https://devzone.nordicsemi.com/f/nordic-q-a/39786/can-nrf52840-cryptocell-ip-act-as-secure-elementHi to all, i am developing a device based NRF52840 soc, and i want to implement a device that need to store some public/private key in somewhere. i know that cryptocell ip is an accelerator for cryptographic tasks, but i want to know is this ip capableen-USTelligent Community 13Fri, 06 Nov 2020 14:14:49 GMThttps://devzone.nordicsemi.com/thread/278805?ContentTypeID=1Fri, 06 Nov 2020 14:14:49 GMT137ad170-7792-4731-bb38-c0d22fbe4515:9fe6c494-b8c0-487b-b2d1-fa12bf638447Nikos Karamolegkos<p>Thank you. For folks that may need future help check <a href="https://devzone.nordicsemi.com/f/nordic-q-a/67971/tls-credentials-secure-storing-to-nrf52840-dk">here</a></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/278798?ContentTypeID=1Fri, 06 Nov 2020 13:58:34 GMT137ad170-7792-4731-bb38-c0d22fbe4515:0c980923-6a99-4207-a237-1d01b43cb463haakonsh[quote user="Nikos Karamolegkos"]Let&#39;s say that I would like to store a private key. I can create a flash section where I will store the private key and then using a secure bootloader to read that key and block the read in this section. In this way, I can jump to application (without rebooting/reset) and then again only on reset the bootloader can read the key. Am I correct?[/quote] <p>&nbsp;Yes, that&#39;s the intended use-case.&nbsp;<br />&nbsp;</p> [quote user="Nikos Karamolegkos"]Also, what exactly means secure bootloader?&nbsp;[/quote] <p>It means the use of signed FW images where the bootloader will verify any image it is asked to load, based on f.ex a stored key that only the bootloader has access to.&nbsp;<br /><br />From&nbsp;<a title="Secure boot and firmware updates" href="https://infocenter.nordicsemi.com/topic/sdk_nrf5_v17.0.2/lib_secure_boot.html?cp=7_1_3_5_0_8">Secure boot and firmware updates</a>:&nbsp;<br /><span>&quot;Secure boot does a signature verification procedure on installed firmware before booting into it. This is to ensure that the firmware is authorized by the owner of the private key used to create the signature.&quot;</span></p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/278596?ContentTypeID=1Thu, 05 Nov 2020 12:57:46 GMT137ad170-7792-4731-bb38-c0d22fbe4515:a526ea1d-acb6-41f2-9150-266eed6c639eNikos Karamolegkos<p>Let&#39;s say that I would like to store a private key. I can create a flash section where I will store the private key and then using a secure bootloader to read that key and block the read in this section. In this way, I can jump to application (without rebooting/reset) and then again only on reset the bootloader can read the key. Am I correct? Also, what exactly means secure bootloader?&nbsp;</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/278264?ContentTypeID=1Tue, 03 Nov 2020 12:58:27 GMT137ad170-7792-4731-bb38-c0d22fbe4515:d15930e4-06f2-4fdf-add7-5258ae67d144haakonsh<p>Depends on your definition of &quot;secure&quot;.&nbsp;&nbsp;</p> [quote user="haakonsh"]And the&nbsp;<a href="http://infocenter.nordicsemi.com/topic/com.nordic.infocenter.nrf52840.ps/acl.html?cp=2_0_0_5_2">ACL — Access control lists</a>&nbsp;can block read and/or write access to a region of flash.&nbsp;[/quote] <p>&nbsp;Though do note&nbsp;<a title="IN133 Informational Notice v1.0" href="https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf?cp=4_0_2_0">IN133 Informational Notice v1.0</a>.&nbsp;Talk to our Regional Sales Manager about device ordering&nbsp;and production programming for nRF52840&#39;s with a fix for this issue.&nbsp;</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/277962?ContentTypeID=1Mon, 02 Nov 2020 08:11:48 GMT137ad170-7792-4731-bb38-c0d22fbe4515:22daff01-0e8d-469d-b61a-86229fd3fd47Nikos Karamolegkos<p>I can not understand, before anything, Is secure to store the key in flash?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/188108?ContentTypeID=1Tue, 21 May 2019 07:30:06 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ef78eec5-1b62-4f8c-ace6-0f7b434a5eechaakonsh<p>Yes, given that you follow the instructions given in my previous answer.&nbsp;</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/187788?ContentTypeID=1Mon, 20 May 2019 07:49:56 GMT137ad170-7792-4731-bb38-c0d22fbe4515:ebb3cc40-876c-4998-b12c-f4427a2bb03balireza sadeghpour<p>So this region of memory can be used for storing symmetric/asymmetric encryption keys?</p><div style="clear:both;"></div>https://devzone.nordicsemi.com/thread/154322?ContentTypeID=1Wed, 24 Oct 2018 15:12:30 GMT137ad170-7792-4731-bb38-c0d22fbe4515:1abd59b5-0568-4cce-b326-f0f12c4d2ceahaakonsh<p>The CryptoCell can store a&nbsp;<a title="Device root key" href="http://infocenter.nordicsemi.com/topic/com.nordic.infocenter.nrf52840.ps/cryptocell.html?cp=2_0_0_5_5_3_1#unique_59770473">Device root key</a>&nbsp;in its internal SRAM. And the&nbsp;<a href="http://infocenter.nordicsemi.com/topic/com.nordic.infocenter.nrf52840.ps/acl.html?cp=2_0_0_5_2">ACL — Access control lists</a>&nbsp;can block read and/or write access to a region of flash.&nbsp;</p> <p><br />The common use case is to use a secure bootloader to read a key from flash and store it in the cryptocell, then use ACL to block read access to the flash region where the key is stored.&nbsp;</p><div style="clear:both;"></div>