AnsweredAssumed Answered

MPU Usage for Sensitive Data Storage

Question asked by Orhun Suezer on Apr 17, 2019
Latest reply on Apr 18, 2019 by Lukas Zadrapa

Dear All,

here is a conception question regarding the MPU usage.

 

Given that I have to protect some of relatively big size of sensitive data (private keys, specific secrets, parameters etc.) in my µC. However the CSEc does not provide me that big size of memory. Here comes 2 ideas into my mind

 

1- Encrypt all of the sensitive data w/ AES, then store them in the Flash area in ciphertext form and keep the AES key in CSEc.

 

2- Use a specific Flash partition to store the sensitive data and limit the access to that area by the MPU (Memory Protection Unit).

 

Although I assume the Option 1 is better, I can not find any concrete use case where the Option 2 may have disadvantages. Especially Option 2 is interesting if there is no CSEc module is available.

 

What would you think about the Option 1 and Option 2?

How would you criticize Option 2 from security perspective?

 

Thanks in advance for your support!

Outcomes