I am looking at an embedded system where secrets are stored in flash that is internal to the chip package, and there is no physical interface to get that information out – all access to this flash is policed by program code.

All DMA attacks and JTAG and such are disabled. This seems to be a common locked-down configuration for system-on-a-chip.

How might an attacker recover the secrets in that Flash?

I understand they can fuzz for vulnerabilities in the app code and exploit it, that there could be some indistinct general side channel attack or something.

But how would an attacker really go about trying to recover those keys? Are there viable approaches for a determined attacker to somehow shave-down the chip or some kind of microscope attack?

I’ve been searching for information on how various game consoles, satellite TV, trusted computing and DVD systems have been physically attacked to see how this threat works and how vulnerable SoC is, but without success.

It seems that actually all those keys have been extracted from software, or multi-chip systems?