Skip to main content
VTver.1
VTver.1
Associate II
April 17, 2023
Question

How internal flash of STMU575/585 can be protected from copying during firmware update at manufacturer/customer side?

  • April 17, 2023
  • 2 replies
  • 1330 views

We deliver encrypted image to the customer-manufacturer. After image update is performed the image is stored opened in internal flash. With RDP level set to 2 it is possible protect from jtag debugging and access. But if hacker at manufacturer side, writes it's own application (both desktop and ST part, residing in SRAM, or even one of internal flash banks) to read internal flash, what kind of physical protection on ST MCU side can be applied at this stage?

Assume experienced hacker can write it's own "CubeProgrammer tool", which would read internal flash. How flash can be protected from that?

This topic has been closed for replies.

2 replies

Tesla DeLorean
Tesla DeLorean
Guru
April 17, 2023

Perhaps have a roster of staff at least as smart as the hacker(s)?

Involve some of your own trusted staff at manufacture.

Have a method of delivery that uses root of trust, and sends a device unique firmware to each device, tied to things that the manufacturer doesn't know or control. ie server equipment you own/manage, private keys

Tips, Buy me a coffee, or three.. PayPal VenmoUp vote any posts that you find helpful, it shows what's working..
VTver.1
VTver.1Author
Associate II
April 18, 2023

If a word 'hacker' confuses let's explain it as somebody at customer-manufacturer side, who wants illegally copy the firmware, which resides decrypted in internal flash. Since it is already decrypted manufacturer doesn't need to know the key at this moment. Is internal flash protected from that? By what means?

Pavel A.
Pavel A.
Super User
April 17, 2023

ST offers a toolset named SFI which addresses this concern.

See https://www.st.com/en/embedded-software/x-cube-sfi.html

VTver.1
VTver.1Author
Associate II
April 18, 2023

If I strictly follow the steps of using this tool, I will not be able to extract the encrypted image. But after I have finished flashing the firmware it resides decrypted in internal flash. ST offers SFI tool to write into internal flash. What means can guarantee, that similar tool, which reads decrypted internal flash instead of writing it, can' be created? And another side of this question if how verification, that firmware was flashed correctly and is bitwise with original one, is performed?

Terms & ConditionsAccessibility statement