Forum Rule: Always post complete source code & details to reproduce any issue!
Results 1 to 4 of 4

Thread: Teensy 4, signed/encypted boot images

  1. #1

    Teensy 4, signed/encypted boot images

    Hello.

    Is it possible to compile for Teensy 4, generating a signed or encrypted image of the binary?

    I need the binary to be protected so that in commercial applications, nobody can extract it, since being stored in external flash is available to anyone.

    I know the procedure with RT micros using MCUXpresso to create protected bootable images, but I don't know how to do it with Teensy 4.

    Regards.

  2. #2
    Junior Member
    Join Date
    Sep 2017
    Posts
    18
    The only software solution would be to program your own loader using the on-chip encrytion and UID features.
    Or use really strong epoxy resin with an embedded vial of nasty acid, like in the old days...

  3. #3
    Senior Member+ defragster's Avatar
    Join Date
    Feb 2015
    Posts
    9,957
    The 1062 can run from encrypted flash - Paul made some note about implementing that during Beta.

  4. #4
    Senior Member PaulStoffregen's Avatar
    Join Date
    Nov 2012
    Posts
    20,684
    The short answer is no, secure encrypted code isn't supported at this time.

    To expand on that just a bit, while you probably could craft an encrypted firmware image (using NXP's tools... we don't support that from Arduino+Teensyduino), you can't burn the SEC_CONFIG fuse to put the chip into secure mode. Every Teensy 4.0 has this fuse at 0, and BOOT_CFG_LOCK is at 01 (write protect) which prevents any further writing to that group of fuses. We also set MAC_ADDR_LOCK to 01 and MISC_CONF_LOCK to 1 on every Teensy 4.0.

    This is done to prevent Teensy 4.0 from becoming "bricked". There are many ways to burn those boot config fuses which would permanently brick your board. That's far too risky for a product like Teensy which is meant for learning and experimenting and rapid prototyping.

    We may at some point in the future sell a "lockable" version of Teensy 4.0, which would have BOOT_CFG_LOCK at 00. When/if this product is made, it would have a different color PCB (likely red) to be visually distinct from the standard Teensy 4.0.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •