I agree with ade, this is not something to take lightly.
There is no security holy grail that has no leaks, every system ever designed has weaknesses.
You want and have to find the right balance between how much you want to invest to prevent an security incident and the costs.
As you will see in the pictures below, your requirements puts you completely in the ultra high costs ultra high security requirements, I only know banks with smartcards/paying terminals and that kind of businesses that want to put out that much cash to realize.
If you say you don't want to store a secret key inside your Arm device then you already have so many other problems to figure out:
- how will the server authenticate your device
- how will the Arm uC authenticate the external crypto chip
- how will you prevent a hacker to simpley sniff the communication between the uC and the external crypto chip
I can name tens of these you have to figure out, I talked a lot with the external crypto chip guys and none have a solid answer without a shared secret key between the uC and the crypto chip, think about that.
If you have a requirement like
"I am FULLY aware that the device host ARM M4 could be decapped and code ripped, want a secure system even if the firmware is ripped"
that means you need a uC that can execute encrypted firmware with a unique key (not firmware unique but absolute unique per device), which means that any single device gets his own unique firmware(update), think about the logistics here. So ask you questions, do your homework but realize that playing ball in this league takes years of learning and experience and even then you make mistakes because you just think like one persone with one mindset and another person thinks differently and finds ways around that.