Storing device key on Emulated EEPROM vs. External Flash

I am using the DeviceKeyHelper library in my product to restore the device keys if necessary.

Since my devices were already out in the field, I am currently using the Emulated EEPROM.

I am in the process of finalizing the commercial version of the product where I am using the Electron E-series. On the E-series, there is an option to use the SPI1 interface and solder a flash chip directly on to the E-series module. It is an easy fix!

I prefer not to use the SPI flash chip unless it is absolutely necessary.

  1. I would like to maintain consistency in firmware across the fleet. I am a bit reluctant to have the devices in two groups across the fleet.
  2. I have peripherals connected to the I/O pins assigned to the SPI interface. There would be a big difference in both the PCB and the software if I move the peripherals. I am aware that this could be resolved using a board identifier.
  3. I am trying to skirt around the problem as it is a one-man show and the whole revision would cause delays in other projects.

According to @rickkas7 in his repo’s README:

The device private key is kind of large and specific to each device. While there’s a demo of storing it in the emulated EEPROM, that’s not the best location as the ideal location is not in the STM32 flash.

The device key is the only information stored in the EEPROM.

My question is: Am I putting myself in a disadvantage by not using an external flash? The emulated EEPROM seems to work for me. I have tested in 190+ devices so far. Any thoughts are appreciated.

It’s probably OK to use the emulated EEPROM. While it’s possible that the sector could be erased just like the configuration sector (DCT), there’s little evidence of that happening, so you’re probably OK.