If your going to have a physical button to enable it to be reconfigured you dont have many options. An idea may be to write something to flash storage after the first time its been configured and not allow additional setup attempts unless that file is removed but if someone has physical access to the device there's nothing stopping them connecting over uart and removing it via repl. Alternatively. A physical preventative might be more suitable (lock it in a box)

@robert-hh Very good information! Thanks very much for your help!

@robert-hh said in Security - IP Protection: @catalin Don't forget to lock the JTAG interface (if possible). There is a fuse to disable JTAG (JTAG_DISABLE). Furthermore, unless you build a firmware with DEBUG enabled, the JTAG IO pins are re-initialised as inputs with pull-down enabled during micropython startup.

@ade-ro You can use WLAN.init() it accepts the password in the auth parameter.

There's no urgency on my part, I just thought that the community here would want to know whether or not a fix could be expected soon and I noticed that nobody had yet asked the question.

@jmarcelino Securing keys on a device is always hard, or, not possible. If the program can decrypt the keys for use, then the decryption keys are known and thus the keys it self :-) And I think, every device get's it's own keys, thus if one is tampered with, all others may not be. What do you mean with framecounters? The tcp/ip frames? And MIC attacks? Sorry, I am dumb :-)

@jmarcelino if that is built in to the low level esp.read and esp.write to flash, then it may be transparent, covering anything in flash, like binary code, frozen bytecode and file system. It would then protect against raw readout of flash bypassing the esp.