• Locked Locked
  • Replies 2 replies
  • Subscribers 119 subscribers
  • Views 3738 views
  • Users 0 members are here
Options
Related
How was your experience today?
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ARM 11 256 bits OTP

Yusnani Yussoff
Note: This was originally posted on 28th January 2010 at http://forums.arm.com

I would like to know,

If we bought ARM 11 let say from samsung, the OTP features will be done by us or samsung?
If I want to have a master key, let say for encryption process, do I have the capability to configure it in the IC?
One more question - Can I put my secure boot code in the on-SoC ROM?
Parents
  • Arm Employee Badge
    Note: This was originally posted on 28th January 2010 at http://forums.arm.com

    Many chip manufacturers provide some of of OTP for device personalization. How this is actually achieved varies - common options are polysilicon fuse or even small flash memory regions which are write protected by some form of boot code - so I'd talk to possible device vendors about this.

    In terms of boot code, if you buy an off the shelf device you still be stuck with whatever is in ROM. In many cases this may provide some form of boot security; it's not an uncommon requirement. However support for "secure boot" is not universal, and the level of security achieved by different vendors varies, so again it is always worth reviewing the device.

    It is also worth noting that TrustZone is not just a "tick box" item - it has many many possible configurations in terms of how the memories and peripherals are attached to the bus, and which of those are secure and which are non-secure. Some designs have a TrustZone-capable CPU, like an ARM1176 or a Cortex-A8, but have intentionally not implemented any secure memory or peripheral devices because that was not their market. As far as TrustZone-type security goes these systems are not useful - you at least need some secure RAM. So - check with the chip vendor to see how they have configured the device to see if it is useful.
Reply
  • Arm Employee Badge
    Note: This was originally posted on 28th January 2010 at http://forums.arm.com

    Many chip manufacturers provide some of of OTP for device personalization. How this is actually achieved varies - common options are polysilicon fuse or even small flash memory regions which are write protected by some form of boot code - so I'd talk to possible device vendors about this.

    In terms of boot code, if you buy an off the shelf device you still be stuck with whatever is in ROM. In many cases this may provide some form of boot security; it's not an uncommon requirement. However support for "secure boot" is not universal, and the level of security achieved by different vendors varies, so again it is always worth reviewing the device.

    It is also worth noting that TrustZone is not just a "tick box" item - it has many many possible configurations in terms of how the memories and peripherals are attached to the bus, and which of those are secure and which are non-secure. Some designs have a TrustZone-capable CPU, like an ARM1176 or a Cortex-A8, but have intentionally not implemented any secure memory or peripheral devices because that was not their market. As far as TrustZone-type security goes these systems are not useful - you at least need some secure RAM. So - check with the chip vendor to see how they have configured the device to see if it is useful.
Children
No data