Embedded Memory Security : MPU, TAMPER, Read/Write Protect

Name: Embedded Memory Security : MPU, TAMPER, Read/Write Protect
Rating: 4.2 (30 reviews)

Embedded Memory Security: Protecting Your System from Tampering and Unauthorized Access

Created byBHM Engineering Academy, Israel Gbati

Last updated 9/2023

English

What you'll learn

Gain a deep understanding of various techniques used to secure embedded memory, such as tamper detection and data deletion.
Learn how to prevent unauthorized access to their device's firmware by disabling debug features and other potential entry points for reverse engineering.
Learn how to use the MPU to detect and prevent issues such as stack overflow, thereby ensuring the stability and security of your embedded device.
Learn how to use Option Bytes to protect your embedded memory against unauthorized read and write access.
Develop and integrate tamper detection mechanisms to detect and prevent unauthorized access to the embedded system's memory.

Course content

6 sections • 67 lectures • 10h 25m total length

Downloading CubeIDE2:34
Download the stm32 cube ide from stmicroelectronics, accept the license agreement, create a free account, and log in to start the 729 MB Windows installer.
Installing CubeIDE2:38
Install CubeIDE by downloading, extracting, and running the installer, choose a suitable workspace and installation location, allow firewall access, and set telemetry preferences to begin embedded memory security development.
Getting the required documentation7:41
Download and organize STM32 bare metal documentation, set up a project workspace, and learn to read reference manuals, datasheets, and board guides to map registers and memory.
Getting the required package for bare-metal development21:19
Create a bare-metal stm32 f4 project in cube ide, obtain cmsis header files, copy them into the project, and prepare to blink an led.
Testing the project setup15:53
Test a stm32f4 bare-metal project by enabling gpio a5, configuring the mode register, and blinking the led, while linking chip headers and debugging the include paths.

Important information about this section0:17
Programming : Enabling the Floating Point Unit (FPU)18:00
Develop a modular bare-metal driver framework and enable the floating point unit on stm32f4 cortex-m4, using the cpacr register in privileged mode to access core peripherals.
Programming : Developing a UART Driver - Analyzing the Documentation11:35
Develop a uart driver by enabling the apb1 clock for usart2 and mapping pa2/pa3 to af7. Configure pins for alternate function.
Programming : Developing a UART Driver - Listing out the steps4:00
Programming : Developing a UART Driver - Implementing the Init. function22:13
Implement a uart init by enabling gpio and apb1 clocks, configuring gpio to alternate function af7, computing baud rate to 115200, and enabling the uart transmitter.
Programming : Developing a UART Driver - Implementing the Write function5:39
Implement a static uart write function to transmit a character by polling the transmit data register TXE flag in the status register, then write to the uart data register.
Programming : Developing a UART Driver - Testing the Driver6:39
Test the uart driver by wiring the init function, printing 'hello from stm32' over uart2 to a pc, and verify with a serial viewer like real time or teraterm.
Programming : Developing the System Timebase - Analyzing the Documentation8:28
Develop a system time base using the systick timer on stm32 cortex-m4. Configure the systick control and status register, and decide between internal or external clock sources.
Programming : Developing the System Timebase - Implementing the Init. function9:52
Define control register bits, implement time base init to load systick with 16 mhz clock cycles per second, clear the current value, select internal clock, and enable interrupts.
Programming : Developing the System Timebase - The rest of the functions12:15
Develop a systick-based timebase with a tick increment and get_tick reader, then implement a delay that uses tick timing and the 16 mhz clock.
Programming : Developing the System Timebase - Testing the Timebase5:34
Develop and test the system timebase on the stm32 by initializing the timebase, implementing a one-second delay, and printing a message each second to validate a precise real-time delay.
Programming : BSP : Listing the out the Required Functions7:55
Develop a board support package for the stm32f4 nuclear board by implementing gpio drivers for pa5 led and pc13 button, including led init, led on/off, and button state checks.
Programming : Writing the LED Driver5:01
Enable gpio a and c clocks via ahb1enr, configure pa5 as output, and drive it high with the odr; expose gpio and button init functions for the next lesson.
Programming : Writing the PushButton Driver4:00
Enable clock access to gpio c, configure pc13 as an input, and implement a push button driver that reads the active-low button state and returns the pressed signal.
Programming : Testing the Board Support Package3:35
Programming : Analyzing the Documentation5:21
Develop an adc driver to read analog sensor data on adc1 channel one, configure the corresponding gpio in analog mode, and consult the datasheet block diagram to map channels.
Programming : Listing out the steps for developing the ADC Driver5:26
Enable clock access to gpio a and set pa1 to analog mode. Configure the adc module, set the conversion sequence length, enable continuous conversion, and read the converted value.
Programming : Writing the ADC Initialization function13:21
Enable clock access to gpio a and set pa1 as analog, then enable adc1 on apb2 and configure sequence register 3 for channel 1 to prepare for conversion.
Programming : Writing the ADC Read function14:05
Implement an adc read function by enabling continuous conversion, starting conversion, waiting for end-of-conversion, and returning the 12-bit data from the adc data register.

Overview of the Memory Protection Unit4:46
Configure the memory protection unit (NPU) to assign permissions and attributes to memory map regions, enabling read-only areas, execute never data, and protection against code injection in RTOS tasks.
Notice0:01
Cortex-M Operating Modes and Privilege Levels5:50
Understanding MPU Regions4:32
The MPU in Cortex-M3/M43:41
Explore cortex-m3/m4 memory protection with up to eight programmable regions in ram. Dynamically or statically configure base address, size, and attributes—read only, read/write, or execute never.
Analyzing the MPU Registers8:17
Analyze the MPU registers, including type, control, region number, region base address, and region attribute and size, to configure protected memory regions with valid, enable, and execute never settings.
Memory Attributes and Access Permissions11:14
Explore memory attributes and access permissions, including execute never, access permission bits, type extension, shareable, cacheable, buffer, and subregion control, plus region size and base address alignment.
Overview of the MemManageFault Registers4:18
Programming : Getting the MPU Number of Regions9:32
Read the MPU type register to detect an MPU and its regions. Use a volatile uint32_t read at the address, shift bit eight, and print the number of regions.
Programming : Getting the Minimum Region Size Supported7:13
Programming : Catching Stack Overflow using the MPU45:03
Catch stack overflow with the NPU by enabling mem fault in SH CSR and guarding end of stack with a 32-byte region; implement mem manage and hard fault handlers.
Programming : MPU Driver | the Interface file12:27
Create a reusable mpu driver interface with np.c and mp.h. Use the cortex-m4 cmsis header to define symbolic region sizes and access attributes, simplifying memory protection configuration.
Programming : MPU Driver | Enabling and Disabling the MPU8:12
Learn to enable and disable the MPU, configure memory regions, and build an NPU driver that sets the control register and predev bit 2 to control access and protection.
Programming : MPU Driver | Disabling MPU Regions11:46
Learn to disable mpu regions in the driver by setting the region number and clearing base and attribute registers, with 0/1 validation and 32-byte size notes.
Programming : MPU Driver | Implementing the MPU Region Config function3:58
Implement the MPU region config function by accepting region number, base address, size, and attribute, then writing to the region number, base address, and combined attribute-size registers using OR.
Programming : MPU Driver | Implementing the MPU Config function17:33
Implement the mpu config function by checking npu presence, disabling it, configuring flash, ram, and gpio a regions with appropriate access, and enabling the mpu.
Programming : MPU Driver | Testing the MPU Driver21:33
Test the mpu driver and memory protection by configuring npu regions, enabling priv dev enable, and validating faults with gpio access and led tests, using debug uart for verification.

Programming : Analyzing the Documentation8:02
Develop a tamper detection driver for the RTC module that uses VBAT backup registers (2032 bits) and timestamps tamper events, with edge or level detection and automatic wipe on tamper.
Overview of the RTC and Tamper Detection10:49
Explore real-time clock architecture, backup domain, and tamper detection, including backup registers, alarms, wakeup, and calendar features, with battery-backed memory and tamper-triggered data clearance.
Programming : Understanding the Initialization Process12:45
Implement tamper detection initialization for the stm32 rtc backup domain by enabling power and rtc clocks, configuring pc13 as tamper input on falling edge, and enabling the nvic tamper interrupt.
Prorgamming : Implementing the Initialization function15:02
Implement initialization function to enable apb1 clock and backup access, activate rtc via bdcr, configure tamper trigger on fall edge, enable tamper interrupt, and connect it to nvic line 21.
Programming : Storing Data in the Backup Registers4:45
Implement a function that stores a 32-bit value into a selected rtc backup register by calculating the target address from the register index and writing through a volatile uint32_t pointer.
Programming : Reading Data from the Backup Registers2:34
Learn to read 32‑bit data from RTC backup registers with a backup get data function, computing the register address and returning the content, as prep for tamper interrupt request handler.
Programming : Implementing the Tamper Detection Callback function10:28
Implement the tamper interrupt callback to verify data deletion by reading RTC backup registers. Enable debug prints to inspect backup contents during development, looping through the 0 to 19 registers.
Programming : Implementing the Tamper Detection IRQHandler3:30
Programming : Testing the Tamper Detection driver10:00
Test the tamper detection by triggering the tamper pin with the blue button, store data in RTC backup registers, and print the content before and after tamper.
Programming : Storing Sensor Values in the Backup Registers10:30
Store sensor values in backup registers by sampling with the ADC, writing to backup register zero and one, and observe tamper detection with time base initialization.

Overview of the Flash Memory Option Bytes3:50
Explore how option bytes protect flash memory with read and write protection and proprietary code readout protection. Learn how to navigate the RDP, WRP, and option byte control registers.
Understanding the Read Protection (RDP) Option Byte16:37
Explore read protection (RDP), its levels 0, 1, and 2, and how they restrict debugging and memory access, plus the role of in-application programming for firmware updates.
Programming : Experimenting with the Flash Memory Storage Driver10:16
Explore and test the flash memory storage driver to read, write, and erase option bytes on STM32 devices, applying read and write protection experiments.
Programming : Implementing the Flash Protection Interface file6:44
Implement the flash protection driver by creating the flash protection interface and configuration structures, including option bytes, read protection levels, and sector write protection.
Programming : Analyzing the Relevant Registers19:40
Examine how to configure read protection, write protection, and PCROP using option bytes, option key sequences, and the flash option control register with busy checks.
Programming : Deriving the Addresses of the Option Bytes6:01
Derive option-byte addresses by computing offsets from the flash interface base address, define symbolic names (rdp, wrp) for each byte, and implement a driver to read them.
Programming : Getting the Current Option Bytes Settings8:54
Implement a function to read flash option bytes, including rdp, wrp, and user bits, by dereferencing option byte addresses and masking the flash option control register.
Programming : Locking and Unlocking the Option Bytes4:40
Lock and unlock the MCU option bytes by setting the option lock bit in the option control register, flushing option bytes, and writing unlock keys to the option key register.
Programming : Implementing the Sect WRP Mask Enumerator6:14
Implements a sector right protection function by defining a sector enum mapped to register bit positions and constructing a hex-based wrp mask for precise read/write protection.
Programming : Implementing the Write Protection function14:11
Implement sector write protection by unlocking option byte, waiting for flash ready, setting WRP bits for the sector via option control register, and enabling opt status before locking option bytes.
Programming : Disabling Write Protection for all Sectors2:03
Programming : Implementing the set RDP Level functions2:20
Implement the set RDP level function to configure read protection for the flash. Apply the level via OR at the correct bit offset, then enable opt start and wait.
Programming : Returning the Current Option Bytes Settings7:09
Implement and expose a function to return all current option bytes settings, RDP, WRP, and user, using a config structure and get functions for testing in embedded memory security.
Programming : Testing the Flash Protection Driver16:13
Test the flash protection driver by installing Cube Programmer and St-link utility, inspect option bytes, and verify read and write protection levels via getconfig in main.c.
Programming : Further Testing and Troubleshooting18:45
Enable write protection on sector four to test read/write behavior and troubleshoot access. Use cube programmer and st-link utility to manage option bytes and read protection.

Requirements

No programming experience needed - I'll teach you everything you need to know.
NUCLEO-F411

Description

Embedded Memory Security: Protecting Your System from Tampering and Unauthorized Access

Are you looking to take your embedded systems protection to the next level? Do you want to protect your embedded memory from unauthorized access and tampering?

Introducing our new course on Embedded Memory Security, covering essential topics such as MPU, Tamper Detection, and Read/Write Protection using Option Bytes.

This course is excellent for embedded systems developers who want to protect their products from security threats. We have designed a multi-faceted curriculum that covers everything from wiping the backup registers clean to detecting stack overflow using the Memory Protection Unit (MPU). This course will teach you advanced security measures to safeguard your firmware from reverse engineering and protect your device from tampering. We will also show you how to disable debug features before launching your product, ensuring that your firmware remains secure. Whether you're working on a small IoT device or a large industrial system, this course will provide you with the tools and knowledge you need to secure your embedded memory and keep your device safe from external threats.

This course is designed for professionals with a basic understanding of embedded systems, and is taught by industry experts with years of experience in the field. You'll learn through a combination of video lectures, hands-on exercises, and real-world case studies, giving you a practical understanding of how to implement these techniques in your own embedded systems.

At the end of this course, you'll have a solid understanding of the key concepts and techniques used to secure embedded memories, and be able to implement these techniques in your own projects. You'll be equipped with the skills and knowledge to secure your embedded systems against a wide range of memory-based attacks, ensuring the safety and security of your devices and data.

With the flexible online format, you can study at your own pace, from anywhere in the world. Plus, we offer a 30-day money-back guarantee, so you can enroll with confidence.

Don't let your embedded systems be vulnerable to attack.

Sign up for our Embedded Memory Security course today and take the first step towards securing your devices against malicious attacks.

Here's a sneak peek at what you can expect to learn:

Bare-Metal MPU Driver Development:

In this section you will learn how to develop a bare-metal Memory Protection Unit (MPU) drivers. The MPU is a hardware unit that provides security for embedded systems by allowing the division of memory into a set of regions with specific access permissions. You will learn how to configure the MPU for your specific needs, including setting up memory regions and their access attributes. Additionally, you will learn how to write a low-level MPU driver to interface with your application code, which will enable you to protect your system from memory-based attacks.
Tamper Detection and Data Deletion:

This section will focus on tamper detection and data deletion using the RTC and backup domain of the microcontroller. Tamper detection is essential for preventing physical attacks on your device, such as removal of the memory chip, manipulation of data or code, or voltage-based attacks. You will learn how to implement tamper detection to detect tamper events. Data deletion is also a critical technique that helps protect against unauthorized access to sensitive data. You will learn how to design and implement an effective tamper detection scheme that will securely erase data in the event of a tamper event.
Protecting Flash Memory using Option Bytes:

You will learn how to use the option bytes in the bottom part of the flash memory region to protect the entire flash memory. Option bytes are a set of bits that are programmed at the factory or during device programming and can be used to configure the device's features, such as read/write protection. You will learn how to set up option bytes to protect your flash memory from unauthorized read/write access, ensuring the integrity of your data.

Signup, let's start securing some memory.

Who this course is for:

This course is designed for embedded systems developers and engineers who are interested in enhancing their knowledge and skills in implementing advanced security measures for protecting embedded memory.
It is also suitable for anyone who is involved in the development and maintenance of IoT devices, industrial systems, and other applications that require secure memory management.

Embedded Memory Security : MPU, TAMPER, Read/Write Protect

What you'll learn

Explore related topics

Course content

Introduction5 lectures • 50min

Developing Some Generic Drivers19 lectures • 2hr 43min

The Memory Protection Unit(MPU)17 lectures • 3hr

Tamper Detection and Backup Domain10 lectures • 1hr 28min

Flash Memory Protection with Option Bytes15 lectures • 2hr 24min

Closing1 lecture • 1min

Requirements

Description

Who this course is for: