Dear All,
here is a conception question regarding the MPU usage.
Given that I have to protect some of relatively big size of sensitive data (private keys, specific secrets, parameters etc.) in my µC. However the CSEc does not provide me that big size of memory. Here comes 2 ideas into my mind
1- Encrypt all of the sensitive data w/ AES, then store them in the Flash area in ciphertext form and keep the AES key in CSEc.
2- Use a specific Flash partition to store the sensitive data and limit the access to that area by the MPU (Memory Protection Unit).
Although I assume the Option 1 is better, I can not find any concrete use case where the Option 2 may have disadvantages. Especially Option 2 is interesting if there is no CSEc module is available.
What would you think about the Option 1 and Option 2?
How would you criticize Option 2 from security perspective?
Thanks in advance for your support!
Dear Lukas,
thank you for your quick answer. First of all I want to ask you what do you mean exactly with "and even if the MPU is configured to forbid access to certain area, it can be easily reconfigured." ?
Moreover I want to got o one stage further. Imagining that the µC will actually be set into a mode where the engineering interfaces such as JTAG are deactivated. So for me the only way to get to the data is somehow to dig into the chip HW, microprobe the Flash interface and try to read out the data. I can assume that what is explained in 5.2.1 Flash memory security would not help against this kind of an attack because it focuses only to the "programming interfaces", is that true?
Cheers!
Hi Orhun,
if someone is able to establish access via JTAG (stolen password for backdoor access if enabled or whatever) or in case of microprobing, MPU does not help at all. Encryption of data by CSEc is 'one step up' because the data are not directly readable.
Regards,
Lukas
Hi,
from security point of view, option 2 is quite useless. MPU is safety feature, not security feature. Out of reset, the MPU is enabled and only descriptor 0 is valid. It covers whole address space and all accesses are permitted. And even if the MPU is configured to forbid access to certain area, it can be easily reconfigured.
Take a look at "5.2.1 Flash memory security" in the reference manual.
Regards,
Lukas