The response from NXP is just incredible. Heck of a job their "certified security test labs" are doing, if this has just been sitting out there for years waiting for some curious end-users to find it.
What's the point of those certified labs, then? To think inside the box and tell their client only what they want to hear?
The test lab industry is a grift. They just sell "LGTM" stickers for $30k a pop.
NXP and every other chip company are all just (correctly?) expecting that they will end up needing to do fewer respins by keeping the door to the closet where they keep their skeletons shut.
The problem is that NXP and their direct customers only care about exposure to liability for their products being insecure crap. It's the end users who actually suffer when their security tokens and HSMs are defeatable by anyone with some reversing skills and a few months to spare.
I don't know anyone who genuinely believes that the "secure microcontrollers" available today are even remotely secure. All chip companies act like this. You'd think that one of them would be motivated to release a line of chips with an open boot rom and all of the "oops bits" documented and just let the public have at it. Sure, they'd have to do a few respins, but by the time they were done, they'd completely own the market of products that genuinely need real security and not just rubber stamp security.
Beyond closed ROMs, it's even worse when entire lines of chips are locked behind NDAs.
It's always irked me you could never get programmable smartcards, except via a VM like Java or BASIC. The reason for this AIUI was that smartcard chips tended to consist of an 8051 plus a large customer-specified mask ROM, and very little flash. Except nowadays this is no longer the case, and platforms like ST's ST32 have ARM SC000 cores and, AIUI, are all-flash based. Except they may as well not exist for my purposes since they're entirely NDAware. Non-VM user-programmable smartcards exist, you just can't have them.
I suspect that part of this is antiquated attitudes and/or a refusal to accept Kerchhoff's principle by NXP, and that part of it is a similar attitude held by its customers, the organisations that buy smartcards. NXP's comments here as regards the LPC5S69 almost seem to insinuate something like "We don't rely on security by obscurity ourselves, but some of our customers have outmoded ideas about security and would complain if we opened things."
> I suspect that part of this is antiquated attitudes and/or a refusal to accept Kerchhoff's principle by NXP
That is attributing far too much agency to the players involved.
The real issue is much simpler: "We don't want to be bothered supporting anyone who isn't throwing around enough money that we're willing to actually do the design for them."
What's the point of those certified labs, then? To think inside the box and tell their client only what they want to hear?