I am now looking at how to best achieve the following for source code protection (which I know is not a 100% guarantee but barriers help), but this is a bit new to me so I am trying to work out the best way to go:
- Prevent someone from reading the code from the STM32
- Prevent someone from taking a DFU code update and applying it to a copied PCB
- To prevent someone from reading the code I will use an ST-LINK/V2 to set the required bits before shipping as ST DfuSe does not seem to give this option
- To prevent the use of a DFU update sent to (or downloaded by) a customer being used in a copied board I plan to use a secret key (if it is secure enough to keep it inside the code) and to hash it (SHA256 in the uhashlib) with the STM32 serial number (pyb.unique_id()). This will then be supplied in a "license.txt" file on the SD card which locks the STM32 to the hardware (I hope!) and on power up it checks if the license matches the internal hash with the secret key and STM32 serial number
- It seems you cannot set the required security bits in the STM32 using DfuSe?
- If I connect an ST-LINK/V2 to the board (Pyboard 1.1) then I assume I will be able to set the required security bits?
- Is using a secret key stored in the firmware along with the STM32 serial number a reasonably secure method to prevent a DFU firmware update being used in a copied board?
uhashlib – hashing algorithms
http://docs.micropython.org/en/latest/l ... t=uhashlib
pyb — functions related to the board
http://docs.micropython.org/en/latest/l ... 0unique_id