Security of External Flash DA16200

Question

Hi, 
 from the manual refer on UM-WI-056 , on section Appendix C SDK Memory Maps , on page: 96 I have notice that serial flash memory (SFLASH) can be used both for code execution and for storing application data. Since I have to store confidential information in the external memory, I want to ensure that it is protected from unauthorised access and attacks. 
 1.How can I protect the external flash memory from unauthorized read/write access ? 
 2.Are there hardware-level protections (e.g., secure boot, memory access control) to prevent firmware extraction or modification? 
 I have seen that there is a command "sflash write 3AD000 10" to write in sflah memory. The data that I have tried to written come from predefined values or memory buffers in the firmware. 
 [MROM] sflash write 3AD000 10 [MROM] sflash read 3AD000 10 [003AD000] : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 
 3. Is there any way to be able to write the data that I want?

OV_Renesas · Answer

HI There, Thank you for posting your question online. Let me try to answer your questions: 
 DonatoC said: 1.How can I protect the external flash memory from unauthorized read/write access ? 
 There are answers to DA16200 security questions. 
 
 DA16200 can encrypt Wi-Fi password data using Secure NVRAM over the UART AT command. See UM-WI-015 section 4.7. 
 DA16200 supports Secure NVARM. The contents in NVRAM can be encrypted with the runtime secure APIs for security using Huk, Kpicv, and Kcp in the OTP. 
 The DA16200 provides a secure boot function that allows trusted images signed with a key to match the registration information in the system during the boot process to ensure the system&rsquo;s platform integrity. In the production step, it is necessary to register the key information for authentication in the OTP, which is protected by ARM CC312 security engine.

DonatoC said: 2.Are there hardware-level protections (e.g., secure boot, memory access control) to prevent firmware extraction or modification? 
 Please refer on UM-WI-015 DA16200 DA16600 Security Tool User Manual Please also check on DA16200 Datasheet And also check on UM-WI-046 DA16200 DA16600 FreeRTOS SDK Programmer Guide section 16 Crypto Examples. Best Regards, OV_Renesas

OV_Renesas · Answer

Hi There, Thank you for the reply and apologies for the delay. 1) Please do not raise the same questions here and directly on your local FAE. We have both created internal ticket for the same issue. That is not efficient. 2)You want to store the user data securely in SFLASH 
 Secure storage and NVRAM features support full services to encrypt raw data and decrypt secure data. But Secure Asset only supports a one-way function used to decrypt assets. 
 Secure Storage and NVRAM can use two key types depending on applying the Secure boot process. 
 
 Keys in Secure boot: Root key, Kcp, Kpicv in OTP 
 Keys in None Secure boot: User key 
 
 The secure boot provides high security but each DA16200 device should apply the Secure boot process when the device mass production. It will increase the mass production resources. The User key case doesn't need the Secure boot process but the customer should manage it in a specific way. 
 
 UM-WI-015 Sections 4.7.2 and 4.7.3 describe Secure Storage and Secure NVRAM functions. 
 
 SDK v3.2.9.1 supports Secure NVRAM with User key case but v3.2.8.1 needs the patch as follow. Security_DA16200.zip Please let us know if you have any other questions or requests. Best Regards, OV_Renesas

OV_Renesas · Answer

Hi there, Thank you for the reply. It will not work with the sflash write command. Please follow the instructions and apply the patch on your project. You will be able to write encrypted data via the NVRAM menu on UART0 or via the APIs on FreeRTOS SDK. Best Regards, OV_Renesas

OV_Renesas · Answer

Hi There, Apologies for the delay. 
 1. How could perform write with one of the NVRAM commands? NVRAM commands for writing and reading one item. 
 
 setenv: write in NVRAM 
 getenv: read in NVRAM

When Secure NVRAM is enabled, the 'setenv' writes the item value after encrypting, and the 'getenv' reads the value after decrypting. Other NVRAM commands also write and read values with encryption/decryption. 
 2. Are there no WiFi configurations in this memory? Wi-Fi configuration profiles information also are stored in NVRAM. 
 3. How do I avoid corrupting them with our writings? NVRAM backup supports avoid corrupting them. When NVRAM is corrupted, NVRAM data is restored from NVRAM #1 automatically. 
 UM-WI-056 C.1 SFlash Memory Map: 
 4. Is the User Area encrypted like NVRAM? User area can be encrypted like NVRAM using Secure storage. Please refer to UM-WI-015 section 4.7.2. 
 5. Should I write to NVRAM in terms of ITEMs and not addresses? The DA16200/DA16600 SDK defines various parameters for Wi-Fi interface configuration, and they are saved as profiles in the NVRAM. So, it should be written to NVRAM using ITEMs and not addresses. Please refer to UM-WI-046 chap. 9 in detail. 
 Please let us know if you have any other questions. Best Regards, OV_Renesas

OV_Renesas · Answer

Hi There, Thank you for the reply. 
 The user can read the key data in NVRAM using the read_nvram_string(). 
 Thank you for checking the error in UM-WI-046 and we will fix it with "Read a string value". Best Regards, OV_Renesas

OV_Renesas · Answer

Hi There, Thank you for the reply and apologies for the delay. There were some mismatches in the example code. We provide an example to write and read a custom key in NVRAM. Please find attached the Secure_NVRAM.zip file. It contains - ReadMe - Example code - Console Log. Please let us know if you have any other questions or requests. Best Regards, OV_Renesas Secure_NVRAM.zip

Security of External Flash DA16200

Top Replies