FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

MPU security empowerment

SigmaPrime
Senior

‎2020-11-20 2:40 AM

Hello,

My goal is to harden my Hardware security. I am using an STM32MP157C and buildroot as main distro.

What exactly do I need to know when it comes to security? I am dealing with the hardware part and I am working on an IoT project.

My colleague takes care of the server Tel. We have already successfully transferred sensor data to the server. But I don't think I can improve network security from a hardware point of view, do I? I don't have access to the server.

I want to secure my hardware, but in my mind I don't see many options (not my domain) besides managing file permissions and isolating some personal scripts in another user profile.

For hardware security, we can start with a hardened kernel that custom compiles with priority over priority. Then we can have the root encrypted using LUKS or another option out of many. Data encryption before sending it to a server may be considered here. I also can use strong passwords and use a password manager like pass or even the Gnome keyring.

A number of hash functions are available through the terminal (md and sha series) or we can use openssl which has a number of hash and data encryption ciphers like AES256, chacha20 etc. But that has more to do with the server, right? Not with the MPU.

I have no experience with hardware security and cybersecurity. My thought may be wrong. I am still confused because I don't have access to the server and I can't differ between what I am supposed to do from a Hardware point of view and what my colleague does from a software(network) point of view.

thanks

Labels:
0 Kudos
This discussion is locked. Please start a new topic to ask your question.
5 REPLIES 5
KnarfB
Super User

‎2020-11-20 7:28 AM

Security is a very broad topic with many aspects. You may start reading here https://www.st.com/content/st_com/en/stm32trust.html. But, before thinking of technologies and implementions, you should make a threat and risk analysis for your IoT product.

0 Kudos
PatrickF
ST Employee

‎2020-11-20 8:20 AM

Hi,

I think another good start for STM32 MPU is https://wiki.st.com/stm32mpu/wiki/Security_overview.

Security is a never ending story, you have to think about which kind of attacks you want to protect (there is probably many publications on that) and then became a bit paranoiac.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.
NEW ! Sidekick STM32 AI agent, see here
0 Kudos
SigmaPrime
Senior
In response to PatrickF

‎2020-11-21 4:05 AM

Thank you. Will this collide even if I use a distro other than OpenST-Linux? I am using Build root as main distro.

0 Kudos
SigmaPrime
Senior
In response to KnarfB

‎2020-11-21 4:07 AM

Thank you :) Yes this is most what I am trying to do although I do not have further knowledge in security. This neither my field of study nor have I worked on it before. I am a working student at a start-up trying to learn new things that's why I struggle a bit at the beginning.

0 Kudos
KnarfB
Super User
In response to SigmaPrime

‎2020-11-21 4:18 AM

It depends more on the Linux kernel version, u-boot, TF-A,.. and apps you are installing rather than the build framework (yocto vs. buildroot). As ST prefers yocto, you cannot be wrong following that path, getting updates and fixes asap.

0 Kudos
Top