[Cryptech Tech] Alpha board BOM and PCB design requirements

[Павел Шатов]

On 14.03.2015 23:22, Warren Kumari wrote:
> Well, one thing to keep in mind is that the CR2032 (or whatever) is
> going to have to have enough power to monitor all of the tamper sensors
> (temperature, vibration, optical, pressure, wire mesh, perhaps more
> exotic) *and* have enough power left over to securely erase the MKM.
> Something that we have not really discussed (but probably should) is
> having a process that moves the MKM around every now and then, so that
> we don't get cell burn-in (which apparently happens with SRAM too).
>
> All of this suggests (to me at least) that we will need something much
> beefier than a little coin-cell. For example, one of the HSMs I took
> apart had 2 D cell NiCad batteries inside the tamper boundary.  One of
> the standard "lifetime" items in many HSMs is the battery - often
> opening to replace it makes the key material evaporate... Having an
> external battery connector doesn't seem to be very common - either
> because the vendor thinks it might leak EMF, or, more likely because
> they'd like to sell you a whole new HSM every 5 - 10 years.

We should estimate average current consumption of the tamper detection 
circuit. We need to define a list of sensors that we want, find 
corresponding components and download their datasheets. Then write down 
current consumption of all the sensors. This will clearly tell us what 
kind of battery we need.

>      > Btw, you want to
>      > use MSP430 in this circuit. What is it going to do? Read some sensors
>      > and toggle its outputs accordingly?
>
>     Yes, and use SPI to erase the MKM in case any of the tamper sensors are
>     triggered.

Can we cut MKM power supply instead of erasing it? This should destroy 
memory contents.

>     We opted for the MSP430 since it is well known to us (me).
>
>      > How is MSP430 programmed, btw? Will we need a special programming
>     cable for
>     it?
>
>     The wiki mentions the use of the Spy-bi-wire interface to program
>     it. Would be
>     three pads IIRC. FWIW the MSP430 also supports serial programming
>     using it's
>     BSL. We could add the ability to program it from the ARM (if a
>     programming-
>     enabled jumper is present presumably).

I don't understand this. Shouldn't tamper detection circuit be 
strengthened by isolating it from the rest of the system as much as 
possible?

I don't like this bootloader in MSP430, it looks like a potential backdoor:
> The MSP430 ™ BSL enables users to communicate with embedded memory in the MSP430 microcontroller during the prototyping phase, final production, and in service. Both the programmable memory (FRAM memory) and the data memory (RAM) can be modified as required.
>
> To use the bootstrap loader, a specific BSL entry sequence must be applied. An added sequence of commands initiates the desired function. A boot-loading session can be exited by continuing operation at a defined user program address or by the reset condition.
>
> If the device is secured by disabling JTAG, it is still possible to use the BSL. Access to the MSP430 memory through the BSL is protected against misuse by a user-defined password.
>
> To avoid accidental overwriting of the BSL code, the code is stored in a secure ROM memory location. To prevent unwanted source readout, any BSL command that directly or indirectly allows data reading is password protected. For more information about password protected commands, refer to Section 3.2.
>
> To invoke the bootstrap loader, a BSL entry sequence must be applied to dedicated pins. After that, the BSL header character, followed by the data frame of a specific command, initiates the desired function.

I once again suggest to use something like PIC16/18 from Microchip. 
These MCUs are much simpler, they are 8-bit, not 16-bit. They have an 
order of magnitude less power consumption then MSP430. Another nice 
feature is that they have high-voltage programming mode. You can buy or 
make your own high-voltage programmer (and have hand-made JDM and 
PicKit3 from Microchip). This high-voltage programmer can be used to 
completely disable low-voltage in-system programming mode, write-protect 
program memory and disable readback. You will physically not be able to 
change anything in this MCU without attaching a high-voltage programmer. 
I believe this is the right way to make tamper detection circuit.

--
With best regards,
Pavel Shatov