OpenSK ARM CryptoCell-310

Feb 02 '20 21:02 mcarrickscott

The ARM CryptoCell-310 may be a bit of a problem. See this thread

https://devzone.nordicsemi.com/f/nordic-q-a/18578/arm-cryptocell-310-performance

which suggests that for elliptic curve cryptography at least , the hardware is actually slower than a software implementation. Also this thread

https://devzone.nordicsemi.com/f/nordic-q-a/46418/cryptocell-310-status-replacement

suggests that it is already obsolete

Mike

Feb 02 '20 21:02 mcarrickscott

Another information for FIPS 140-2 certification on this nrf52840... https://devzone.nordicsemi.com/f/nordic-q-a/39030/is-nrf52840-arm-cryptocell-310-fips-140-2-certified

Feb 11 '20 04:02 nuno0529

Any updates? I really want to see the ARM CryptoCell-310 be used.

Jan 19 '22 15:01 damienwolf07

Hi, thanks for your interest! I started using the Cryptocell for our custom bootloader, it's not submitted yet due to a shift in priorities. See this commit for example code to run SHA256. We don't have a PR lined up for the main OpenSK app yet though.

Jan 19 '22 18:01 kaczmarczyck

Thank You!

Jan 19 '22 21:01 damienwolf07

I can't find anything about this here in this git: https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/

https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf

Not directly an issue, but maybe the cryptocell gains some attention back.

May 29 '22 20:05 coelner

We saw the publication and Nordic fixed this issue starting with their rev. D chip. They changed how APPROTECT can be enabled. This isn't something we changed in our code base yet (we do have basic support to enable APPROTECT) because we first wanted to have an API to securely upgrade the firmware once APPROTECT has been enabled. This started with our minimalist bootloader in #404. Ideally I would also like to move to hardware cryptography but the work around the CryptoCell isn't done yet.

Jun 01 '22 20:06 jmichelp