Implementing EN12830:2018 secure flash stroage for datalogging project

Hi,

I wanted to check if the you have guys have any information/expereince on implementing EN12830:2018 secure flash memory for datalogging system.

I am looking to add a separate SPI NAND or NOR flash memory on the hardware for data-logging.
As per EN12830:2018 standard, following condition needs to be met:

1. Set a program as certified/secure and allow only these software to access specific hardware?

2. The main processor (Colibri IMX7 DUAL / IMX6ULL) has “legally relevant software” and “non legally relevant software”, basically it is certified programs and non-certified programs.

3. Only the “legally relevant software” can have access to the flash memory, if the “non legally relevant software” tries to access the flash memory, the authentication software/system must block the attempt, this MUST be valid to read/write operations.

4. If by any chance of the “non legally relevant software” try to erases the flash memory, this action must be blocked.

5. Stop any attempt of data read/write/erase attempt using cloned module/system.

Regards,
Satyan

Any updates?

Hello @satyanraj!

Below are my comments regarding your inquiries. Not all of these inquiries are clear enough for me to give 100% accurate answers, nor do I know the standard you’re referring to, but I’ll try to help you as best as I can:

1) Set a program as certified/secure and allow only these software to access specific hardware?

This is doable, however “certified” and “secure” can have multiple meanings and definitions. It would be nice to have these terms more strictly defined.

2) The main processor (Colibri IMX7 DUAL / IMX6ULL) has “legally relevant software” and “non legally relevant software”, basically it is certified programs and non-certified programs.

This is ambiguous (for me, since I’m not familiar with the standard). In some sense the processor does not “have” software. All software is in memory, processor just runs instructions (not considering L1/L2 cache and stuff).

3) Only the “legally relevant software” can have access to the flash memory, if the “non legally relevant software” tries to access the flash memory, the authentication software/system must block the attempt, this MUST be valid to read/write operations.

Does “legally relevant software” allow like, system utilities and everything that must be there so the OS runs correctly?
Nonetheless, it is possible for their software to block any software they want from running, yes. You just have to program their application this way. But there are some deeper details about that and they must be considered when your system itself is being designed.

4) If by any chance of the “non legally relevant software” try to erases the flash memory, this action must be blocked.

Seems reasonable, one can disable any commands that might erase a partition. But this is still a little bit unclear, lacks details.

5) Stop any attempt of data read/write/erase attempt using cloned module/system.

This looks possible but “cloned module/system” admits a possibility that an attacker has physical access to the device. Unless you implement some external anti-tamper system one cannot completely guarantee that an attacker won’t, for example, disassemble the device and dump the flash contents.

I hope my comments are relevant enough. Please feel free to tell us more about your requirements so we can help you further with this.

Hi @gustavo.tx ,

Did you understand the zest of the questions?
Following video explains it further:

Looks like ARM Trustzone can be used to implement the required security features.
Now the question is: Do Toradex (Linux) provide support for the ARM Trustzone features?
Can you help me with an example for iMX6ULL?
I need to specify the SPI bus as Secure Interface and the related OEM software for Data-logging (to NAND or NOR flash) and the interface should be only accessible to Trusted/Certified software.

Regards,
Satyan

@satyanraj,

Our Linux offerings should support the Arm TrustZone features. Usually, we work with partners for this, such as mentioned in this webinar. There’s a good overview of TEE and TrustZone in this post from Sergio Prado.

Some customers have been implementing OP-TEE on our modules. You can check this post for some insights on this using a Colibri iMX6ULL.