[SOLVED] Flasher Secure security (signed non-ST devices?)

ErgoChris · Jun 10th 2021, 12:24am

I am considering using Flasher Secure, but I haven't been able to learn enough to be convinced of its security. In the "UM08032 Flasher Secure User Guide & Reference Manual", it says that using it with ST devices, "The chip’s public key additionally is signed by ST, so the server can determine if the public key originates from a real device." This seems essential to protect the IP. Without it, a malicious custom device could do the necessary handshaking, provide a public key, accept the encrypted code, decrypt it, and make it available to the malicious user to load on other devices, decompile, etc.

How is this device signing handled for non-ST devices (Nordic nRF52 in my case)?

SEGGER - Arne · Jun 10th 2021, 2:55pm

Hello Chris,

Some ST devices support a secure firmware download interface.

For devices without a secure firmware download interface, we use a different approach. We create a signature over a unique and unchangeable ID, so the firmware can verify
that it is running on the device with exactly this ID. This will cause a signature failure on a cloned device, so the firmware can halt or react in another way. The system basically
works as a clone protection.

ErgoChris · Jun 10th 2021, 3:54pm

OK, it sounds like a sophisticated user could get access to our unencrypted binary, but they would only be able to load it on additional devices if they are knowledgeable enough to edit it to disable the code that checks the device ID. In other words: security through obscurity. Is that correct?

SEGGER - Arne · Jun 10th 2021, 4:46pm

Hello Chris,

We can only do what is theoretically possible. If you are interested in an individual solution for your MCU, which would at least provide some basic protection for the binary, please contact us directly.

segger.com/about-us/contact-us/ (Production)

Share