3.5 List of attack targets
The following sections list the possible attack targets.
Initial provisioning
The cryptographic data for root of trust for the chain of security must be injected to the SoC in a controlled
trusted way. Whether it is a key, a certificate or a hash initial value, it must remain immutable and/or secret. Once
programmed inside the device, the data protection mechanism must be enabled and only authorized process
must have access to it.
• Risks: firmware corruption or usurpation
• Countermeasures:
– trusted manufacturer environment
– use of secure data provisioning services (SFI)
– data protection mechanisms
– secure application isolation
– use of OTP memory
Boot modification
The purpose of this attack is to use the bootloader to access to device content. The attack aims at modifying the
boot mode and/or the boot address to preempt the user application and to take control of the CPU through the
bootloader (via USB DFU, I2C or SPI), the debug port or through a firmware injected in RAM. The boot mode and
the address are controlled by device configuration and/or input pin and must be protected.
• Risks: full access of the microcontroller content
• Countermeasures:
– unique boot entry
– bootloader and debug disabled (see Section 6.2 Readout protection (RDP))
Secure boot (SB) or Trusted Firmware-M (TF-M)
Robust systems rely on initial firmware integrity and authenticity check before starting the main application. As the
root of trust of a device, this part of user firmware must be immutable and impossible to bypass.
A successful attack consists in executing a non-trusted application by bypassing the verification and by jumping
directly to the malware. It can be done by hardware techniques such as fault-injection. It can also be done by
replacing the expected hash value by the hash value of the malware (refer to the Initial provisioning section at the
beginning of this chapter).
• Risks: device spoofing or application modification
• Countermeasures:
– unique boot entry point to avoid verification bypass
– "immutable code" to avoid SB code modification
– secure storage of firmware signature and/or tag value
– environment event detection (such as power supply glitch, temperature or clock speed)
Firmware update
The firmware update procedure allows a product owner to propose corrected version of the firmware to ensure
the best user experience during device lifetime. However, a firmware update gives an attacker an opportunity to
enter the device with its own firmware or a corrupted version of the existing firmware.
The process must be secured with firmware authentication and integrity verification. A successful attack requires
an access to the cryptographic procedure and keys (refer to the Initial provisioning section at the beginning of this
chapter).
• Risk: device firmware corruption
• Countermeasure: SFU application with authentication and integrity checks. Confidentiality can also be
added by encrypting the firmware in addition to signature.
AN5156
List of attack targets
AN5156 - Rev 8
page 13/56
To Next Page
Loading...
Need help?
General
