL

You (or I) can edit the answer but I don't think you can remove it

RE: use of ARM TrustZone on nrf52840 for secure storage/trusted region

pietrushnic — Wed, 15 Feb 2017 00:28:47 GMT

@Roger sorry this was misclick. Not sure how to revert that ? I will try to replace link to ARM page with direct link to PDF.

RE: use of ARM TrustZone on nrf52840 for secure storage/trusted region

Roger Clark — Wed, 15 Feb 2017 00:00:15 GMT

Umm.

I get

403 - Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.

Edit.

Tried it in FF and Chrome

Perhaps these pages are not accessible in my geo zone (Australia), or the new anti piracy blocking system enforced by the Australian Government prevents me viewing them

Edit.

Google finds

www.google.com.au/url

But I would need an ARM account to view that link

RE: use of ARM TrustZone on nrf52840 for secure storage/trusted region

endnode — Tue, 14 Feb 2017 23:40:03 GMT

Interesting, it works well for me (PDF downloaded from public internet zone).

RE: use of ARM TrustZone on nrf52840 for secure storage/trusted region

Roger Clark — Tue, 14 Feb 2017 23:38:17 GMT

The link you posted is not publicly accessible