Secure boot support on 2073X

Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob
Anonymous
Not applicable

Any way to protect our program which stored inside EEPOM/SPI Flash?

We don't want orthers to copy our design? are we able to have some mechanism like secure boot?

0 Likes
1 Solution
MichaelF_56
Moderator
Moderator
Moderator
250 sign-ins 25 comments on blog 10 comments on blog

Unfortunately, the 2073x does not have OTP or anything else that is unique per the specific chip.  One possible means to protect your IP would be to use the SIP module, which does not allow access to EEPROM after device has been manufactured.

However, when combined with a product like Atmel’s CryptoMemory, it seems that this could offer some level of IP protection on the SOC: http://www.atmel.com/products/security-ics/secure-memory/default.aspx

View solution in original post

0 Likes
8 Replies
MichaelF_56
Moderator
Moderator
Moderator
250 sign-ins 25 comments on blog 10 comments on blog

Unfortunately, the 2073x does not have OTP or anything else that is unique per the specific chip.  One possible means to protect your IP would be to use the SIP module, which does not allow access to EEPROM after device has been manufactured.

However, when combined with a product like Atmel’s CryptoMemory, it seems that this could offer some level of IP protection on the SOC: http://www.atmel.com/products/security-ics/secure-memory/default.aspx

0 Likes

As a follow up on this, when you say manufactured do you mean after the device has been programmed by us the end user, or do you mean when the device is manufactured by Broadcom? (I'm referring to the BCM20732S). Also by posting this I'm trying to get at the question about prevention of uploading our program from the BCM20732S and propagation of the code to other modules.


0 Likes

Manufactured by Broadcom.  Recall that the EEPROM is internal to the module, so it is not physically accessible on the SIP module and the EEPROM can only be re-programmed externally using the HCI UART with a system running our programming protocol (supplied in the SDK).

0 Likes


OK, I get that, I just had not tried to read the device with the HCI UART, so was not sure if it was possible to read the EEPROM. If your telling me there is no way to read the EEPROM through the HCI UART, and that it can only be fully reprogrammed and not read, then this sounds secure. Can you confirm this?

0 Likes

Your understanding is correct.

0 Likes
ShawnA_01
Employee
Employee
10 questions asked 5 comments on KBA First comment on KBA

One additional thought: I believe there is a feature in the SDK tools (starting in SDK version 2.0.0) when using the I2C/EEPROM interface, whereby the contents of the application code is compressed before programming. 

This was added to decrease the bootup time when the ARM-CM3 retrieves the application code from EEPROM.   Since SFLASH is attached via (the faster) SPI bus, there is no compression.

So, when using EEPROM, you could consider the compression step as one more layer of security?

0 Likes
Anonymous
Not applicable

May you specify how to enable compression feature please?

The thing we are worrying that is everybody can using EEPROM programming machine to duplicate your IP. If so, it still can be boot from another BCM2073x without problem.

But this feature may increase some security if someone want to disassemble machine code it for sure. It’s helpful. Thanks.

0 Likes

The compression is automatically enabled in the SDK when using EEPROM device.

0 Likes