Skip to main content
otavio.maciel
otavio.maciel
Associate II
February 6, 2023
Question

Firmware Protection (F1 Series)

  • February 6, 2023
  • 2 replies
  • 2035 views

Hello dear! I'm developing a new product. I would like use the STM32 F1 series, but I was surprised with this: https://blog.zapb.de/stm32f1-exceptional-failure/

The F1 Series don't have RDP Level 2 protection, in this case, what's the most security way to protect 100% of the firmware.

Thanks!

This topic has been closed for replies.

2 replies

Peter BENSCH
Peter BENSCH
Technical Moderator
February 6, 2023

100% security?

Impossible.

The greatest possible security?

Take an STM32 based on Cortex-M33, which corresponds to a Cortex-M4 with TrustZone, e.g. the STM32U5 or STM32L5.

Does it answer your question?

Regards

/Peter

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
otavio.maciel
otavio.macielAuthor
Associate II
February 6, 2023

The F030 Series using RDP Level 2 increase the firmware security, correct? Maybe the way out is to use it. What do you think? I want the code to have enough security to make cloning unfeasible.

Peter BENSCH
Peter BENSCH
Technical Moderator
February 6, 2023

Correct.

But I would take cloning unfeasible as 100% security against piracy, which we have come much, much closer to with TrustZone in the Cortex-M33. So far, there is no known successful penetration of the TrustZone, but you never know what will be possible with future methods such as quantum computers etc.

RDP Level 2 is already a good approach, but cloning is not impossible and only requires the appropriate effort - it is just a question of money, tools and time available for a break-in.

If you are happy with RDP 2 and can assume that no one is going to shell out $100k or more to clone your firmware, then an STM32F030 with RDP 2 can certainly be used.

If the problem is solved, please mark this thread as answered by selecting Select as best, as also explained here. This will help other users find that answer faster.

Good luck!

/Peter

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
KnarfB
KnarfB
Super User
February 6, 2023

Is it really $100k? They estimate $75: https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/

KnarfB

otavio.maciel
otavio.macielAuthor
Associate II
February 6, 2023

Serious?? :sad_but_relieved_face:

I just wanted the security I have working with the AVRs and the old 8051s.:loudly_crying_face:

Tesla DeLorean
Tesla DeLorean
Guru
February 6, 2023

The F1 is a 16 year old part, things and approaches have moved on.

People likely weren't spending $100K on breaking things, or needing $1M of equipment. You only need ability and access, the janitor probably has the keys..

Tips, Buy me a coffee, or three.. PayPal VenmoUp vote any posts that you find helpful, it shows what's working..
Terms & ConditionsAccessibility statement