Close

UVLO for better security

A project log for Orthrus

SD card secure RAID USB storage

nick-sayerNick Sayer 10/07/2017 at 01:120 Comments

As previously discussed, for maximum security, the goal will be to encase the Orthrus board in a tamper-evident sealed case to keep miscreants away from the ERASE pins. The idea is that as long as the case remains sealed (and the seals are serialized, so you can be sure they haven't been replaced), you have some level of trust that the firmware hasn't been tampered with.

This means that there are four things open to an attacker to monkey around with: the button, the two SD card slots and the USB connection.

The button, SD card slots and the USB data bus all fall under the purview of the firmware, so it's on me to make sure that there aren't any bugs there. I make no sacrosanct promises, but I'm going to do my best to squish anything I find, either in my code or ASF4.

What's left is the power supply. Since it's potentially under the control of an attacker, that makes the system potentially vulnerable to power games.

Make the voltage too high and you'll likely destroy something. That isn't really a security vulnerability, per se.

But when the voltage of a microcontroller goes too low, stuff starts to just go wonky in ways that are unpredictable. It's a crude attack, but it's been shown in the past to bear fruit.

The defense is an UVLO circuit. If the voltage on the (nominally) 3.3 volt bus drops lower than 3 volts, the supervisor will pull the NRST line to ground, which will hold the chip in reset. If the voltage goes above the threshold, it holds the chip in reset for an extra 20 ms before releasing it.

The MIC803 is just the ticket. It's output is an open-drain, so it won't interfere with NRST being driven by the JTAG/SWD port, and there's already a 100 kΩ pull-up on that line.

This will be added to the next set of boards built, but it won't be on the first boards that ship (or the boards for the HP judges).

Discussions