Looking for tips and references in order to collect a set of good practices to secure our LoPy devices and code (our devices will end up being installed in the public domain)
Whilst we are aware there is only so much we can do to protect them when the attacker has physical access, it seems there isn't much in terms of documented best practices to achieve this.
Perhaps if we can collect them here we can get it up in a wiki page at docs.pycom.io
The key areas I am interested in are as follows:
WiFi, changing the default WPA password, hidden network option ?
Telnet/FTP passwords (and disabling the services)
Options to only store/load precompiled python byte code
Options to block access to the alternate boot modes.
I've finally gotten around to doing a bit more, so I have a utility now on the device we run to "harden" them
aside from setting some parameters in our code to disable debugging does two things.
(our project doesn't need the wifi radio at all and it better than halves the power consumption on the L01 we found)
Then it writes the following into boot.py
Which disables the REPL Console, leaving only the initial boot messages generated by the ESP.
The only easy way back in then is to short the pins on the module to perform a clean boot.
@daniel Thanks for that, I'll watch out for that and document the hardening steps I am taking here.
Thanks for this useful post. I think we need a set of extra functions to disable the safeboot option after deploying a firmware in production, that way you can avoid people from getting easy access to the device. Adding another function to permanently change the default AP SSID and PW is also a good idea. We'll work on that.