Skip to main content
S
SigmaPrime
Visitor II
November 20, 2020
Question

MPU security empowerment

  • November 20, 2020
  • 2 replies
  • 1080 views

Hello,

My goal is to harden my Hardware security. I am using an STM32MP157C and buildroot as main distro.

What exactly do I need to know when it comes to security? I am dealing with the hardware part and I am working on an IoT project.

My colleague takes care of the server Tel. We have already successfully transferred sensor data to the server. But I don't think I can improve network security from a hardware point of view, do I? I don't have access to the server.

I want to secure my hardware, but in my mind I don't see many options (not my domain) besides managing file permissions and isolating some personal scripts in another user profile.

For hardware security, we can start with a hardened kernel that custom compiles with priority over priority. Then we can have the root encrypted using LUKS or another option out of many. Data encryption before sending it to a server may be considered here. I also can use strong passwords and use a password manager like pass or even the Gnome keyring.

A number of hash functions are available through the terminal (md and sha series) or we can use openssl which has a number of hash and data encryption ciphers like AES256, chacha20 etc. But that has more to do with the server, right? Not with the MPU.

I have no experience with hardware security and cybersecurity. My thought may be wrong. I am still confused because I don't have access to the server and I can't differ between what I am supposed to do from a Hardware point of view and what my colleague does from a software(network) point of view.

thanks

    This topic has been closed for replies.

    2 replies

    K
    KnarfB
    Super User
    November 20, 2020

    Security is a very broad topic with many aspects. You may start reading here https://www.st.com/content/st_com/en/stm32trust.html. But, before thinking of technologies and implementions, you should make a threat and risk analysis for your IoT product.

    S
    SigmaPrimeAuthor
    Visitor II
    November 21, 2020

    Thank you :) Yes this is most what I am trying to do although I do not have further knowledge in security. This neither my field of study nor have I worked on it before. I am a working student at a start-up trying to learn new things that's why I struggle a bit at the beginning.

    P
    PatrickF
    Technical Moderator
    November 20, 2020

    Hi,

    I think another good start for STM32 MPU is https://wiki.st.com/stm32mpu/wiki/Security_overview.

    Security is a never ending story, you have to think about which kind of attacks you want to protect (there is probably many publications on that) and then became a bit paranoiac.

    S
    SigmaPrimeAuthor
    Visitor II
    November 21, 2020

    Thank you. Will this collide even if I use a distro other than OpenST-Linux? I am using Build root as main distro.

    K
    KnarfB
    Super User
    November 21, 2020

    It depends more on the Linux kernel version, u-boot, TF-A,.. and apps you are installing rather than the build framework (yocto vs. buildroot). As ST prefers yocto, you cannot be wrong following that path, getting updates and fixes asap.

    Terms & ConditionsAccessibility statement