Sucure Boot? Freeze boot.py?

General discussions and questions abound development of code with MicroPython that is not hardware specific.
Target audience: MicroPython Users.
Post Reply
bradstew
Posts: 41
Joined: Thu Nov 29, 2018 9:29 pm

Sucure Boot? Freeze boot.py?

Post by bradstew » Tue Sep 14, 2021 4:50 pm

Hi,

I would like to utilize a method to run python code that is signed or to look for a key file on the filesystem.
I'm not looking for the ultimate security, but something better than what exists.

I am not looking at encrypting code at the moment. Just a mechanism that resets the MCU if a signature file is missing or incorrect.

I've frozen some code, but this isn't enough to create a decent secure boot.

Is it possible to freeze boot.py and have it execute upon a reset? Or some other program that can execute prior to a normal boot?

I know it's possible to create a C program to execute first, but I would prefer to use MicroPython. If I have to use C, then I'll need access to the file system and I2C routines, hopefully by executing MicroPython code.

My system does include an ATECC608 security chip which I can use as a helper.

bradstew
Posts: 41
Joined: Thu Nov 29, 2018 9:29 pm

Re: Sucure Boot? Freeze boot.py?

Post by bradstew » Mon Sep 20, 2021 7:54 pm

I found a solution. Basically it involves disabling USB (CDC and MSF) under certain conditions. Secure BLE is used to lock/unlock the REPL.

Post Reply