FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Readout protection of OBK-Keys from user software

Heinz_Baumer
Associate II

‎2025-02-07 2:20 AM

Hello.

If i set the product state to CLOSED (0x72)  without TZ-enabled (TZEN: 0xC3),

i can't access the device and the OBK-Keystore from outside.

But if i write a user program, i can read the whole OBK-Keystore at:
FLASH_OBK_BASE_S + 0x0100;

So perhaps it is possible to get access to the device with this information.

 

Is there a easy way to protect a read access to the OBK-Key, without using the TZ ?

Labels:
0 Kudos
1 REPLY 1
Jocelyn RICARD
ST Employee

‎2025-03-06 9:44 AM

Hello @Heinz_Baumer ,

I'm sorry for such late answer.

Yes, this is normal. The key store is made to be accessible by the firmware itself.

Now, you can use HDP isolation. You boot in HDP Level 1. You can switch to HDP Level 2. In that case, the OBK area associated to Level 1 will be no more accessible.

If you still need to access the obk during code execution, you can use MPU to isolate it.

Now, best isolation is to use TrustZone, with only secure application being able to access the OBK

Best regards

Jocelyn

 

Top