cancel
Showing results for 
Search instead for 
Did you mean: 

How to robustly protect a STM32F4xx against code extraction...

jeanpierre
Associate II
Posted on November 14, 2014 at 00:18

Hello ST gurus!

Our company is seeking to protect its IP as much as possible from code extraction before products are shipped.

We understand the STM32F4xx has protective features to prevent code extraction via JTAG and flash reading / writing in certain modes, but previous attempts have bricked a few boards and we would like to obtain the proper sequence of step to lock the device as securely as possible when product is factory-provisioned, and how to unlock it in our firmware upgrade process.

I could not find an appnote or a code fragment that reveals how to properly do it.  Is there a code sample that someone can share that illustrates the proper procedure?

Many thanks!!

   Jean-Pierre

#code-protection #locking #down-at-the-first-hurdle
11 REPLIES 11
Posted on November 14, 2014 at 02:25

You'd want to mount your board in an impenetrable box.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
flyer31
Senior
Posted on November 14, 2014 at 06:21

impenetrable and anyway firmware upgradable - this really sounds challenging. You should then at least also put all the employees who know how to do the upgrade put into some impenetrable box too ... . (and not ask STM to write an application note about this :)).

stm322399
Senior
Posted on November 14, 2014 at 09:04

Jean-pierre, (are you the JP trying to boot Linux under 1s ?)

STMicro had an application note for that, and released binary demonstration only. This could be interesting for you. Search for AN4023 and STSW-STM32099.

On the other side, every note about internal contains an invitation to contact your ST representative. I will push to moderation, because I know the author of this AN is around.

Good luck.

--

Laurent

jeanpierre
Associate II
Posted on November 14, 2014 at 15:16

Hi Laurent!  Nice to see you here too! ;)

Many thanks for that useful heads up...  that appnote did not show up for our chip but it looks generic enough for all STM32 chips so should be of help.

I've read the appnote and we'll contact our STMicro sales guy.

Thanks again for that link Laurent! :)

   Jean-Pierre

jeanpierre
Associate II
Posted on November 14, 2014 at 15:18

Hi clive1,

Intriguing comment!  Should I be of impression that full protection of our code is impossible on this platform?

jeanpierre
Associate II
Posted on November 14, 2014 at 15:22

Hi Bil, I'm not sure us coders will want to move into a closet... so better go with encrypted images!  Must... maintain... freedom...

chen
Associate II
Posted on November 14, 2014 at 16:15

Hi

''Should I be of impression that full protection of our code is impossible''

basically YES.

Depends on how far someone is prepared to go to reverse engineer something.

I have heard of companies milling the plastic off the top of chip to look at the silicone!

I have read reports that Credit card readers are designed so that they break if you open them up.

You can use the protection that ST provide but it will not stop everyone.

You can them go further and add protection on top of the mechanisms that ST provide.

It all depends on why (who will try to rip you off, reverse engineer or just hack for fun).

frankmeyer9
Associate II
Posted on November 14, 2014 at 17:02

I have heard of companies milling the plastic off the top of chip to look at the silicone!

 

And use something like electron beam microscopes to ''read out'' the flash. This had been reported some time ago, for instance by Microchip ...

It all depends on why (who will try to rip you off, reverse engineer or just hack for fun).

 

Correct. And with countries on the rise which don't condemn copying/reverse-engineering, you will need to be faster and more creative to stay in business ...

jeanpierre
Associate II
Posted on November 14, 2014 at 17:08

Hi guys, thanks for the helpful comments and hints in the right direction.

Have any of you implemented the STMicro secure firmware update processed detailed in app note AN4023?  Did it provide value?