Saving root key on battery powered devices

Hi,

You cannot retain the root key within CryptoCell, and the nRF52840 does not have any secure flash, so you have to store it in (normal) flash. You are still able to keep the key in a reasonably secure manner using something like the following strategy:

• Store the key in a reserved flash region.
• Enable read-back protection using Control access port. This prevents a debugger from accessing the flash (the only way to disable it is to first do a full chip erase).
• In the bootloader:
  • Read the key from flash and copy it to CryptoCell (secure always on RAM).
  • Enable ACL to protect the key so that it cannot be accessed by the application.

The above procedure should keep the root key safe against most kinds of attacks, but it does not provide protection against decapping. If you need that, then the only option is to use an additional device, such as for example the OPTIGA Trust X instead.

How can I copy the key to CryptoCell (secure RAM)? Is there an API for that?

How can I copy the key to CryptoCell (secure RAM)? Is there an API for that?

Hello Crudo,

you have to directly write the KDR in the registers HOST_IOT_KDR[0..3]. Also, pay attention to the CryptoCell lifecycle (see section 6.6.3 and 6.6.4 of the specification https://infocenter.nordicsemi.com/pdf/nRF52840_PS_v1.0.pdf).

The KDR registers are only for AES, correct? In my case, I am using RSA and I'd like to use this solution to read the private key, which is 128 bytes long. The KDR regs only fit 16 bytes.

You won't be able to use it for RSA. You can encrypt (a.k.a. wrap) the RSA key using the device root key (with an appropriate mode of operation), and store the ciphertext.

I see. In that case it also wouldn't work for other public-key cryptography, like ECC P-256 or Curve25519, correct? The only solution to protect private keys bigger than 16bytes is using the wrapping method that you described?
Thanks for your help.

Even if you wanted to protect a 16 byte key that is not supposed to be used with AES (say you want to use it for HMAC), you would have to indirectly protect it with the device root key, because once loaded in the secure memory, the device root key can only be used with AES and the AES modes of operation.