Cryptographic scheme selection

JDesc · ‎2019-02-20

Could someone elaborate on the tradeoffs of cryptographic scheme selection, especially between Asymmetric with AES encryption and Symmetric (AES GCM) ?

While it is the default choice, it is not clear to me why SECBOOT_ECCDSA_WITH_AES128_CBC_SHA256 would be preferable over SECBOOT_AES128_GCM_AES128_GCM_AES128_GCM since according to Table 3 of UM2262 (getting started), storing a private AES key is required in both cases. What are the benefits of the default approach?

Jocelyn RICARD · ‎2019-04-19

Hello Jean-Hugues,

I'm sorry for this late answer.

The main advantage of asymmetric crypto is that device will embed only the public key to authenticate the firmware.

This means that even if a hacker is able to open the chip to see all data inside, he will not be able to generate a fake firmware because he needs the private key.

On the other hand, using a symetric key, a hacker would could retreive the key using differential power analysis for instance, would be able to create a fake firmware that would be authenticated by the secureboot.

The drawback of the asymetric key usage is the memory footprint used. So, if you have enough place, asymmetric scheme is the best.

The symmetric key is necessary for confidentiality of your data. It is used to encrypt the firmware.

I hope this answers your question

Best regards

Jocelyn