FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Firmware Protection (F1 Series)

otavio.maciel
Associate II

‎2023-02-06 11:51 AM

Hello dear! I'm developing a new product. I would like use the STM32 F1 series, but I was surprised with this: https://blog.zapb.de/stm32f1-exceptional-failure/

The F1 Series don't have RDP Level 2 protection, in this case, what's the most security way to protect 100% of the firmware.

Thanks!

Labels:
0 Kudos
8 REPLIES 8
Peter BENSCH
ST Employee

‎2023-02-06 12:29 PM

100% security?

Impossible.

The greatest possible security?

Take an STM32 based on Cortex-M33, which corresponds to a Cortex-M4 with TrustZone, e.g. the STM32U5 or STM32L5.

Does it answer your question?

Regards

/Peter

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
0 Kudos
otavio.maciel
Associate II
In response to Peter BENSCH

‎2023-02-06 12:49 PM

The F030 Series using RDP Level 2 increase the firmware security, correct? Maybe the way out is to use it. What do you think? I want the code to have enough security to make cloning unfeasible.

0 Kudos
Peter BENSCH
ST Employee
In response to otavio.maciel

‎2023-02-06 01:19 PM

Correct.

But I would take cloning unfeasible as 100% security against piracy, which we have come much, much closer to with TrustZone in the Cortex-M33. So far, there is no known successful penetration of the TrustZone, but you never know what will be possible with future methods such as quantum computers etc.

RDP Level 2 is already a good approach, but cloning is not impossible and only requires the appropriate effort - it is just a question of money, tools and time available for a break-in.

If you are happy with RDP 2 and can assume that no one is going to shell out $100k or more to clone your firmware, then an STM32F030 with RDP 2 can certainly be used.

If the problem is solved, please mark this thread as answered by selecting Select as best, as also explained here. This will help other users find that answer faster.

Good luck!

/Peter

In order to give better visibility on the answered topics, please click on Accept as Solution on the reply which solved your issue or answered your question.
0 Kudos
KnarfB
Principal III

‎2023-02-06 02:20 PM

Is it really $100k? They estimate $75: https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/

KnarfB

0 Kudos
otavio.maciel
Associate II
In response to otavio.maciel

‎2023-02-06 02:32 PM

Cool! No one is going to spend $100k to clone this firmware, my product unit will cost around $7.00, but I intend to sell many units in my country.

Using the Cortex-M33 becomes expensive.. :(

Going back a bit to the F1 family. How much do you need to disburse to break RDP level 1 security?

0 Kudos
otavio.maciel
Associate II
In response to KnarfB

‎2023-02-06 02:48 PM

Serious?? :sad_but_relieved_face:

I just wanted the security I have working with the AVRs and the old 8051s.:loudly_crying_face:

0 Kudos
Tesla DeLorean
Guru
In response to otavio.maciel

‎2023-02-06 03:36 PM

The F1 is a 16 year old part, things and approaches have moved on.

People likely weren't spending $100K on breaking things, or needing $1M of equipment. You only need ability and access, the janitor probably has the keys..

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
0 Kudos
otavio.maciel
Associate II
In response to otavio.maciel

‎2023-02-06 03:50 PM

So what you are telling me is that F1 is not safe compared to current technologies.

What is the difference in firmware protection from an AVR to the F1? Because AVR has been around for a long time and Lock Bits are still enough to protect the firmware.

0 Kudos
Top