• State Verified Answer
  • Replies 3 replies
  • Subscribers 74 subscribers
  • Views 3948 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 221245
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nRF52832 Security, Secure Boot

tlgage

I am looking at implementing some security features on a NRF52832. I am especially interesting in a Secure Boot process. Looking at the product specifications, I noticed the NRF52832 does not seem to have a lot of the features available that the NRF52840 does related to security. The NRF52840 mentions  the "ARM TrustZone Cryptocell 310 security subsystem" and that it is “Secure boot ready”.

The NRF52832 product specification does not mention these features. Are they simply just not at all available and never will be? I thought the main difference was just Flash and RAM memory size between the 2 controllers but they have the same Cortex M4 processor, is that not the case?

Is something like “secure boot” simply not possible on the NRF52832? I also have a crypto chip connected to the NRF52832, that has things like lockable EEPROM memory and standard hardware accelerated cryptography features, AES, SHA-256, etc. Could this be utilized with the NRF52832 to implement a secure boot? Any help would be appreciated.

Parents
  • +1

    Hi

    The ARM TrustZone Cryptocell 310 security subsystem is not available for the nRF52832. However we do have examples using the Infineon OPTIGA Trust X for hardware security with the nRF52832. Please take a look at this blog post for more info on this. Support for this is available in SDKs 15.0.0 and newer. If you are using another crypto chip it should be possible to make some kind of security measures, although we can not help you with making it. 

    Best regards,

    Simon

  • 0 in reply to Simonr

    Great thanks for the info. Another security related question was hoping you could help me with.  Is it possible to implement a truly immutable Bootloader? Essentially burning it in with no way to change it. I know there are things you can do such as making the flash non-read/writable and disabling SWD access using the APP_PROTECT register but it seems like you can always still erase the chip using the CTRL-AP access. It is my understanding that a truly immutable boot loader is not possible on this chip, and would just like to confirm that is indeed the case. 

  • 0 in reply to tlgage

    No, it is not possible to make the nRF52832 "immune" to erasing the entire chip.

    Best regards,

    Simon

Reply Children
No Data
Related
Terms of service