• State Verified Answer
  • Replies 17 replies
  • Subscribers 63 subscribers
  • Views 12384 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 123971
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

Cybersecurity features for NRF52 chips

Ildar

Good day!

I'm interesting in ability to support of some required Cybersecurity features by NRF52832 or/and NRF52840:

  1. Is it possible to fully disable JTAG and/or SWD?
  2. Is it possible to implement Flash protection (from rewriting/erasing/readaback)?
  3. Is it possible to implement secure boot? (encrypted bootloader with CRC checking of flash area)

Thanks in advance!

Regards

Parents
  • 0

    (oh lord, CS buzzword;)

    Hi,

    1. Yes, read about that in the product specification.
    2. Yes, see the link above and this.
    3. What do you mean by that? Neither nRF52832 nor nRF52840 has any HW security feature to protect tempering with the processor/memory/inputs during the run-time so how you would achieve any security during the boot? The only thing you could use is ARM CryptoCell features for HW accelerated crypto in nRF52840 but that won't guarantee that FW you are going to execute is "genuine". You can indeed implement it in your app code (e.g. store some checksum in one-time programmable UICR registers and then as first action verify that flash content - or at least content of some flash pages - matches that). But without any HW protection you cannot be sure that someone haven't hacked flash read/write protection so it has very limited effect...

    Edit 2-july-2017:

    Thanks to Bjørn's confirmation there actually IS Secure Boot possibility with ARM CryptoCell Root-of-Trust feature on nRF52840, more resources on that to be released;) Still to be seen how really temper-resistant this mechanism is.

  • 0 in reply to endnode

    You are right, there seems to be this phrase however there were no resources to that when I was trying to evaluate back in winter during release time of preview DK. All what I see in nRF5 SDk V13.1.0 is Secure bootloader for Nordic Device Firmware Upgrade, no real secure boot (= attestation of memory and other HW components before any custom SW is run on MCU) as far as I cn see... but I would very much like to learn the details if I'm wrong!

Reply
  • 0 in reply to endnode

    You are right, there seems to be this phrase however there were no resources to that when I was trying to evaluate back in winter during release time of preview DK. All what I see in nRF5 SDk V13.1.0 is Secure bootloader for Nordic Device Firmware Upgrade, no real secure boot (= attestation of memory and other HW components before any custom SW is run on MCU) as far as I cn see... but I would very much like to learn the details if I'm wrong!

Children
No Data
Related