• State Verified Answer
  • Replies 3 replies
  • Subscribers 75 subscribers
  • Views 1133 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 250303
Options
This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

nrf52833 RNG and OTP flash

Richard R

Hello,

Our team are evaluating the nRF52833 vs the nRF52840 and would like to understand the following

1. The nRF52840 clearly state that its RNG hardware is NIST SP800-90A and SP800-90B compliant, meanwhile the nRF52833 only mentions that it has a true-non-deterministic-RNG (section 6.19 on the Product Spec) - Is this RNG also NIST compliant?

2. Is there a space in flash for the nRF52833 where we can store keys in a One-Time-Programmable fashion (e.g. by blowing fuses to prevent re-writes) and then have that information available for computation, but read protected?

Thank you for your time!

  • 0

    You can use the CUSTOMER fields in UICR together with APROTECT.

    Not a "rea"l OTP but this way you cannot read anything over SWD before completely erasing the chip.

  • +1

    1. The nRF52840 has the cryptocell hardware which has the compliant RNG. While the nRF52833 does not have this. See CRYPTOCELL — ARM TrustZone CryptoCell 310. The RNG in the nRF52833 is not considered compliant.

    2. Yes, UICR+approtect. But application flash could also be used and might be more convenient to maintain. Approtect would enable read back protection for all flash.

  • 0

    Apologies for commenting here on an oldish thread. 
    I only commenting on the randomness parts here.

    The random numbers accessed through the softdevice interface shall to be compliant to FIPS SP800-22 as stated in the Bluetooth specification Vol 3, Part H, section 2 (This section is referred in both BR/EDR and LE only contollers).

    FIPS SP800-22 for pseudo random numbers should suffice, as NIST SP800-90A is only the recommended mechanisms for to generating deterministic i.e. pseudo random numbers and the SP800-90B is the spec to ensure adequate entropy for the random number generation. 

    I would state that compliance to FIPS SP800-22 is sufficient as that is the statistical test suite that shows fulfillment of NIST SP800-90A and NIST SP800-9B requirements.

    I would then state that the soft device interface for the nRF52833 should deliver random numbers that are of the same or better quality for the NIST and FIPS specifications to be satisfied.

Related
Terms of service