Hi,
from the manual refer on UM-WI-056, on section Appendix C SDK Memory Maps, on page: 96 I have notice that serial flash memory (SFLASH) can be used both for code execution and for storing application data. Since I have to store confidential information in the external memory, I want to ensure that it is protected from unauthorised access and attacks.
1.How can I protect the external flash memory from unauthorized read/write access?
2.Are there hardware-level protections (e.g., secure boot, memory access control) to prevent firmware extraction or modification?
I have seen that there is a command "sflash write 3AD000 10" to write in sflah memory. The data that I have tried to written come from predefined values or memory buffers in the firmware.
[MROM] sflash write 3AD000 10[MROM] sflash read 3AD000 10[003AD000] : 00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F
3. Is there any way to be able to write the data that I want?
thank you for your support! I have seen the documentation UM-WI-046 chap. 9 and as wrote in the previous reply I understand that the NVRAM writes is item oriented.
Now I have found in the code that there are two list of items (INT and STRING) defined as enums.
typedef enum {
/// DA16200 MAC Address in NVRAM (set only)
DA16X_CONF_STR_MAC_NVRAM,
/// DA16200 MAC Spoofing (set only)
DA16X_CONF_STR_MAC_SPOOFING,
/// DA16200 MAC in OTP (set only)
................................ }
1) e.g. if I want to save my AES key, should I add an enum such as DA16X_CUSTOM_AES_UART_128BIT_KEY to the STRING list?
And then I use the setenv command :
nvram.setenv DA16X_CUSTOM_AES_UART_128BIT_KEY 01-02-03-04-05-06-07-08-09-AA-BB-CC-DD-EE-FF
2) Does the firmware automatically store my key at the right address so that I see the NVRAM as a black box?
3) For instance I want to to store a key of 128 bit , how I could know if there is enough space in the NVRAM?
Best Regards
Hi There,Thank you for the reply.Please find below the answers to your questions:
1. If I want to save my AES key, should I add an enum such as DA16X_CUSTOM_AES_UART_128BIT_KEY to the STRING list?And then I use the setenv command.
-> An tsetenv command can be used to store user data in NVRAM without adding Items. tsetenv : tsetenv [temporary var] [string] ex) tsetenv DA16X_CUSTOM_AES_UART_128BIT_KEY 01-02-03-04-05-06-07-08-09-AA-BB-CC-DD-EE-FF
2. Does the firmware automatically store my key at the right address so that I see the NVRAM as a black box? -> The user key can be stored encrypted in the NVRAM area after applying secure NVRAM.
3. For instance I want to to store a key of 128 bit , how I could know if there is enough space in the NVRAM?
-> Available max NVRAM space is 4KB and can check the current usage size through getenv command.
Best Regards,OV_Renesas
Thank you for your feedback.
I have followed this procedure:
1) As First step, in the firmware I get my secret key with this API.
- Secret_key = char *read_nvram_string(DA16X_CUSTOM_AES_UART_128BIT_KEY).
I have added API function in user_main.c, as you can seen in the image below:
int user_main(char init_state) { int status = 0; char aes_key[70]; char *p = aes_key; ...................... ...................... ...................... PRINTF("Loading AES Key from NVRAM...\n"); p = read_nvram_string("DA16X_CUSTOM_AES_UART_128BIT_KEY"); if (p == NULL) { PRINTF("ERROR: AES Key Read Failed! Using Default Key\n"); memset(aes_key, 0, sizeof(aes_key)); // Clear memory } else { PRINTF("AES Key Read from NVRAM: "); for (int i = 0; i < 70; i++) { PRINTF("%c ", aes_key[i]); } PRINTF("\n"); PRINTF("AES Key Loaded Successfully!\n"); } .............. .............. .............. return status; }
2) Build project with with the changes made and Flashing images firmware using tera term console;
3) Open UART0 and From debug console send the command tsetenv :
4) reset, and reboot and AES Key Read from NVRAM is shown in the following capture :
The result is not expected output. how does this happen?
5) I have used the command getenv and I verify that effectivly i read the right string that temporary set with tsetenv command.
I have tried also using known ITEM in your project, but is the same error output after reading nvram .
Furthermore I think there is an error in your UM-WI-046: in the description of char * read_nvram_string()
you mention “Read an integer” while I suppose the right sentence should be “Read a string”
Best regards
Hi There,Thank you for the reply.
The user can read the key data in NVRAM using the read_nvram_string().
Thank you for checking the error in UM-WI-046 and we will fix it with "Read a string value".Best Regards,OV_Renesas
I am tried to read AES key from NVRAM using char *read_nvram_string as showed in the following code . I have added API function in the following file of SDK project (da16200/customer_aap/src/user_main/user_main.c).
int user_main(char init_state) { int status = 0; char aes_key[70]; char *p = aes_key; ..................... ..................... PRINTF("Loading AES Key from NVRAM...\n"); p = read_nvram_string("DA16X_CUSTOM_AES_UART_128BIT_KEY"); if (p == NULL) { PRINTF("ERROR: AES Key Read Failed! Using Default Key\n"); memset(aes_key, 0, sizeof(aes_key)); // Clear memory } else { //PRINTF("AES Key Read from NVRAM: %s\n", aes_key); PRINTF("AES Key Read from NVRAM: "); for (int i = 0; i < 70; i++) { PRINTF("%c ", aes_key[i]); } PRINTF("\n"); PRINTF("AES Key Loaded Successfully!\n"); } ................. return status; }
The output in the tera term console is not as expected. The characters are mismatched, they do not display correctly !
How solve this mismatching?
Hi There,Thank you for the reply and apologies for the delay.There were some mismatches in the example code.We provide an example to write and read a custom key in NVRAM.Please find attached the Secure_NVRAM.zip file.It contains- ReadMe- Example code- Console Log.Please let us know if you have any other questions or requests.Best Regards,OV_Renesas Secure_NVRAM.zip