‎2023-02-06 11:51 AM
Hello dear! I'm developing a new product. I would like use the STM32 F1 series, but I was surprised with this: https://blog.zapb.de/stm32f1-exceptional-failure/
The F1 Series don't have RDP Level 2 protection, in this case, what's the most security way to protect 100% of the firmware.
Thanks!
‎2023-02-06 12:29 PM
100% security?
Impossible.
The greatest possible security?
Take an STM32 based on Cortex-M33, which corresponds to a Cortex-M4 with TrustZone, e.g. the STM32U5 or STM32L5.
Does it answer your question?
Regards
/Peter
‎2023-02-06 12:49 PM
The F030 Series using RDP Level 2 increase the firmware security, correct? Maybe the way out is to use it. What do you think? I want the code to have enough security to make cloning unfeasible.
‎2023-02-06 01:19 PM
Correct.
But I would take cloning unfeasible as 100% security against piracy, which we have come much, much closer to with TrustZone in the Cortex-M33. So far, there is no known successful penetration of the TrustZone, but you never know what will be possible with future methods such as quantum computers etc.
RDP Level 2 is already a good approach, but cloning is not impossible and only requires the appropriate effort - it is just a question of money, tools and time available for a break-in.
If you are happy with RDP 2 and can assume that no one is going to shell out $100k or more to clone your firmware, then an STM32F030 with RDP 2 can certainly be used.
If the problem is solved, please mark this thread as answered by selecting Select as best, as also explained here. This will help other users find that answer faster.
Good luck!
/Peter
‎2023-02-06 02:20 PM
Is it really $100k? They estimate $75: https://blog.kraken.com/post/3662/kraken-identifies-critical-flaw-in-trezor-hardware-wallets/
KnarfB
‎2023-02-06 02:32 PM
Cool! No one is going to spend $100k to clone this firmware, my product unit will cost around $7.00, but I intend to sell many units in my country.
Using the Cortex-M33 becomes expensive.. :(
Going back a bit to the F1 family. How much do you need to disburse to break RDP level 1 security?
‎2023-02-06 02:48 PM
Serious?? :sad_but_relieved_face:
I just wanted the security I have working with the AVRs and the old 8051s.:loudly_crying_face:
‎2023-02-06 03:36 PM
The F1 is a 16 year old part, things and approaches have moved on.
People likely weren't spending $100K on breaking things, or needing $1M of equipment. You only need ability and access, the janitor probably has the keys..
‎2023-02-06 03:50 PM
So what you are telling me is that F1 is not safe compared to current technologies.
What is the difference in firmware protection from an AVR to the F1? Because AVR has been around for a long time and Lock Bits are still enough to protect the firmware.