Securing code

Reply to Securing code on Sat, 17 Mar 2018 22:26:59 GMT

Jardar — Sat, 17 Mar 2018 22:26:59 GMT

With the latest FW I understand that it is possible to encrypt the firmware on flash and thus secure the boot.

I have a few questions about how this works:
Will this fix the whole firmware and make it impossible to add new files (except upgrading the whole fw signed with same key)?
If it is possible to add new files to the files can these be run as normal?
If it is possible to add new files is it possible to require then to be "signed" and/or "encryptet" when they are imported?

Reply to Securing code on Mon, 19 Mar 2018 10:54:09 GMT

catalin — Mon, 19 Mar 2018 10:54:09 GMT

Hi Jardar,
I've added some development documentation on the github: https://github.com/pycom/pycom-micropython-sigfox (the bottom of the page).
We should add a section in our official docs, too.
On short, the answers are:

Will this fix the whole firmware and make it impossible to add new files (except upgrading the whole fw signed with same key)?

Yes

If it is possible to add new files to the files can these be run as normal?

I don't understand.

Micropython scripts are being encrypted when they are copied on device (REPL or ftp). This is transparent for user.
Firmware partitions, they have to be pre-encrypted on the PC, before being OTA updated.

If it is possible to add new files is it possible to require then to be "signed" and/or "encrypted" when they are imported?

I think I answered in the previous question.

Reply to Securing code on Fri, 13 Apr 2018 17:50:12 GMT

Jardar — Fri, 13 Apr 2018 17:50:12 GMT

Thanks. Took a bit of time to follow up on this.

If I understand you right the whole flash is basically encrypted. And you can add new files/FW as "normale" as long as these files are encrypted up front.

In the documentation it states something about limited number of times the FW can be updated. From what I understand this only applies if you do not specifcation the encryption up front. Or basically the limitation is on the number of times you can change the encryption key? So there is not a limitation on file/fw update but just the encryption key?

Reply to Securing code on Mon, 16 Apr 2018 07:04:30 GMT

catalin — Mon, 16 Apr 2018 07:04:30 GMT

Hi Jardar,

The docs for secure boot are published/duplicated here: https://docs.pycom.io/chapter/advance/encryption.html

Encryption key can't be changed, nor re-generated (that's why they should be kept safe).
The 3 times limitation is valid just in the following case: the firmware binaries are written not-encrypted using USB (uart), and the ESP32 encrypts all the partitions marked as encrypted (and an ESP32 efuse has to burned.

In all the other cases, like OTA update, ftp transfer, the encryption/decryption is made transparently, without the encryption counter being increased.