Sucure Boot? Freeze boot.py?
Posted: Tue Sep 14, 2021 4:50 pm
Hi,
I would like to utilize a method to run python code that is signed or to look for a key file on the filesystem.
I'm not looking for the ultimate security, but something better than what exists.
I am not looking at encrypting code at the moment. Just a mechanism that resets the MCU if a signature file is missing or incorrect.
I've frozen some code, but this isn't enough to create a decent secure boot.
Is it possible to freeze boot.py and have it execute upon a reset? Or some other program that can execute prior to a normal boot?
I know it's possible to create a C program to execute first, but I would prefer to use MicroPython. If I have to use C, then I'll need access to the file system and I2C routines, hopefully by executing MicroPython code.
My system does include an ATECC608 security chip which I can use as a helper.
I would like to utilize a method to run python code that is signed or to look for a key file on the filesystem.
I'm not looking for the ultimate security, but something better than what exists.
I am not looking at encrypting code at the moment. Just a mechanism that resets the MCU if a signature file is missing or incorrect.
I've frozen some code, but this isn't enough to create a decent secure boot.
Is it possible to freeze boot.py and have it execute upon a reset? Or some other program that can execute prior to a normal boot?
I know it's possible to create a C program to execute first, but I would prefer to use MicroPython. If I have to use C, then I'll need access to the file system and I2C routines, hopefully by executing MicroPython code.
My system does include an ATECC608 security chip which I can use as a helper.