Hello everybody,
we're currently discussing product tampering and intellectual property (IP-) protection for a new product.
I read a lot about SBSFU, the STSAFE processors and KMS memory in some STM32 µCs, but some things I may have not 100% understood correctly, some things I could not find informations about at all.
Our basic question is at the moment: Is it possible to flash a encrypted firmware file to new STM32 processor?
Perhaps using a pre-provisioned STSAFE-A100?
Background of this question: We're selling electronic modules worldwide, which are assembled the specific regions by the manufacturers in place, where, using a unique EEPROM and a USB-Dongle/PC-Software solution, a specific amount of boards can be activated.
Problem is, the potential unworthy EMS has
- The plain hex-file and could disassemble it or manipulate it
- We've seen clones of the EEPROM IC with unique serial no, hence, this concept is proven to be vulnerable
We're searching for a solution to flash encrypted firmware files and to control how much boards were produced and flashed (and are operable/"activated").
The easiest scenario we can think of is
- Flash the STM32 at our company with our encryption keys (store them into the STM32's KMS)
- Deliver a paid amount of these controllers to the potential evil EMS
- Problem is, we had problems in the past exporting electronic parts and hence, we're searching for a pure software-/server-based solution, which leads to the basic question mentioned above: Is flashing of a new STM32 with an encrypted firmware possible, perhaps using pre-provisioned STMSAFE processors with a flashed OEM-cert by ST?
Thanks a lot in advance & best regards
Markus
