Thoughts on importance/need for encrypted firmware ie locked Teensy

strud

Well-known member
I have a product I've developed for which I use the Teensy 4.1, it is a data acquisition and related product.
I was initially planning to provide these with the locked version of the Teensy 4.1 so I could prevent people from copying the firmware onto other teensy boards but this seems a bit pointless as the firmware is only of use with the specific hardware of my product.

I'm interested to hear from others regarding this point as I don't see the reverse engineering of my code as a real risk and not having to use the lockable teensy and encrypted code eliminates one extra complexity.

Have others considered this much?
 
I have a personal project that acts as an RV leveling helper (it tells you exactly how many inches to raise which wheels ont he RV and/or trailer). As such, it includes a 240x320 TFT touchscreen display, a LiPo battery, a battery charging/management module, and an accelerometer, all installed on a compact PCB, with a 3D printed case. The accelerometer is kind of specific to this project's function, but the rest of the components together form a nice compact setup, with fully integrated user interface capabilities. If I were to sell this as a product (I'm retired, so my interest in "going into business" at this point is quite low), I've considered the possibility that someone could take these "finished products" & use them to create something different (simply by reloading different firmware into them, & potentially removing the accelerometer). Now, one may ask, "what should I care . . . I've already gotten my money out of the initial sale ??". I really shouldn't, but this would be my personal justification for encrypting the firmware on any units that I might sell, if and only if I were to go into the business of selling them. Someone copying the firmware to other devices is not really a concern of mine, since I have already publicly published this particular project on github. My 2 cents . . .

Mark J Culross
KD5RXT

P.S. The lockable Teensy is really no different than the non-locking version, other than it is *capable* of being locked. The process steps for loading/updating firmware are exactly the same for both. Yes, you have to create/maintain your secure key (CREATE once)...yes, you have to perform the one-time locking procedure on the lockable unit (LOCK once)...and yes, you have to create an EHEX file instead of a HEX file (if your KEY if found, then the EHEX is created automatically). However, once locked (and even before it's locked), the actual actions are exactly the same for each.
 
Hey Mark,

Thanks for your considered response.

Your product sounds very nice!

I can see for products that have actuators or potential safety issues then preventing other versions of firmware from being loaded is a very good reason to enable the locked/encrypted mode.

I am happy for users to run their own firmware on my device once they have it as this is one of the points of difference to other DAQ systems.
One issue I can see that could open me up to increased risk is warranty ie that someone could install some bogus or dodgy firmware on the device that in some way (not sure how exactly) damages the device and they then try to make a warranty claim after loading default firmware back onto the device.
 
If you've created a key.pem file (which today can only be done from Arduino 1.8.19 or command line) and it's in the correct place where the build tools find it, you'll get an encrypted .ehex file created automatically alongside the normal .hex file. It happens automatically every time you compile. The only real effort required is creating your key.pem file, especially if you use newer Arduino IDE or PlatformIO or some other software.

The main risk with encryption is losing your key. Make backups!!! Without the key.pem file, new .ehex files can't be created. You would no longer be able to create files to run on all the hardware locked with your former key. Once locked, the hardware won't run normal .hex. It's only possible to update it with .ehex created using the correct key.

The other work to be done for each Teensy is the process of burning your key into the fuse memory and locking the hardware. We've tried to make it as easy as possible, but it does require uploading programs to do those steps.
 
Hi Paul,
I don't have any issue with the process you have created at all. My question for the forum is how important people feel it is to use this for a product that is going out to consumers.
One thing that does weigh into this a little is the availability of the lockable boards vs the std type. Many stockists (actually all that I can find other than your store) only keep the non-lockable type.
 
The other consideration is third party copies. Let's say your product gets popular. There is likely nothing that will stop a dedicated person from copying your circuit board and reading the ID numbers and letters on the tops of chips to reverse engineer the whole schematic. Now they print 10,000 of their own boards with all compatible chips to what you used. What is the missing piece? The firmware on your boards. If it is not encrypted, they can simply copy it off of one of your boards and burn it onto all 10,000 of their boards. Now they compete against you but their R&D budget wasn't nearly as large as it takes less effort to copy a known working design than it takes to make it in the first place. Also, they're probably in China, Indonesia, some other cheaper location so their overhead is likely a lot less.

That, I think, is people's chief concern. Who cares if someone reverse engineers your firmware and burns their own version to their board? No, the real danger is in direct copies. This is, of course, why PJRC products have a bootloader chip that you don't get firmware access to. This allows them some level of control over production of teensy boards. Otherwise you can guarantee China would be pumping out clones in a heartbeat.
 
Now they compete against you but their R&D budget wasn't nearly as large as it takes less effort to copy a known working design than it takes to make it in the first place. Also, they're probably in China, Indonesia, some other cheaper location so their overhead is likely a lot less.

They can also save the cost of providing technical support by tricking their customers into asking you for support.

If your product becomes successful enough that it's resold through dealers or distributors, then you'll have a very difficult time to confirm if a customer needing help actually purchased genuine product you manufactured. Even harder if you license and outsource the manufacturing. You'll have to decide how to respond when someone insists they have your product but you're pretty sure they but can't confirm they actually have a clone or counterfeit.
 
Last edited:
Back
Top