ARM CryptoCell-310

[mcarrickscott]

The ARM CryptoCell-310 may be a bit of a problem. See this thread

https://devzone.nordicsemi.com/f/nordic-q-a/18578/arm-cryptocell-310-performance

which suggests that for elliptic curve cryptography at least , the hardware is actually slower than a software implementation. Also this thread

https://devzone.nordicsemi.com/f/nordic-q-a/46418/cryptocell-310-status-replacement

suggests that it is already obsolete

Mike

[nuno0529]

Another information for FIPS 140-2 certification on this nrf52840... https://devzone.nordicsemi.com/f/nordic-q-a/39030/is-nrf52840-arm-cryptocell-310-fips-140-2-certified

[damienwolf07]

Any updates? I really want to see the ARM CryptoCell-310 be used.

[kaczmarczyck]

Hi, thanks for your interest! I started using the Cryptocell for our custom bootloader, it's not submitted yet due to a shift in priorities. See this commit for example code to run SHA256. We don't have a PR lined up for the main OpenSK app yet though.

[damienwolf07]

Thank You!

[coelner]

I can't find anything about this here in this git: https://limitedresults.com/2020/06/nrf52-debug-resurrection-approtect-bypass/

https://infocenter.nordicsemi.com/pdf/in_133_v1.0.pdf

Not directly an issue, but maybe the cryptocell gains some attention back.

[jmichelp]

We saw the publication and Nordic fixed this issue starting with their rev. D chip. They changed how APPROTECT can be enabled. This isn't something we changed in our code base yet (we do have basic support to enable APPROTECT) because we first wanted to have an API to securely upgrade the firmware once APPROTECT has been enabled. This started with our minimalist bootloader in #404. Ideally I would also like to move to hardware cryptography but the work around the CryptoCell isn't done yet.