STM32H7 OTFDEC code security information practice and encryption tool

afei9527

STM32H7 OTFDEC code security information practice and encryption tool [Copy link]

Preface

Starting from the STM32H73x series, we have introduced a new peripheral module, OTFDEC. Its full name is on the fly decryption. Its introduction can help everyone solve the pain points of code protection.

About OTFDEC

As we all know, the code is stored in the on-chip Flash. As long as the JTAG debug port is protected and the key code on the chip is isolated, it is still quite safe in preventing logical attacks and direct detection. However, the capacity of on-chip Flash is limited after all. In some applications, we need to store the code in off-chip Flash or even execute it directly from off-chip Flash. Compared with on-chip Flash, off-chip Flash is much more vulnerable to attacks. There is generally no hardware-level protection for off-chip Flash. As long as its material number and its read and write timing are known, it is not difficult to read the content inside.
So a natural idea is to encrypt the code and then put it on the off-chip Flash, so that even if someone reads the ciphertext code inside, as long as they do not have the key, they cannot obtain the valid information of the code. For the OTFDEC decryption principle official website AN5281 note address: https://www.st.com/resource/en/application_note/dm00604143-how-to-use-otfdec-for-encryptiondecryption-in-trusted-environment-on-stm32-mcus-stmicroelectronics.pdf


Practice: Two projects are required
boot project
The microcontroller environment octospi and OTFDEC need to be initialized, and then jump to the external flash to execute the program. It needs to be pre-burned to the internal FLash of the microcontroller and powered on to start running.
The process is as follows
OSPI_Init();-->Setup_Regions(OTFDEC_REG_MODE_INSTRUCTION_OR_DATA_ACCESSES);-> OSPI_MemoryMapped()->Execute_Code();
app project
Used to generate user program hex: After encryption by the encrypted host computer, burn it to the external Flash (W25Q128), and jump from boot to app program after powering on again.

Encryption host computer

The encrypted data is burned into w25q128

OTFDEC decrypted data is consistent with the original data

Tool download link:

https://pan.baidu.com/s/1A9KTHJQIjpncdDQXYPqDAg

Extraction code: yrkj

lugl4313820

So a natural idea is to encrypt the code and then put it on the off-chip Flash. In this way, even if someone reads the ciphertext code inside, as long as they do not have the key, they will not be able to obtain the valid information of the code.

I have learned it. I have stm32U575 stm32H723 on hand. I will learn how to control it from the OP. Thanks for sharing.

afei9527

lugl4313820 posted on 2023-2-6 10:29 So a natural idea is to encrypt the code and put it on the external Flash, so that even if someone reads the ciphertext code inside, as long as...

stm32h723 can do it, but stm32u575 cannot do it without otfdec module.