TLS credentials secure storing to nrf52840-dk

Question

Hello everybody, I am using Zephyr with the nrf52840-dk device. I would like to store the DTLS credentials with a secure way. I don't want to be part of the code and thus to be written raw in flash. Any proposals?

Einar Thorsrud · Accepted Answer

Hi, 
 Nikos Karamolegkos said: Is there any example on how use ACL? I am using zephyr but I can not find something relative 
 You can use the fprotect_area() function . There are a few examples where it is used in nRF Connect SDK. 
 Nikos Karamolegkos said: Also, could I have two specific region which can have access? (with the bootloader logic I have somehow to "announce" the credentials to the APP partition). 
 Yes, you can have multiple regions. But this does not work as I suspect you hope. The ACL will effectively block reading (if that is how it is configured) from the specified region after it is enabled. See ACL for details about how ACL itself works. 
 Nikos Karamolegkos said: Finally, what difference has the ACL with the APPROTECT register? 
 ACL blocks access to parts of the memory from the CPU. APPROTECT blocks debugger access. So they are quite different, though both are features for restricting access to the flash in some way. 
 Nikos Karamolegkos said: Is there any example using the APPROTECT? 
 Yes. With the current nRF devices that is just a matter of writing to the APPROTECT register in UICR during programming. So it does not really have any implications for your firmware itself. 
 There is one possibility which I did not mention before that you could use to protect your certificate somewhat. You could use a device root key which you provision the CC310 with during boot, and then lock the flash page holding the key using ACL in the bootloader (after provisioning CC310). Then you could use a derived key to decrypt the certificate (which has been encrypted using the derived key during production). See nrf_cc3xx_platform_kmu.h for more. Unfortunately there is no example of this at this point.

Nikos Karamolegkos · Answer

I am not sure that I understand. Could you explain more why to sections for the ACL is problem? Also, about the device root key idea can you explain more? What is the derived key and how this helps?

Einar Thorsrud · Answer

Hi, 
 Nikos Karamolegkos said: Therefore, the derived key will be always the some given the same root key? 
 Yes, that is correct. 
 Nikos Karamolegkos said: How can I create the root and thus the derived key? 
 How to create the key is up to you. You could create it on the nRF using the CC310 RND during production. Then load that key into CC310 and derive a key, which you use to encrypt your secret data. As mentioned you must keep the root key in normal flash and should protect it early during boot to prevent application code from reading it., 
 There are currently no code examples for this, but the functionality you need was introduced in NCS 1.4. Specifically: 
 
 Use nrf_cc3xx_platform_kdr_load_key() to load the root key in CC310 at every boot. 
 Use mbedtls_shadow_key_derive() to obtain the derived key that you use to encrypt/decrypt the data
 
 You should make sure to memset the RAM holding the key immediately after use to reduce the attack surface.

Nikos Karamolegkos said: Finally, the bootloader is it secure in order to handle all this process? (e.g MCUboot) 
 You could use an tiny immutable bootloader that runs before MCUBoot to handle this (this example immutable bootloader does not do this, but you can use it and add this part). That is the same approach that is used in secure boot. Then you can keep the key in the bootloader page. This B0 bootloader would then essentially do nothing other than loading the KDR key to CC310, preventing read access to itself and starting MCUBoot.

Einar Thorsrud · Answer

Yes, that is correct.

TLS credentials secure storing to nrf52840-dk

Top Replies