2024-03-14 06:09 AM
I have STM32U5 MCU and the TrusZone is disabled. Is it possible to have secure boot or not. If yes, please can you explain to me how I can achieve this. Thanks a lot
2024-03-14 06:48 AM
Hello @SemSem ,
I put here same answer as other post were you asked same question.
As explained above we don't provide such secure boot.
Here are the solutions you have
1- You adapt the provided example but it may be challenging and you would lose important protection features
2- You enable TrustZone and create a secure only application
3- You enable TrustZone, create a secure application that will make everythnig non secure and develop you non secure application as if no TZ was enabled.
I shared somewhere in the forum an example of this secure application.
Best regards
Jocelyn
2024-03-15 04:27 AM - edited 2024-03-15 04:39 AM
First if all thanks a lot for you attention and the quick response. So, base on that if the trustzone is disables this means that:
1- The internal MCU support for secure storage is disabled. In addition, no secure element or TPM is used to store the keys.
2- The internal flash can't be considered a tamper proof storage for sensitive information unless it's handled by the trust zone.
3- Secure storage support is disabled in the system
and the consequences will be:
1- Any successful attack on the MCU which is able to read the device flash memory, will result is successful read of all the sensitive information and cryptographic materials.
2- Attacker can dump all the certificates, session keys, and flash encryption key from the internal flash memory.
3- Even if some parts of the internal flash are encrypted, the encryption key for this part is still stored in the internal flash. After a successful flash intrusion, it will require the attacker more analysis for finding out the encrypted section and its key.
Even with The RDP=2
Please I am looking forward for you reply and help.
Best Regards