What an interesting talk, and an interesting concept also. Open source hardware security; get the security researchers interested and fix the security defects.
The “read the data out with a super expensive microscope” remained. Is there any way to defeat that attack I wonder? I suppose the hsm model of “destructive tamper detection” is one way.
I patented something that had a countermeasure for this, which was a bit impractical but fun to think about. Basically you put the sensitive data in an eeprom layered with a chemical that emits UV when exposed to air or, optionally, visible light - chemically more entertaining, hard to manufacture. But it's a just an arms race at that point.
Real security processors never give big bounties because when bugs are discovered all the buyers immediately cancel their orders of the 'faulty' secure chips.
Seems a bit of a strange feature to even want on a product targeting the education market. In a classroom setting you don't really want students to be able to set fuse bits so the device can't be re-programmed.
Presumably this is a sign RPi are deliberately aiming to straddle the hobby and light commercial markets?
They have absolutely been aiming at industrial customers already. It would be hard for them to justify the cost of a custom die without having some volume to businesses. (And the previous raspbarry pis have absolutely been popular in industry as well, I would be surprised if hobbyists and learners are even half of their volume)
They have been serving enterprise markets for a long time. Back in 2020-2021 when there was a chip shortage, Raspberry Pi shorted their consumer availability to make sure enterprise customers could still get compute modules. The fusible bits on the RP2350 are very much an enterprise feature.
Security is an essential feature for everyone, not just Enterprise. Can you trust the code your device is running? Can your device keep a secret? These capabilities are needed universally.
As to students being able to set the efuse so the device can't be reprogrammed, sure but they're $5 each so it's not like they're destroying a $500 Chromebook (which they do, look on YouTube). That risk is the cost of attempting to educate though (and it's worth it).
If that's a concern, you can lock the OTP either permanently or with a password, before you hand them out. Or just use the older RP2040.
But I don't think that "targeting the education market" is accurate in the first place. They certainly make sure to serve that market with their very nicely priced Pico boards but it hardly seems to be their only goal. You don't go through the effort of spinning up a new revision to fix security holes if there aren't at least some industry customers.
The “read the data out with a super expensive microscope” remained. Is there any way to defeat that attack I wonder? I suppose the hsm model of “destructive tamper detection” is one way.
They'd prefer to live in ignorance.
Presumably this is a sign RPi are deliberately aiming to straddle the hobby and light commercial markets?
As to students being able to set the efuse so the device can't be reprogrammed, sure but they're $5 each so it's not like they're destroying a $500 Chromebook (which they do, look on YouTube). That risk is the cost of attempting to educate though (and it's worth it).
But I don't think that "targeting the education market" is accurate in the first place. They certainly make sure to serve that market with their very nicely priced Pico boards but it hardly seems to be their only goal. You don't go through the effort of spinning up a new revision to fix security holes if there aren't at least some industry customers.