cancel
Showing results for 
Search instead for 
Did you mean: 

Flash read protection

issa
Associate II
Posted on February 27, 2013 at 09:43

Hi,

in the AN PM0042 I found that the read protection is activated by setting the RDP option byte.It is critical to me that the code is safe 100%. My question is: does this option byte ensure that my code will be protected 100% ?

#flash-rdp
5 REPLIES 5
Posted on February 27, 2013 at 13:03

ST once stated here it would take $1M worth of equipment to break.

Assume you are protected from 100% of people without access/ability to use said equipment.
Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
damh
Associate II
Posted on February 27, 2013 at 14:20

Be careful:

- If JTAG is accessable, you can stop in every moment and read out the entire RAM!

- If internal bootloader is accessable, some MCUs have the possibility to remove the ROP, but after that you can access the RAM-content (with state before erasing!) trough the bootloader. Some RAM is used by internal bootloader, so this part is destroyed, but the rest is intact!

- On both ways you can access all peripherals and read them out (first way without destruction of the flash, second with masserase). You can readout i.e. EEPROMs

The backupdomain is accessable the same way! RTC and backupdomain can be manipulated this way. You cannot notice this kind of manipulation from code, if this person knows what he/she is doing.

You can run i.e. the code and stop it repeatedly and readout RAM, backupdomain, etc. If you have anything valueable in RAM/backupdomain, you can find it! (i.e. keys)

Read i.e.:

http://adamsblog.aperturelabs.com/2013/02/atmel-sam7xc-crypto-co-processor-key.html

This is such an attack!
damh
Associate II
Posted on February 27, 2013 at 14:23

Have anyone performed glitch attacks on JTAG interface of STMs yet?

Perhaps it will work, too ;)
Posted on February 27, 2013 at 15:45

I was being a tad facetious.

Tips, Buy me a coffee, or three.. PayPal Venmo
Up vote any posts that you find helpful, it shows what's working..
jpeacock2399
Associate II
Posted on February 27, 2013 at 16:03

Leaving keys in SRAM is an obvious attack vector and easily avoided.  When read protection level 1 is set access to flash AND backup SRAM registers in the RTC are blocked.  If level 1 is cleared both flash and backup SRAM are erased, so any keys stored in backup SRAM are lost. 

Crypto keys are stored in backup SRAM, not flash, so they can't be scanned from the flash array.  The drawback is you need a reliable long term backup power supply and some way for the end user to contact the vendor to recover lost keys.

Additional tamper protection can be implemented by using a tamper switch inside the device, which erases backup SRAM and the keys when it's triggered.

For the original poster the best bet would be to use read protection level 2, JTAG disabled, along with a tamper switch.  The tamper switch stops the merely curious, the RDP 2 stops the EE in the garage.  But nothing you can do if someone takes your part to a commercial reverse engineering house where they peel off the case and scan the flash right off the die.

  Jack Peacock