2 Replies Latest reply on Dec 12, 2019 11:29 PM by JeHu_3414236

    PSoC6 secure lifecycle attack

    JeHu_3414236

      When the PSoC6 is in the secure lifecycle, the SWD/JTAG port should be disabled.  Is the check for disabling still done by software somewhere in the ROM code?  The STM32 SWD protection can be bypassed by voltage glitching.  Can this attack be done on PSoC6?

       

      https://blog.kraken.com/post/3248/flaw-found-in-keepkey-crypto-hardware-wallet-part-2/

        • 1. Re: PSoC6 secure lifecycle attack
          RakshithM_16

          Hi JeHu_3414236,

           

          If the DAP is disabled by entering SECURE mode, then you will not be able to reprogram your device and you will not have any access to the ports. When you are entering SECURE mode the 'one time programmable' efuses will be programmed. The system boots up with the ROM boot code and it reads the efuse value to enable or disable the port.

           

          According to my understanding, (please correct me if I am wrong) two features of the micro-controller is misused -

          1. The protection data is written in flash memory as that is the only non volatile memory in the micro-controller.

                    This is not the case in PSoC 6 and the protection settings are programmed into efuses and this can not be reprogrammed. So any device which enters SECURE mode can no longer be changed back to SECURE WITH DEBUG or NORMAL mode.

          2. Soft reset, which just resets the core and not the entire system.

                    Once the device enters SECURE mode, there is no access to the DAP port. So there is no way you can communicate with the device to do a soft reset.

           

          Please let me know if you have any other queries/concerns.

           

          Happy to help,

           

          Thanks and Regards,

          Rakshith M B

          • 2. Re: PSoC6 secure lifecycle attack
            JeHu_3414236

            I believe the power glitch is meant to corrupt the protection data when it is loaded into a CPU register for comparison and not corrupt the flash memory.  In the PSoC case where the efuse is used, is the efuse value also loaded into a CPU register for comparison where it can be corrupted?