PSoC-64 Provisioning Steps to Transfer the Root of Trust
A Comprehensive Guide to Establishing Security in PSoC-64 Devices
Key Takeaways
- Secure Boot Configuration: Properly configuring secure boot ensures the device only runs authenticated firmware.
- Root of Trust Initialization: Establishing a root of trust is essential for enabling cryptographic operations and secure communications.
- Device Lockdown: Finalizing the provisioning by locking down the device prevents unauthorized access and modifications.
Introduction to PSoC-64 Provisioning and Root of Trust
The PSoC-64 microcontroller family, developed by Infineon (formerly Cypress), offers robust security features tailored for embedded applications. Central to these security features is the concept of the Root of Trust (RoT), an immutable and secure foundation that underpins all cryptographic operations and secure processes within the device. Establishing the RoT involves a meticulous provisioning process, ensuring that the device's security mechanisms are both reliable and resistant to tampering.
1. Environment Setup
Installing Required Tools
The initial step in provisioning a PSoC-64 device involves setting up the necessary software tools and ensuring compatibility. This setup is crucial for facilitating secure communication between the host machine and the device during the provisioning process.
Tools and Requirements:
- CySecureTools: A Python-based toolset used for creating cryptographic keys and certificates. Ensure that version 2.0.0 or newer is installed.
- OpenOCD: An open-source tool that interfaces with the device's debugging hardware. Version 4.1.0 or higher is recommended.
- Python: Python 3.8.10 or later is required for running CySecureTools.
- Infineon’s ModusToolbox or CyProgrammer: These tools assist in updating firmware and managing device configurations.
Connecting the Device
Connect the PSoC-64 development kit to a host machine via the USB interface using the KitProg3 USB connector. This connection establishes the communication channel necessary for provisioning commands and data transfer.
2. Device Preparation and Secure Boot Configuration
Initializing the Device
Begin with the device in a known state, typically in “debug mode” or a pre-provisioned state. This ensures that the device is ready to receive new security configurations without any residual data compromising the process.
Configure the bootloader settings and security configuration registers to enable secure boot. Secure boot ensures that only authenticated and integrity-verified firmware can be executed on the device.
Configuring Security Registers
Security configuration registers play a pivotal role in defining how the device handles secure operations. Key configurations include:
- Secure Boot: Enables the device to verify the authenticity of firmware before execution.
- Read-Protection Levels: Defines access restrictions to the device's memory and firmware, preventing unauthorized reading or modifications.
- Flash Partition Rules: Determines how memory is partitioned and accessed during secure operations.
3. Initiate Secure Provisioning Session
Establishing a Secure Channel
Utilize a trusted provisioning tool, such as Infineon’s Secure Provisioning Tool or Cypress’s custom toolset, to establish a secure session with the target device. This session ensures that all provisioning data, especially cryptographic keys, remain encrypted and authenticated during transmission.
Authentication Mechanisms
The provisioning tool authenticates itself to the device using pre-established credentials and secure channels, often leveraging TLS or other encryption protocols to safeguard data integrity and confidentiality.
4. Transfer and Inject the Root of Trust Keys
Root Key Injection
During the secure provisioning session, the root cryptographic key is written into the device. This can be accomplished by:
- Programming key registers within the device's cryptographic system.
- Fusing keys into One-Time Programmable (OTP) memory or eFuses, ensuring that the root key cannot be overwritten or extracted later.
Provisioning Data
The data injected typically includes:
- The root cryptographic key or a seed from which further keys can be derived.
- Associated key identifiers or parameters used during secure boot and other lifecycle operations.
5. Policy and Certificate Preparation
Defining Security Policies
Using tools like CySecureTools, generate a provisioning policy that outlines:
- Flash partition rules.
- Debug port protection rules.
- Secure asset configurations.
Generating Certificates
Create device or signing certificates that establish a certificate chain. These certificates are signed with a vendor or manufacturing certificate, ensuring that the device’s public key can be verified against the known chain during boot processes.
6. Root of Trust Transfer
Validating and Establishing RoT
The PSoC-64 device validates tokens from the Hardware Security Module (HSM), accepting the OEM’s public key as the new Root of Trust. The device then generates its private key and exports its public key, forming an immutable identity that is crucial for secure operations.
Provisioning Commands
cysecuretools --policy ./policy/policy_multi_CM0_CM4_tfm.json --target CY8CKIT-064S0S2-4343W provision-deviceThis command sends the provisioning packet, including cryptographic keys and policies, to the MCU, completing the Root of Trust transfer.
7. Validation and Security Lockdown
Secure Boot Verification
After transferring the Root of Trust, perform validation steps such as testing a sample secure boot sequence to ensure that the secure boot logic correctly utilizes the Root of Trust to validate firmware images.
Lockdown Procedures
Once validation is successful, the device is locked down by setting debug and read protections. This prevents any future unauthorized reading or modification of the security keys and configurations. Additional fusing operations or configuration register settings may be applied to permanently commit the Root of Trust.
8. Firmware Signing and Deployment
Signing Firmware
Sign the application firmware using the previously generated cryptographic keys. This ensures that only authenticated and unaltered firmware can be executed on the device.
Programming the Device
Program the signed firmware onto the device, ensuring that the secure boot process will recognize and verify the firmware integrity during each boot cycle.
9. Post-Provisioning Operations
Re-Provisioning and Updates
For future firmware updates or provisioning changes, use secure methods to ensure that any new firmware or configurations are authenticated against the established Root of Trust. Re-provisioning can be performed using updated parameters and policies as necessary.
Auditing and Compliance
Generate audit logs that document provisioning actions, key identifiers, and the device’s security state. Maintaining thorough documentation is essential for security compliance and post-deployment audits.
Provisioning Process Summary
| Step | Description | Tools/Commands |
|---|---|---|
| 1. Environment Setup | Install CySecureTools, OpenOCD, and ensure Python is up to date. | CySecureTools, OpenOCD, Python 3.8.10+ |
| 2. Device Preparation | Initialize the device and configure secure boot settings. | ModusToolbox, CyProgrammer |
| 3. Initiate Provisioning | Establish a secure provisioning session. | CySecureTools, Secure Provisioning Tool |
| 4. Transfer RoT Keys | Inject root cryptographic keys into the device. | cysecuretools commands |
| 5. Policy & Certificate Prep | Generate security policies and certificates. | CySecureTools, JSON policy files |
| 6. RoT Transfer | Validate and establish the Root of Trust. | cysecuretools provision-device command |
| 7. Validation & Lockdown | Verify secure boot and lock down the device. | Provisioning tool validation steps |
| 8. Firmware Signing | Sign and deploy authenticated firmware. | CySecureTools signing tools |
| 9. Post-Provisioning | Perform auditing and prepare for future updates. | Audit logs, documentation tools |
Security Best Practices
Ensuring Key Confidentiality
Protect the Root of Trust keys by using Hardware Security Modules (HSMs) and ensuring that keys are stored in secure, non-volatile memory locations. Utilize one-time programmable memory or eFuses to prevent key extraction or tampering.
Regular Audits and Compliance
Conduct regular security audits to verify the integrity of the provisioning process. Maintain comprehensive documentation of provisioning steps, key management, and policy configurations to comply with industry security standards.
Secure Firmware Updates
Implement secure firmware update mechanisms that rely on the Root of Trust to authenticate and verify firmware integrity. Ensure that all firmware updates are signed and validated before execution to prevent malicious code from being introduced.
Conclusion
The provisioning process for transferring the Root of Trust on PSoC-64 devices is a multifaceted procedure that establishes a secure foundation for all subsequent operations. By meticulously following each step—from environment setup and device preparation to key injection and device lockdown—developers can ensure that their PSoC-64 devices are fortified against unauthorized access and malicious interventions. Implementing these provisioning practices not only enhances device security but also builds trust in the integrity and reliability of the deployed solutions.
References
- Infineon PSoC-64 Provisioning Guide
- Infineon PSoC-64 Provisioning Specification
- Infineon Security Comparison Whitepaper
- Infineon Security Comparison
- Secure Device Management for IoT
- Infineon PSoC-6 Documentation
- Infineon PSoC-64 MCU Overview
Last updated February 6, 2025