What is "NDAware"? The only reference I can find to this term anywhere on the web is in your comments on HN.
And what is your threat model? The STM32 series are designed to protect IP in industrial applications, so if their readout protection was easy to break that would destroy a substantial portion of their market.
By NDAware, I mean chips that require NDAs to access datasheets and register manuals, and which are thus are of no interest to me.
STM32 is vulnerable to glitching, as are MCUs specifically marketed for "secure" applications like the SAM L11: https://chip.fail/
If your MCU doesn't specifically list hardening against glitching specifically, it's almost certainly vulnerable to it (and good luck finding a MCU with anti-glitching measures which isn't NDAware). Best not to take the security claims of hardware vendors too seriously unless you've personally verified things.
Interesting to note these kinds of MCUs are used by things including Bitcoin wallets, etc., rather than purpose-built secure element chips, almost certainly because the latter are all NDAware. The above research managed to trivially glitch these chips. So this is an example of a real harm and security issue being caused by the current state of the SE market and its obsession with secrecy.
Ah. I parsed that as ND-Aware, not NDA-ware. You might want to add a hyphen.
> this is an example of a real harm
That depends on your threat model, which is the reason I asked. The SC4-HSM is designed to be secure against loss and casual theft (i.e. a home robbery), but not active theft by a technically savvy adversary.
And what is your threat model? The STM32 series are designed to protect IP in industrial applications, so if their readout protection was easy to break that would destroy a substantial portion of their market.