AnsweredAssumed Answered

STM32L0 and SWD access (trying to implement secure boot)

Question asked by Thomas Roell on Apr 24, 2018

Ok, this is half way simple but I have not found any good answer yet.

 

I have some data in EEPROM that needs to be shielded from SWD accesses (and some later on at runtime in SRAM). Direct SWD reads can be to EEPROM can be blocked by RDP level 1 and RDP level 2. So far so good. But application code can still read this programmatically (like SWD injecting a simple read loop into SRAM). Hence one needs to use the builtin FIREWALL peripheral.

 

Ideally for the problem at hand would be RDP level 1, as the USB/DFU bootloader still works, and you can mass-erase the device and put new firmware onto it (that is kind of a requirement for me). Downside is that SWD is enabled at reset. So even before the first instruction is executed, an attacker can inject such a read loop, read the data, and bypass the setup up the FIREWALL.

 

So now my question is whether there is some way to either shield some code from debugger accesses (even a break point in there). to prevent the enabling of the FIREWALL ?

 

Or is there a way to disable SWD accesses at boot ? 

 

Or is RDP level 2 the only way to deal with this problem ?

Outcomes