My question is about intellectual property theft at CMs. Clearly ST recognizes the issue and even addresses it by adding SFI (secure internal firmware install) on some microcontrollers. AN5054 is listed in the resources for STM32L010K4; however, it is my

KMalt.1 · ‎2020-07-05

My question is about intellectual property theft at CMs. Clearly ST recognizes the issue and even addresses it by adding SFI (secure internal firmware install) on some microcontrollers. AN5054 is listed in the resources for STM32L010K4; however, it is my understanding that STM32L0s lack SFI/SFIx features (as described in Table1 of DM003555688). Also, Datasheet - STM32L010F4 STM32L010K4 does not refer to SFI.

What can be done for STM32L010K4?

Thank you

waclawek.jan · ‎2020-07-05

> AN5054 is listed in the resources for STM32L010K4

ST does not pay much attention to the list of appnotes which appear at the individual products' pages, they may be simply copypasted from a higher model of the same family, or just randomly added.

JW

Jack Peacock_2 · ‎2020-07-05

When it comes to IP protection there are some tradeoffs:

1) Cost, Cost, Cost. The fact you choose an M0 instead of an M23 core with better IP protection illustrates the point. Protection isn't worth the extra cost, especially in volume (see next point). You have the basics, flash read protection, to protect against someone working on their kitchen table trying to reverse your product. Someone who can open the package and directly probe the flash array, well, you aren't going to stop them.

2) Time. Time to market is an excellent form of IP protection. Corner the market niche quickly (assuming you have production infrastructure), and then throw away the product for something else by the time the clones appear in significant quantity. Just copying firmware isn't enough. You have to have production, quality control, support and marketing in place to make real money off it.

3) IP Value. If you've inherited enough legacy product support you soon learn a lot of IP isn't worth protecting. It takes time and skill to reverse assembly language back into a maintainable program. Having a competitor try to copy it actually is a benefit in that it sets back their development cycle, giving you more time to get the Next Great Thing into the marketplace Most of the time it's faster to write build new that can also take advantage of technology advances (for instance, using the old STM32L1 M3 series when an 'L4 M4 or 'L5 M33 is far more cost effective).

4) Legal. Okay, someone just rips off the binary image. You did place a copyright notice and Easter eggs (for an example, go all the way back to the keyboard controller code on the original IBM PC BIOS firmware, it had a complex do-nothing code sequence to catch thieves) inside to prove ownership, along with hidden checksums to prevent alterations, didn't you? If the volume justifies it, turn it over to the Legal department. They can have Customs seize the clones at port of entry, depriving the thief of the capital needed to start up. If you're too small to hire a lawyer, then the volume must be too low to benefit from any real protection anyway.

5) Unintended benefits. Someone has stolen your design and is dumping it all over the world. First off, that creates a demand for support, and that's something clones can't afford to offer. Add on a premium to paid support contracts to cover the loss from manufacturing. In the long run a paid support contract earns far more than the original hardware anyway. And if you want to operate on the fringe yourself, the clones sold to countries on an embargoed list create a demand for setting up cutouts and a third party contact manufacturer in some of the less scrupulous countries where you can fill a market created by your competitors. Remember, "Country of Origin" are just words printed on the Customs declaration.

Jack Peacock

KMalt.1 · ‎2020-07-06

Thank you for lengthy reply; however, I’m looking for technical solution to a problem and not a philosophical outlook on life in general.

As far as trying to go after foreign entities with Easter-Eggs, patent infringements and legal proceedings… well it is a waste of time.

I recognize that even locked chips can be shaved and scanned with electron microscope but it is a significant investment in time and money which should deter theft in most of the cases.

Using CMs (even in the US), is similar to simply giving away your IP. Other chip manufacturers (e.g. Microchip) offers ordering pre-programmed chips. Some in the past (given enough volume) offered to replace flash with PROM and removal of JTAG port.

I would like ST to step-up and offer us a real solution (e.g. SFI). From description it seems that it is simply a piece of boot-loader code that handles AES encryption and some asymmetric key negotiation with some external HSM (hardware security module).

KM

Jack Peacock_2 · ‎2020-07-06

ARM makes the cores, not ST. And ARM has taken steps to meet what you're asking for. There is a technical solution, the M33 core in the form of the STM32L5 family. Footprints are close so it shouldn't be much of an ordeal to modernize your design if IP security is a significant part of the design goals.

Of course there's the effort involved on the firmware side, and higher cost (does that sound familiar?) but the ARM IP effort has to be paid for too. If your IP is valuable enough to protect then a few extra dollars per device and a couple of months additional development work shouldn't be a barrier, but that's a philosophical (or financial) rather than technical decision.

As an alternative you can go with external security, assuming you can avoid man-in-the-middle attacks and preserve encryption keys in an unsecured core (you might even get a patent for doing that). But that's why some people put their money down on a roulette table even though the odds are against them....

Jack Peacock

Tesla DeLorean · ‎2020-07-06

Providing custom programmed devices is the domain of value-added support from distributors. If that isn't appealing, you could program the reels of devices in house and lock them.

ST has been providing custom implementations to white goods manufacturers for decades.

If you're buying 10's of millions of devices you'd have a direct channel to them, and a bank account deep enough to cover the non-cancelable orders, to get exactly what you want and wouldn't be asking in the forum. You're asking the wrong questions, to the wrong people.

>>I recognize that even locked chips can be shaved and scanned with electron microscope but it is a significant investment in time and money which should deter theft in most of the cases.

Probably less than you think, protects against rank amateurs and script kiddies, but even without technology/equipment access, you still have an army of people who could brute force a window into most implementations through the weaknesses in the HW and SW.

>>I would like ST to step-up and offer us a real solution (e.g. SFI). From description it seems that it is simply a piece of boot-loader code that handles AES encryption and some asymmetric key negotiation with some external HSM (hardware security module).

Sort of thing hampers international sales, and adds export controls. Probably also a bit heavy on a CM0 implementation, were the die size is predominantly from the FLASH, OTP, RAM and peripherals bolted on.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..

waclawek.jan · ‎2020-07-06

>Thank you for lengthy reply; however, I’m looking for technical

>solution to a problem and not a philosophical outlook on life in general.

This is a primarily user-driven forum with casual ST presence. You should direct your request on ST directly.

JW

KMalt.1 · ‎2020-07-06

Well, maybe ST eventually chimes-in here with an official statement… or not...

KM