FAQs
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

STLINK JTAG Vulnerability when RDP2

Go to solution
PJose.4
Senior

‎2024-10-10 07:04 AM - edited ‎2024-10-10 07:06 AM

Hi @Jocelyn RICARD 
Greetings

We have a query from our support team

"known vulnerability in the STM32U5 series related to the JTAG lock when using RDP (Readout Protection) Level 2."

 Is it advisable to proceed with this implementation, or should we consider alternative solutions?

Reference:

STM32 JTAG lock vulnerability with RDP Level 2:SECGlitcher (Part 1) - Reproducible Voltage Glitching on STM32 Microcontrollers - SEC Consult (sec-consult.com)

 

How can this vulnerability resolved or any other suggestion in this regard

Thanks again

Philip

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
Go to solution
Jocelyn RICARD
ST Employee

‎2024-10-10 08:26 AM

Hello Philip,

As far as I know there is no known vulnerability on the RDP of the STM32U5.

The link you provide concerns old STM32 that were designed before the glitching attacks became common and also when security was not yet a bit concern.

The STM32U5 was certified SESIP Level 3 with board level robustness.

Most of the new STM32 devices have or will get soon the certification.

You can have a look to this page showing which products have a certification.

You can find certificates details in TrustCB page here.

Regarding the STM32 that have no such certification, you can check the ST PSIRT page here

where you will find all the security bulletins and advisories.

In particular TN1489-ST-PSIRT that addresses all STM32 that don't have any certification:

"Regarding STM32 products and their resistance to physical attacks:
Unless an STM32 product is SESIP or PSA certified as having a security assurance level covering physical attacker
resistance, it may be vulnerable to physical attacks"

In conclusion, STM32U5 is not concerned by the attack you mention.

Best regards

Jocelyn

 

 

 

 

 

 

 

View solution in original post

0 Kudos
2 REPLIES 2
Go to solution
Jocelyn RICARD
ST Employee

‎2024-10-10 08:26 AM

Hello Philip,

As far as I know there is no known vulnerability on the RDP of the STM32U5.

The link you provide concerns old STM32 that were designed before the glitching attacks became common and also when security was not yet a bit concern.

The STM32U5 was certified SESIP Level 3 with board level robustness.

Most of the new STM32 devices have or will get soon the certification.

You can have a look to this page showing which products have a certification.

You can find certificates details in TrustCB page here.

Regarding the STM32 that have no such certification, you can check the ST PSIRT page here

where you will find all the security bulletins and advisories.

In particular TN1489-ST-PSIRT that addresses all STM32 that don't have any certification:

"Regarding STM32 products and their resistance to physical attacks:
Unless an STM32 product is SESIP or PSA certified as having a security assurance level covering physical attacker
resistance, it may be vulnerable to physical attacks"

In conclusion, STM32U5 is not concerned by the attack you mention.

Best regards

Jocelyn

 

 

 

 

 

 

 

0 Kudos
Go to solution
PJose.4
Senior

‎2024-10-10 10:13 PM

Hi @Jocelyn RICARD 
Greetings

thanks for your update. This information is really helpful for us to continue with further processes 

 

Best Regards
Philip

0 Kudos
Top