SPI bus tamper detection

Hi All,

Not sure if this is the best category to place this question but here goes…

I have a design that I want to make “secure” and protect the SPI bus that sends data back and forth from a Nuvoton M480 series microcontroller and several TMC4361 devices. The SPI bus is vulnerable to snooping and I want to find a way to sense this “snooping/probing” and either send the microcontroller into an infinite loop or wipe the flash entirely. I sell boards in a very competitive market and cannot risk the design being compromised. What I have created took me MONTHS of work to create and I do not want others figuring out what I have done. Are there devices out there that can detect SPI bus abnormalities? Is there a way to create a sensing trace in a PCB to detect abnormalities on communications buses in general? The Nuvoton line of microcontrollers has tamper detect pins and would like to use this feature if this is the way to go. Any ideas on how I can achieve this goal?


Eric Norton

Hello Ericn,

The SPI bus would be documented on the TMC4361, any communication between parts on that bus would not be encrypted. I was unable to find an option on that chipset for such a communication option. Forensics into the state of your SPI bus would another avenue for you to investigate, so long as you can guarantee a valid state of your bus through instrumentation. Any deviation from that state could be communicated to your microcontroller.

If your goal was to stop undesirable communication (injection), you may be able to scrutinize the SPI bus by using GPIO ports on your controller (Bit Banging) or some other monitor and reacting on another pin if you sense undesired behavior. The Freeze pin or external clock being likely candidates if you need to spin the chip down.

Both of these options fall into my opinion of being extraordinary measures. The logic of your code would still be locked away inside your microcontroller. So the only thing the SPI bus is really betraying is the state of the motor controller and any other devices on the bus. I would advise not spending your R&D time securing a SPI bus if you can.

Hello Eric,

There is nothing to be done using the traditional SPI hardware. As you stated, it is very easy to connect a modern logic probe to the device and capture every packet.

My initial thought was to obfuscate the information. For example, you could write garbage to the SIN lookup tables. Perhaps a glorified communications check where you send random data to the TMC4361 and then read it back using a type of CRC algorithm.

There are a few problems. The data and specification for the TMC4361 is a well know and published. Given time and dedication I suspect any obfuscation attempt will be undermined - but you don’t need to make it easy. There are also limitations regarding energy consumption and integrity of the system. Clean and simple is always better.

Another thought is to install an ultra-high-speed time interval counter or ADC to capture and characterize the waveform associated with the serial clock. Any additional capacitance / load associated with an external logic probe would change the waveform timing and or voltage levels. The problem with this is that board age, humidity, dust, etc. can cause false triggering. The likely result is a buggy device with unexpected intermittent failures.

My last thought is to physically place metal shield over the SPI devices. You could embed electrical connections into the shield. You could also embed proximity sensor functionality to detect that the shield is in place. This is a very complex solution with a host of undesirable cost and thermal control issues.

Perhaps it is enough to code lock the microcontroller.

Best Wishes,


P.S. I admit to a less than perfect understanding of the Nuvoton tamper pins. I do not see how they could protect the SPI from snooping.

P.P.S. Your project sounds interesting. I’d love to know more.

I suspect that no matter what you do somebody will find a side channel attack that can read the data.

Typically patents are used to protect transmission protocols from being stolen.