Mitigation-page

MID-058: Engage Hardware Readout Protection Mechanisms

Mitigation Tier: Foundational

Description

Many integrated processors contain security configuration options that can be engaged to disable programming and debugging features in devices intended for production use. These can irreversibly disable debugging interfaces that can read and write device memory (e.g., JTAG, boundary scan), block flash memory readout, lock down boot options, etc.

IEC 62443 4-2 Mappings

  • EDR / HDR / NDR 2.13 - Use of physical diagnostic and test interfaces 

  • EDR / HDR / NDR 3.11 (1) - Physical tamper resistance and detection 

References

[1] ST. “STM32 Readout Protection (RDP).” stm32world.com. Accessed: Aug. 28, 2024. [Online]. Available: https://stm32world.com/wiki/STM32_Readout_Protection_(RDP)