Securing EEPROM data against modification

Question

Generally I would go about this by placing something(s) unique and random in the ROM image and use that as a seed to encrypt the EEPROM content to stop extraction and reprogram after image mod.

An obvious flaw seems to be that this doesn't stop tampering in the form of replacing the EEPROM external chip with a blank one... oh look were back to first time used state, lets ask for keys to save!

---

Selecting components is not an option for me, the hardware platform is already defined. The EEPROM is programmed during the lifetime of the device as configuration and state change so disconnecting the erase line is also a no-go.

I was seeking opinion on possible solutions to prevent the faking of a virgin (first run) state since this would allow functionality to save the sensitive data and unlock the device.

I am confident a block cipher (ECB mode) is sufficient to secure the sensitive data, maybe over the top! This approach along with multiple copies, salting one and not the other should make it financially unrewarding to place money and time to counter these measures.

Answer 1

Some thoughts: if by 'securing against modification' you mean that you can detect such tampering, then you can

1. generate a checksum over the whole eeprom, only start your app if the checksum is ok
2. use an additional chip which provides a unique number, use that number to encrypt the content of the eeprom
3. store all your info in several places in the eeprom (two times if you only want to detect a change, three times if you want to detect and reject the tampered value and use the 'still correct' values)

But if you want to prevent the tampering in the first place, you have to use mechanical guards - hot glue the whole chip, lock the housing of your pcb, ...

Answer 2

Float the erase pin and epoxy the whole chip to the board? Use a PROM?

If you don't want the image modified, make it impossible to modify.