[konstmonst]

What is the problem to take a 10$ stm32f discovery board and use it as TPM. There are different flash protections:

1) you can read/write flash via JTAG

2) you can only write flash, but not read the old one

3) you can't rewrite flash, neigher can you read it.

You will still have to implement USB communication, but there is already a lib from STM for it. Some models also have generous flash (in MB ranges).

You can use internal SRAM which is more than enough and use AES acceleration peripherial. One can attach sdcard and use SPI + DMA + AES periherial to shuffle data along if one needs alot of storage.

[kosma]

Send me a locked STM32F1 chip and I'll send you back the binary contained in it. Not kidding. The problem with general purpose MCUs is that they are trivial to break.

[lisper]

Can you do that with an F4? If so, I'd like to take you up on your offer. I'll even pay you if you tell me how you did it.

[kosma]

Security on F4 is way better. I haven't found a way to circumvent the JTAG fuse - but to be honest, I never really tried as I don't have access to proper glitching hardware.

[lisper]

What would you need?

[kosma]

A ChipWhisperer and some boring winter weekends, probably. I don't break these for cash or fame; it's just for fun.

[lisper]

> A ChipWhisperer

OK, you've got it. Where should I have it sent?

[konstmonst]

I would be very interested in the information on how can you do this :) We already use a Cypress PSoC5LP MCU with a flash protection feature as a License Manager(Essentially a TPM with encyption keys in locked flash) because we had a surplus of those. I am just trying to estimate if it is dangerous an should be changed. Our case is to prohibit Customers (mostly industry) from pirating firmware for new devices.

[userbinator]

Various companies in China and Russia will read locked MCUs for a fee. Search for "MCU Break".

I know someone who uses one of these services to get the firmware for old industrial equipment whose manufacturer had long gone out of business or stopped providing support and replacing would cost far more. Total cost was <$1000USD, although that was an older MCU.

[bogomipz]

I had to look up TPM, I didn't realize there was an open standard for crypto processors. Is it safe to say that most HSMs are TPMs?

[nicolas314]

They are quite different beasts. HSMs offer tamper protection through various physical means like wrapping all components in resin, or implementing self-destruction mechanisms. Smart cards protect their secrets against all kinds of side channel attacks trying to read keys off a thermal signature for example.

TPMs in most cases are based on smart cards but can also be implemented in a TEE (Trusted Execution Environment). Security does not always mandate tamperproof hardware.

[bogomipz]

Thanks for the clarification.