Which is best candidate out of nrf52840 & nRF52832 for BluetoothMesh n/w for security point of view ?

What do you expect? Someone saying "NO, the cryptocell is totally useless and it's more secure to go with product without it!"?????? Where you guys get these silly questions?;)

The answer surely is "yes, having ARM CC310 gives you better chance to implement your FW securely but if you screw something up no magic co-processor helps you".

Thanks for calling me silly :)

That means we should not launched final product in market which is based on nrf51, nrf52832, nrf52810 these SoCs if security of n/w is going to be concern.

www.nordicsemi.com/.../ARM-CryptoCell-310

I read this link but didn't understand. Please consider me noob & elaborate more about use of Arm CryptoCell. Is it encrypt firmware on flash memory for its host SoC ?

Is your Bluetooth mesh SDK v1.0.0 by default using ARM cryptocell features ? If NO, then how to enable & use it ?

That's part of the problem I'm afraid;) I don't want to be offensive or disrespectful but that's what I've learned in past 10 years about secure hardware/firmware design: if you don't know what these things mean already then it indicates that you are doing this for the first time. And if you are doing it for the first time then probability that you would do it right is very low. Secure design is not like usual things: you cannot do it "almost" good or "just a little mistake". Almost all mistakes lead to holes and almost every hole makes the whole design flawed. So my point was: if you don't know how ARM Cryptocell works and you hope in getting it from reading of this forum it is very unlikely it would help you to somehow significantly strengthen your FW design in your product. You need to have hardcore practitioners who understand the attacks you are trying to mitigate.

(1/3)

That said let me explain how searching on this forum and internet works: you put word "cryptocell" or "Trustzone" to "Search" window in the header of this page or/and to www.google.com search box. You will immediately get dozens of hits which will tell you what ARM Cryptocell is and what it itsn't, how it might enhance security of your product but also what it cannot do (= e.g. doean't provide any additional temper resistance to HW design of the chip). Here is one example.

In a nutshell it provides two features which might be a good foundation to improve security of ARM Cortex-M product:

• Crypto-processor which can provide HW accelerated performance to certain crypto primitives.
• Few hooks to memory controller which should allow you to prevent execution of certain ode at certain time.

(2/3)

(3/3)

However there are no real implementations using ARM CC310 known on nRF52840 yet, Nordic are (logically) careful with any promises and if you google Trustzone vulnerabilities it seems that many real implementations are vulnerable to fairly common attacks. So it gives a hint that many people are just using it as sticker and values security by numbers of prays per day then understanding the backgrounds.

(btw. very similar could be said about the fancy mesh networking, Internet of Things and other stickers... most of real products don't need anything from that and very often it even makes the product worse;)