Teensy 4.0 code security?

Have there been any substantial changes to the security related functions or concept?

I don't speak for Paul, but I did receive one each of the latest T4 and T4.1 boards, and so far things are working fine. As per request so far I have not locked either board so first testing with it to see if they still work like "normal" boards... So far so good.

As far as concept... I believe it is still the same as previous. The main thing was I believe he made some fixes to the firmware to address a couple cases of the dual led blinking issues.
 
@dresden-fx : Same caveats and summary as @KurtE:

Unlocked boards goal unchanged as published (in the detail linked in this thread?)

The process has just been tested and refined as needed to make it safe and orderly. On unlocked boards - proceeding to do the FUSE keying and locking - and then uploading the secure .ehex file using the required Teensy Loader.
 
Have there been any substantial changes to the security related functions or concept?

Nope, no substantial changes, only minor bugs fixed. These are the changes.

1: In unlocked mode, a timing error was fixed, where communication could fail if attempted while the IMXRT chip reboots. Previously the red LED could give a 7 blink error (a false alarm) immediately after uploading certain programs, when in fact everything was working properly.

2: In unlocked mode, communication could fail if the IMXRT chip ran at 24 MHz. Now 24 MHz is supported. Previously the red LED would give an 8 blink error when 24 MHz was used.

3: In locked mode, the 15 second button press is not used.

4: In locked mode, a bug with checking the serial number was fixed when entering bootloader was fixed.
 
Thank you guys for the summary. Didn't follow the Teensyduiono 1.55 Beta thread for some time as for my purpose the security functions already worked well.

All in all it's great to hear, that the lockable design stabilizes and the official release is right arround the corner. You all did a very good job. Thank you very much.
 
Since I can't find any thing in the forum or on Google - Does code security work on a Teensy MicroMod?
I just tried to run the Fuse sketch on a brand new MicroMod and I get the following error:
Code:
Writing public key hash
Okay: public key hash is good :-)

Decryption key was previously written & locked, so
it can not be directly verified, but the following
test will confirm whether decryption works.

Error: decryption can not be used on this Teensy

Testing Bus Encryption Engine
Error: ciphertext decryption did not match plaintext!
  plain:  04 0B A7 A4
  cipher: B8 61 4D F6
  dcrypt: B8 61 4D F6

Error: JTAG can not be disabled

Error: Secure mode can not be set
After going to the T4.1 product page on PJRC, I realized there is a version or the T4/4.1 that is shipped unfused, which is the lockable version.
But there is no such thing for the MicroMod..@PaulStoffregen will this be an option on the MicroMod at any point in time? Or would I have to replace the bootloader to support this?
 
MicroMod does not yet have a lockable product. Sparkfun may add it in the future. But so far all MicroMod are the same as standard Teensy, shipped with fuse settings that do not allow changing the boot config to lock secure mode.
 
MicroMod does not yet have a lockable product. Sparkfun may add it in the future. But so far all MicroMod are the same as standard Teensy, shipped with fuse settings that do not allow changing the boot config to lock secure mode.

I asked Sparkfun about this very thing a couple of weeks ago. The person who answered my request said he "didn't see anything in the pipeline right now" but then asked how many I might be interested in. I replied by saying I'd shipped well over a hundred T3.6 in a locked configuration, so I couldn't promise huge volumes, but more than just a handful..

Would this be relatively easy for them to do, other than having to stock two versions of the product?

Doug
 
Back
Top