Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Novice
1,819 Views

hardening edison products -- protecting flashing

I haven't seen a good description of the Edison flashing process (like a principles of operation document).

(I've seen the DFU protocol documents).

Is there a way to password protect the flashing process? It seems if you do things like:

password protecting u-boot

password protecting logins/eliminating logins

someone determined can still:

1) get the images off edison

2) reflash the uboot/uboot env to get at the system

I've heard talk about epoxying an edison to a production board, without usb access (serial and usb OTG) -- which inhibits people from breaking into a system and

protecting IP -- but makes post-mortem analysis of software failures very difficult.

Is there a way to protect the flashing process?

0 Kudos
6 Replies
Highlighted
Community Manager
17 Views

Hi martyl,

 

 

We are now investigating this case. We will let you know once we have some more updates.

 

 

Regards,

 

-Pablo
0 Kudos
Highlighted
Community Manager
17 Views

Hi Marty,

 

 

I've been doing some research but unfortunately was unable to found anything specific for the Edison or embedded devices in general. A good way to prevent the user from accessing or modifying the system would be to remove the serial access, but as you mentioned, this would have consequences when trying to analyze failures.

 

I've been reading some articles about digital signatures to avoid software modifications, but this is the only information I've found so far. I found this one particularly informative, http://mil-embedded.com/articles/protecting-systems-unauthorized-software-modifications/ http://mil-embedded.com/articles/protecting-systems-unauthorized-software-modifications/, I suggest you to check it. With any luck, you'll find some more information about this method and how to implement it.

 

 

Regards,

 

-Pablo
0 Kudos
Highlighted
Community Manager
17 Views

Hi Martin,

 

 

Did you search about digital signatures? Have you seen anything interesting?

 

 

Regards,

 

-Pablo
0 Kudos
Novice
17 Views

This is another thing to look at (running protected binaries, which has to be examined).

But I was specifically talking about the ease with extracting the flash image -- even if you don't provide OTG USB on the product,

there's no much for taking the edison and mounting it on the arduino, and extracting the flash (I've never done it, supposedly it can be done) or massing the uboot variables to drop into a root shell....

It was "half-joke" to epoxy the edison to the board so you can't remove it non-destructively,

I would have liked to see a "modicum" of protection (perhaps a password to flash?)

0 Kudos
Highlighted
Community Manager
17 Views

Hi Marty,

 

 

Yes, you are right, that would be just a part of the process. I was looking at the Edison U-boot documentation from GitHub and found this information, https://github.com/01org/edison-u-boot/blob/master/doc/README.autoboot# L85 https://github.com/01org/edison-u-boot/blob/master/doc/README.autoboot# L85. It apparently specifies some options for a safer autoboot. Have you read it before?

 

 

Regards,

 

-Pablo
0 Kudos
Highlighted
Community Manager
17 Views

Hi Marty,

 

 

Did you find anything helpful from the link I provided? I did some more research but didn't find anything else regarding this topic, I'm wondering if you have found anything else.

 

 

Regards,

 

-Pablo
0 Kudos