In an ideal world, whatever would be open source. Our existing world, on the other hand, has a great deal of harmful actors and people happy to make use of trade tricks if given the chance, so chip producers take a lot of procedures to protect their consumers’products’firmware. These techniques aren’t perfect, though, as [zapb] shows while taking a deeper look into an STM microcontroller.
The STM32F0 and F1 chips rely on various techniques of securing their firmware. The F0 has its debug user interface permanently turned off, but the F1 still permits users access to this interface. It utilizes flash memory read-out security rather, which has its own set of vulnerabilities. By producing exceptions and making use of the designated functions of the chip during those exceptions, memory values can be read out of the processor regardless of the memory read-out security.
This is a very in-depth breakdown of this specific attack on theses controllers, however it isn’t “ideal”. It requires physical access to the debug interface, plus [zapb] was only able to draw out about 94% of the internal memory. That being stated, while it would remain in STM’s best interests to fix the problem, it’s not the worst attack we have actually ever seen on a piece of hardware.