Cybersecurity features for NRF52 chips

(oh lord, CS buzzword;)

Hi,

1. Yes, read about that in the product specification.
2. Yes, see the link above and this.
3. What do you mean by that? Neither nRF52832 nor nRF52840 has any HW security feature to protect tempering with the processor/memory/inputs during the run-time so how you would achieve any security during the boot? The only thing you could use is ARM CryptoCell features for HW accelerated crypto in nRF52840 but that won't guarantee that FW you are going to execute is "genuine". You can indeed implement it in your app code (e.g. store some checksum in one-time programmable UICR registers and then as first action verify that flash content - or at least content of some flash pages - matches that). But without any HW protection you cannot be sure that someone haven't hacked flash read/write protection so it has very limited effect...

Edit 2-july-2017:

Thanks to Bjørn's confirmation there actually IS Secure Boot possibility with ARM CryptoCell Root-of-Trust feature on nRF52840, more resources on that to be released;) Still to be seen how really temper-resistant this mechanism is.

From what I see in nRF52840 Product Specification (Objective = preliminary) it looks like CryptoCell is just HW accelerator for certain algorithms (= functions) which has dedicated RAM but all the code is executed through library which is loaded in standard user-space (flash). No sign of "Secure Boot" (these diagrams are probably generic ARM CryptoCell-310 block diagrams where Secure Boot is with dashed lines so probably optional and implementation dependent), almost looks like TrustZone is only TM/Copyright technology to give you better feeling (don't want to be mean, it has nice features and in any form - even just this bare HW crypto accelerator - it helps, but it's not uncommon in this "cybersecurity" space to sell just buzzwords and trademarks...)

From what I see in nRF52840 Product Specification (Objective = preliminary) it looks like CryptoCell is just HW accelerator for certain algorithms (= functions) which has dedicated RAM but all the code is executed through library which is loaded in standard user-space (flash). No sign of "Secure Boot" (these diagrams are probably generic ARM CryptoCell-310 block diagrams where Secure Boot is with dashed lines so probably optional and implementation dependent), almost looks like TrustZone is only TM/Copyright technology to give you better feeling (don't want to be mean, it has nice features and in any form - even just this bare HW crypto accelerator - it helps, but it's not uncommon in this "cybersecurity" space to sell just buzzwords and trademarks...)