[Cryptech Tech] arm

Fredrik Thulin fredrik at thulin.net
Tue Jan 20 09:07:04 UTC 2015

Previous message: [Cryptech Tech] arm
Next message: [Cryptech Tech] arm
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Monday, January 19, 2015 10:31:50 PM Jakob Schlyter wrote:
...
> Is that a reason for not having a USB host interface, or just a good reason
> to be very careful?

We should recognize that having a USB host interface for management does open 
up more attack vectors. Naturally we shouldn't have a USB host interface 
unless we think we need one, and if we think we need one we should be careful.

One way of being careful is what I believe Peter G. is advocating here and 
adding an external chip with a USB host controller and a SPI interface, in the 
hopes that the SPI interface in our main MCU has less bugs than the USB 
interface in the main MCU (likely true IMHO).

Another way of being careful would be to properly audit the USB host 
middleware, e.g. for STM MCUs the STM32Cube USB host library 

http://www.st.com/st-web-ui/static/active/en/resource/technical/document/user_manual/DM00105256.pdf

Not sure how we would gain confidence in the hardware level of the USB 
controller. Fuzzing perhaps.

/Fredrik

Previous message: [Cryptech Tech] arm
Next message: [Cryptech Tech] arm
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Tech mailing list