cancel
Showing results for 
Search instead for 
Did you mean: 

MPU security empowerment

SigmaPrime
Senior

Hello,

My goal is to harden my Hardware security. I am using an STM32MP157C and buildroot as main distro.

What exactly do I need to know when it comes to security? I am dealing with the hardware part and I am working on an IoT project.

My colleague takes care of the server Tel. We have already successfully transferred sensor data to the server. But I don't think I can improve network security from a hardware point of view, do I? I don't have access to the server.

I want to secure my hardware, but in my mind I don't see many options (not my domain) besides managing file permissions and isolating some personal scripts in another user profile.

For hardware security, we can start with a hardened kernel that custom compiles with priority over priority. Then we can have the root encrypted using LUKS or another option out of many. Data encryption before sending it to a server may be considered here. I also can use strong passwords and use a password manager like pass or even the Gnome keyring.

A number of hash functions are available through the terminal (md and sha series) or we can use openssl which has a number of hash and data encryption ciphers like AES256, chacha20 etc. But that has more to do with the server, right? Not with the MPU.

I have no experience with hardware security and cybersecurity. My thought may be wrong. I am still confused because I don't have access to the server and I can't differ between what I am supposed to do from a Hardware point of view and what my colleague does from a software(network) point of view.

thanks

5 REPLIES 5
KnarfB
Principal III

Security is a very broad topic with many aspects. You may start reading here https://www.st.com/content/st_com/en/stm32trust.html. But, before thinking of technologies and implementions, you should make a threat and risk analysis for your IoT product.

PatrickF
ST Employee

Hi,

I think another good start for STM32 MPU is https://wiki.st.com/stm32mpu/wiki/Security_overview.

Security is a never ending story, you have to think about which kind of attacks you want to protect (there is probably many publications on that) and then became a bit paranoiac.

In order to give better visibility on the answered topics, please click on 'Accept as Solution' on the reply which solved your issue or answered your question.

Thank you. Will this collide even if I use a distro other than OpenST-Linux? I am using Build root as main distro.

Thank you :) Yes this is most what I am trying to do although I do not have further knowledge in security. This neither my field of study nor have I worked on it before. I am a working student at a start-up trying to learn new things that's why I struggle a bit at the beginning.

It depends more on the Linux kernel version, u-boot, TF-A,.. and apps you are installing rather than the build framework (yocto vs. buildroot). As ST prefers yocto, you cannot be wrong following that path, getting updates and fixes asap.