Go Down

Topic: Is there a 'secure' storage anywhere in ATMega chips? (Read 1 time) previous topic - next topic

7h3w4rd0c70r

Oct 09, 2016, 10:16 pm Last Edit: Oct 10, 2016, 01:23 am by 7h3w4rd0c70r
Hi guys, I'm dealing with a small problem. I need to store some secret data (concretely a private key to RSA). Logical solution to store data for a long time is to use EEPROM, but I really don't want to do this, because dumping the content of EEPROM is quite simple. Could I save this data to a different memory on arduino board, e.g. to a flash (program) memory next to the program? And is it safer? I would say that you can dump any type of memory, but I want to do it as hard as I can for a potential attacker (if he gets a physical access to arduino).
So what do you think, is something like that possible?
Thanks!

PaulS

Quote
Could I save this data to a different memory on arduino board, e.g. to a flash (program) memory next to the program?
There is ONE flash memory on the Arduino. ALL of it is overwritten when a sketch is loaded. So, I really don't understand what you mean by "next to the program".

Quote
I would say that you can dump any type of memory, but I want to do it as hard as I can for a potential attacker (if he get a physical access to arduino).
There are fuses you can set that require a high voltage programmer to replace the contents of flash memory, that remove the ability to read the existing flash memory.
The art of getting good answers lies in asking good questions.

CrossRoads

Or double encrypt the data, with the 2nd decryption method not stored on the card.
Designing & building electrical circuits for over 25 years.  Screw Shield for Mega/Due/Uno,  Bobuino with ATMega1284P, & other '328P & '1284P creations & offerings at  my website.

7h3w4rd0c70r

There is ONE flash memory on the Arduino. ALL of it is overwritten when a sketch is loaded. So, I really don't understand what you mean by "next to the program".
Yeah, of course there's only one, but I don't really need to upload a new sketch once I have my final version done. So I was thinking about something like generate the key on a first startup, access (somehow) the flesh memory and save the key next to the program (=sketch) - the program usually doesn't require 100% space of the memory. Then on every other startup program will detect the key and won't generate it again. What do you think about that?

MorganS

I think you can use an ISP programmer to write to arbitrary blocks of flash. Then use the same programmer to write the fuses which will prevent that block from being read outside of the chip.

But having the program itself able to read and write to that block? That is the opposite of security unless you also blow the fuses that will prevent the program itself from ever being overwritten. Otherwise a hacker could just use an ISP to write over the program with another program which reads the protected block.
"The problem is in the code you didn't post."

CrossRoads

"Then use the same programmer to write the fuses which will prevent that block from being read outside of the chip."

I don't think the fuses provide much granularity - I think it's the bootload section, and the rest of the flash.

Maybe put your key in the bootload section, that will stay in place for subsequent serial uploads.
Designing & building electrical circuits for over 25 years.  Screw Shield for Mega/Due/Uno,  Bobuino with ATMega1284P, & other '328P & '1284P creations & offerings at  my website.

PaulS

Quote
What do you think about that?
Was there some part of "There is ONE flash memory on the Arduino. ALL of it is overwritten when a sketch is loaded." that you didn't understand? When loading a sketch, you can NOT tell the bootloader "Only overwrite some of flash; keep the stuff from xxxx to yyyy".
The art of getting good answers lies in asking good questions.

7h3w4rd0c70r

I probably have a solution, I'll put the key fixed into the code and use PROGMEM to avoid SRAM and then use fuse lock.

Was there some part of "There is ONE flash memory on the Arduino. ALL of it is overwritten when a sketch is loaded." that you didn't understand? When loading a sketch, you can NOT tell the bootloader "Only overwrite some of flash; keep the stuff from xxxx to yyyy".
Read again the whole post you quoted from, obviously you didn't get what I said.

MorganS

Actually I think it would be fairly easy to load a new bootloader onto an Arduino which doesn't overwrite all Flash memory. I would need a budget of about 10 Arduinos to be permanently bricked to test this thoroughly though.

Hint: The original bootloader for AVR Arduinos doesn't overwrite itself, so it isn't doing a full system wipe like an Arduino Due does.
"The problem is in the code you didn't post."

Go Up