Hi,
I am trying to build a secure IoT project using the LPC55S69 board. Here are the high-level ideas:
For the development phase:
1. Enroll PUF to get AC.
2. Encrypt the user program (e.g., an image-capturing program running on an LPC board) using the User Key.
3. Encrypt the User Key using the PUF fingerprint.
Now the encrypted user program is stored on Flash. Only this board can decrypt it when it is powered up (tamper-resistant and code secrecy maintained).
For the deployment phase:
1. Power up the board and recover the PUF fingerprint.
2. Decrypt the User Key using PUF.
3. Decrypt the user program using the User Key.
4. Load the program to RAM and execute it.
5. Shut down the board. The decrypted program should be deleted.
I have read the document AN12278 and AN12324 and have a few questions to figure out:
1. How to store the encrypted user program on Flash? I think I need to write an enrollment program to enroll the PUF, encrypt the user program, and store AC (with an encrypted User Key) and an encrypted user program on Flash (separately). But how can I store them on Flash? Are there any APIs available so that I can specify the address to store them?
2. How to decrypt the user program and load it to RAM? I suppose I need another program, saying boot program. The boot program can recover the PUF fingerprint using the newly generated SRAM startup data and pre-stored AC. Then, it can load the pre-stored encrypted user program, decrypt it and load it to RAM. My question is: How to load the decrypted user program to RAM and execute it? Can the BLHOST tool help us?
Thank you very much for your time. Any suggestions for my ideas are welcomed.
Hello @zhliao
First of all, you need confirm which encryption algorithm you want to use.
If Prince, you can refer to : https://www.nxp.com.cn/docs/en/application-note/AN12527.pdf
or "Prince" demo under SDK.
If HASH, you can refer to "Hashcrypt" under SDK.
BR
Alice
Hi Alice,
Thank you very much for your information. Looks like HashCrypt is a good option
Best,
Zhonghao