Update keys used by the SBSFU

Question

Hello,I am designing a firmware for an IoT that needs to be able to be updated securely. I decided to use the X-CUBE-SBSFU package. From a crypto point of view, the requirements are that:The firmware update needs to be confidentialThe firmware update needs to be authenticatedTherefore, I decided to use the SECBOOT_ECCDSA_WITH_AES128_CBC_SHA256 crypto scheme.So I will need to store on the IoT :One symetric key for AES128 (key 1)One public key for ECCDSA ((key 2)According to the UM2262 user manual, those keys are stored in the secure enclave. This means that :If I activate RDP lvl 2, those keys are immutable and can never be updatedIf I activate RDP lvl 1, I can mass erase the flash and reflash a bootlader with new keys so I need physical access to the device for the updateQuestion 1: Are those 2 statements correct ?Another possible scenario that I see is that:I use the Key Management System MiddlewareI modify the SBSFU so that the keys are stored in the section of the flash referred as "KMS Data" in the X-CUBE-SBSFU documentation.As the KMS Data can be updated using the KMS secure update procedure, I will be able to update the keys remotleyQuestion 2: Is this something you would advice me to do ?Question 3: In the example projects, the KMS secure update is used to update keys unrelated to the SBSFU (i.e. keys of the User applicaton), is this for a security reason that I am missing ?A last scenario is :I use the Key Management System MiddlewareI use the STSAFE-A110 as the external token for the KMSI modify the SBSFU so that the keys are stored on the STSAFEI modify the KMS secure update procedure so that it becomes possible to update keys located on the STSAFE remotelyQuestion 4: From you point of view, are the extra security of the STSAFE making that scenario more valuable ?Question 5: Why is there no example projects in which the keys 1 and 2 are stored on the STSAFE ? Is that a security issue ?

Jocelyn RICARD · Accepted Answer

Hello @BEnge.1​ Question1: You didn't specify the STM32 but I guess you are targeting a STM32L4. In that case, yes this is correct. On other chips, like STM32H7, using secure memory you can make JTAG access impossible in RDP1 also.Question2: The principle of a secure boot is to rely on a root of trust. The root of trust in our case is the combination of 1) generating and keeping the keys in a safe place2) flashing your secure boot in a secure environment3) setting write protection on secure boot and RDP2 so that secureboot cannot be changedFrom this point you are sure that no one can update the firmware.So, opening the ability to change the secureboot, and the keys will increase the risk. Question 3: It could be possible to use the KMS to update the symmetric key used for firmware encryption. KMS security is based on same mechanism as SBSFU with different key. So, you would rely on a public key for authentication and a symmetric key for confidentiality specific to KMS to provision new keys for SBSFU. Then the same question would arise concerning KMS keys ...Question4: I guess your question is to compare with KMS not using STSAFE. In that case, yes, the use of STSAFE would improve the security. Now you need to know that STSAFE usage also require pairing keys to be stored in the device. These keys are used to have a secure communication with the STSAFE. Question5: SBSFU was originally made to run on a STM32 standalone. The addition of STSAFE is more related to the need for cloud credentials that can be previsioned in secure factory before assembly.Now, the STSAFE example in SBSFU demonstrates the use of a chain of certificates for firmware authentication. But, firmware encryption key is kept in the STM32 flash...Best regardsJocelyn

BEnge.1 · Answer

Thank you for your quick and comprehensive answer @Jocelyn RICARD​ . Kindest regards,Benjamin

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded