Saving root key on battery powered devices

RE: Saving root key on battery powered devices

chirag-parmar — Sat, 25 Jul 2020 20:38:57 GMT

So I followed your instructions and created a version of secure bootloader.

Here is the link https://github.com/slockit/nrf52-secure-boot

RE: Saving root key on battery powered devices

DamianV — Thu, 25 Apr 2019 08:47:38 GMT

Even if you wanted to protect a 16 byte key that is not supposed to be used with AES (say you want to use it for HMAC), you would have to indirectly protect it with the device root key, because once loaded in the secure memory, the device root key can only be used with AES and the AES modes of operation.

RE: Saving root key on battery powered devices

Crudo — Thu, 25 Apr 2019 07:53:14 GMT

I see. In that case it also wouldn't work for other public-key cryptography, like ECC P-256 or Curve25519, correct? The only solution to protect private keys bigger than 16bytes is using the wrapping method that you described?
Thanks for your help.

RE: Saving root key on battery powered devices

DamianV — Wed, 24 Apr 2019 15:13:34 GMT

You won't be able to use it for RSA. You can encrypt (a.k.a. wrap) the RSA key using the device root key (with an appropriate mode of operation), and store the ciphertext.

RE: Saving root key on battery powered devices

Crudo — Wed, 24 Apr 2019 15:02:43 GMT

The KDR registers are only for AES, correct? In my case, I am using RSA and I'd like to use this solution to read the private key, which is 128 bytes long. The KDR regs only fit 16 bytes.

RE: Saving root key on battery powered devices

DamianV — Wed, 24 Apr 2019 13:06:08 GMT

Hello Crudo,

you have to directly write the KDR in the registers HOST_IOT_KDR[0..3]. Also, pay attention to the CryptoCell lifecycle (see section 6.6.3 and 6.6.4 of the specification https://infocenter.nordicsemi.com/pdf/nRF52840_PS_v1.0.pdf).

RE: Saving root key on battery powered devices

Crudo — Wed, 24 Apr 2019 12:00:15 GMT

How can I copy the key to CryptoCell (secure RAM)? Is there an API for that?

RE: Saving root key on battery powered devices

Einar Thorsrud — Thu, 20 Dec 2018 11:34:08 GMT

Hi,

Unfortunately it will not work, as the Device Root Key also has to be configured after every reset. This is because the CryptoCell peripheral does not have any persistent (flash) memory.

RE: Saving root key on battery powered devices

Blake — Wed, 19 Dec 2018 20:00:18 GMT

Hi Einar - Thanks for covering this, it is appreciated. As a follow up, the CryptoCell as described in the nRF52840 reference manual can have a device root key (Kdr) set. Is it possible to store the asymmetric key pair to flash as you described, but encrypted to the CC310 Kdr? This would ensure it can only exist in RAM after being decrypted by the CC310, even if for some reason it was recovered from flash.

RE: Saving root key on battery powered devices

DamianV — Tue, 11 Dec 2018 10:06:19 GMT

Hi Einar,

I have a follow-up question. Would it be possible to use the platform retail key (K_PRTL in the spec, I think?) to protect the root key in the flash (using a suitable mod of operation)? If I understood correctly, it is possible to use it for cryptographic operations, if you do not disable it, correct? I think, this would be no less secure than just having the root key in flash in plain.

Can you please comment on this?

Damian

RE: Saving root key on battery powered devices

Einar Thorsrud — Tue, 11 Dec 2018 09:43:17 GMT

Hi Peter,

There is no secure boot example in the lastest nRF5 SDK (15.2), so this depend on your firmware design. For secure boot you would typically want to store a key in a secure and tamper proof way so that it can be used to verify the application from the bootloader before the application is started. My initial reply describes how you can protect the key on the nRF52840.

RE: Saving root key on battery powered devices

PBT — Tue, 11 Dec 2018 09:31:16 GMT

How does storing the "root key in flash" relate to "secure boot"?
Ie. what key is used for "secure boot" and how is that key stored?

Best

Peter

RE: Saving root key on battery powered devices

Einar Thorsrud — Tue, 25 Sep 2018 14:01:39 GMT

Hi Damian,

Yes, you are right. Crypto operations using a key stored within the OPTIGA Trust X has to be handled by the Trust X. You could of course use the CryptoCell for other operations as it may be faster in some cases, but generally CryptoCell is not an important feature if you anyway use a OPTIGA Trust X. However, CryptoCell can be very useful in other situations, and I would argue that the security level you can get using only a nRF52840 is good enough for most applications.

RE: Saving root key on battery powered devices

DamianV — Tue, 25 Sep 2018 13:51:54 GMT

Hi Einar,

I am following this post and I am trying to understand the situation:

Wouldn't this make the Cryptocell inside the nRF52840 obsolete? Because it seems that if use the OPTIGA Trust X to store the keys, all crypto operations will have to be done within it, right?

Thanks in advance

Damian

RE: Saving root key on battery powered devices

Einar Thorsrud — Thu, 13 Sep 2018 06:55:25 GMT

Hi,

The point with using the OPTIGA Trust X in this case is that it provides secure key storage. You can only write keys to the Trust X, never read it back. The key is safe there and is never communicated to the nRF52840. Instead, any data that needs to be encrypted or decrypted must be sent back and forth to the Trust X, as this has the key(s).

You cannot activate the debug interface from firmware once it has been deactivated. The only way is to do a full chip erase (see Control access port). (Note that the nRF device only has SWD, not JTAG).

RE: Saving root key on battery powered devices

bperrin2 — Wed, 12 Sep 2018 15:06:16 GMT

Thank you for your clear answer.

If we consider decapping as a possible attack: is the solution to have an extra chip safe? I guess it will be possible to sniff the communication lines between the Infineon and the nRF chips when it try to get the master key. The exchange could be encrypted with a key but this will require to store this key somewhere starting with a chicken and egg problem. Am i wrong?

I have another question concerning the JTAG: is it possible to connect / disconnect it by software. For example, we would like to have it disconnected by default and reconnected when a demand is done by the smart device via a secure connection (with a second level of security above BLE). This could be required for example during maintenance operations.

If this is possible, I would be very happy to get a pointer to a coding example.

Bernard

RE: Saving root key on battery powered devices

Einar Thorsrud — Mon, 10 Sep 2018 12:34:18 GMT

Hi,

You cannot retain the root key within CryptoCell, and the nRF52840 does not have any secure flash, so you have to store it in (normal) flash. You are still able to keep the key in a reasonably secure manner using something like the following strategy:

Store the key in a reserved flash region.
Enable read-back protection using Control access port. This prevents a debugger from accessing the flash (the only way to disable it is to first do a full chip erase).
In the bootloader:
- Read the key from flash and copy it to CryptoCell (secure always on RAM).
- Enable ACL to protect the key so that it cannot be accessed by the application.

The above procedure should keep the root key safe against most kinds of attacks, but it does not provide protection against decapping. If you need that, then the only option is to use an additional device, such as for example the OPTIGA Trust X instead.