Page 1 of 1

Sucure Boot? Freeze boot.py?

Posted: Tue Sep 14, 2021 4:50 pm
by bradstew
Hi,

I would like to utilize a method to run python code that is signed or to look for a key file on the filesystem.
I'm not looking for the ultimate security, but something better than what exists.

I am not looking at encrypting code at the moment. Just a mechanism that resets the MCU if a signature file is missing or incorrect.

I've frozen some code, but this isn't enough to create a decent secure boot.

Is it possible to freeze boot.py and have it execute upon a reset? Or some other program that can execute prior to a normal boot?

I know it's possible to create a C program to execute first, but I would prefer to use MicroPython. If I have to use C, then I'll need access to the file system and I2C routines, hopefully by executing MicroPython code.

My system does include an ATECC608 security chip which I can use as a helper.

Re: Sucure Boot? Freeze boot.py?

Posted: Mon Sep 20, 2021 7:54 pm
by bradstew
I found a solution. Basically it involves disabling USB (CDC and MSF) under certain conditions. Secure BLE is used to lock/unlock the REPL.