We are using the S12Z Magniv for a very important and large volume production project.
Although we have secured the firmware with the ''Secure" flag thus not allowing the FLASH to be read but only overwritten and we also do not have any password enabled.
We are most concerned about how the S12Z (MC9S12ZVM family) Magniv chips are hardened against voltage glitch attack. It seems that almost all the chips out there are susceptible to this attack and if so it would be very risky to put many years of effort into a chip that can be relatively easily broken into.
What is the hardening level of the chips and what are the precautions that can be taken to protect the firmware?
Sorry, we don’t provide information about secured chips susceptibility to attacks. The security system in S12 is different from other standard chips. They are used in many automotive applications across the world for many years while security is one of the key requirement. Personally I didn’t hear about described vulnerability on S12 chips.
If the security of your code is main topic I want suggest you to use our new family automotive MCUs – S32K1 or S32K3. They comprise the HW security module, so it can be used the encrypted code. The S32K3 provides also the asymmetric encryption to protect your code.
Thanks for your reply. We cannot possibly switch the MCU now as we have spent over four years developing firmware and hardware and perfecting it using the S12 chip.
I would request you to just check up with the company's security division/S12 experts and find out if the S12 chips do have any known vulnerabilities to hardware hacking and if so we need to be aware of it so that we can have appropriate counter measures if possible. If you cannot reveal the vulnerability, at least you can point out what precautions can be taken at the hardware level and software level in addition to just setting the secure flag.
The message from our S12 experts is similar to my previous sent message.
The security features are guaranteed when the device is operated within specification. We saw that there are tools which can bring the device to some undefined states outside of our specification like power or clock glitches which can break the security. No one manufacturer can guarantee that the devices are 100% secure in this case. Our goal is to make the hacking as difficult as possible.
Our S12 devices are used by many customers also in very sensitive applications and we don’t know issue with security yet.
As I mentioned in previous message you can use the last device with improved security options from S32 family.