How to use KPRTL on nRF52840?

Hi,

The RTL key cannot be used for anything useful in the nRF52840. (The key is hardcoded and identical for all nRF52840 devices.)

The device root key (KDR) could be usable, but the SW support is currently lacking. Also, this resides in RAM so you would need to keep the key in flash as well for it to be persistent.

Hi Einar,

Thank you for your answer.

For my use case, two nRF52840 need to exchange encrypted data with a key which should not be known by the developer. Since the key is hardcoded within the devices and not recoverable, it could be a viable option as the devices are mutually authenticated by other means.

I followed the instruction in the documentation to set the registers of the CryptoCell accordingly, would this work or do I need to set additional parameters/registers ?

NRF_CRYPTOCELL->ENABLE = 1;

NRF_CC_HOST_RGF->HOST_IOT_LCS = 2

NRF_CC_HOST_RGF->HOST_CRYPTOKEY_SEL = 1; 

To be honest, I understand the concern of using such key from a security perspective. However, since such feature is detailed within the documentation, it should be possible to use it even by manually setting registers with/without usage of the software library.

If you could provide any additional guidance on how to properly use it I would be very grateful.

Regards

Hi Azox,

I did not follow you. Which key do you intend to use? If the developers have access to the debug interface, and that is not locked down, then they will have access to any key in flash (even the key that you will, in turn, write to KDR. And as mentioned the KRTL is useless in our HW implementation, it is unfortunate that the documentation mentions it.