blocked

jean

Active member
Hello everyone, and is it possible to protect a teensy 4.0 in read / write if so how to do it or how do you do it?

Merci Jean.:rolleyes:
 
Assuming you mean the code on the external flash? Paul may clarify but ...

It isn't published as possible yet - and won't be on current or future 'user' retail Teensy 4.x as that welcomes user unfriendly way to brick the Teensy.

Work is planned for DIY 4.x bootloader chips that will allow read protect of the flash by MCU encryption key process. And IIRC there may be a special version released when complete, and 1062 chips are available, for a unique Teensy that allows that.

I suppose that inadvertently stops write as well as the MCU will only run keyed encrypted code - so if flashed unencrypted or improperly encrypted HEX - it will not run - but that wouldn't prevent loss of existing firmware if programmed.


Paul - might the unique Teensy not have a program button to show it unique and safe from pressing? Using one of those would then require using the Program Pin to alter the code when Auto over USB doesn't work? It seems even the 15s Restore code would fail once encryption fuses were set.
 
I think it should be somehow possible to write-protect the flash chip.
But of course a write protection does not protect against desoldering and reading with other hardware.

As Defragster mentioned, Paul is working on it.
It is very complicated, and then needs very extensive testing because it needs a modfied bootloader which means there is a high risk when updating older Teensies out there (I woulnd't take this risk and use it for new Teensies only ("v4.01"?) ) My hope is that this will happen along with other things like non-volatile file systems in Flash
 
Indeed I have been working on flash encryption support. It's the main reason I've been less active lately on other software.

When PJRC officially supports encrypted flash, we will begin selling a "lockable" version of Teensy 4.0. New "standard" Teensy 4.0 will also get a minor change so you can also use encryption, but it is not as secure. Older Teensy 4.0 boards, made before June 2021, will not support encrypted flash.

Both standard and lockable will allow you to encrypt the flash memory. If someone desolders the flash chip and reads it with other hardware, they will see only encrypted code, plus the plaintext header used to configure flash setting during boot, and the digital signature. All of the actual code will be encrypted.

Encryption alone doesn't mean your code is fully secure. There are other ways than removing the flash chip which a hacker may attempt to steal your code. On standard Teensy 4.0, the JTAG debug pins are always available and unsigned code can always boot. While you can try some tricks to mitigate these risks (like reconfiguring the JTAG pins as GPIO at startup), they always remain as a possible path for a hacker to obtain access to your code, either by debugging while it's running or by attempting to alter only a portion of the flash chip with their own code.

With the lockable version, you will have access to fuse settings which permanently disable the JTAG pins and permanently turn on a secure mode where only signed code can boot. Like any locking door, if you mistakenly lock it without having your keys, you are locked out. Unlike the door on your home, there is no locksmith who can break strong encryption to restore your access. I've been working on a process which will hopefully minimize the risk, but the upcoming lockable version of Teensy 4.0 can become permanently bricked if you make a mistake setting the secure mode or if you run special code which alters other critically important fuse settings. Of course if you lose your encryption key, you'll never be able to reprogram locked boards with that key permanently burned into their config fuses.

Standard Teensy 4.0 is permanently configured to always reliably give you a way to recover from mistakes (at least software mistakes - no config can protect against hardware damage) and you can always reprogram it with new code. Unfortunately there is no way to have both safety from mistakes and the ability to lock security to only booting signed code, which is why PJRC will soon offer a lockable version.

If you build a custom PCB with the bootloader chip, your custom board is lockable. But the bootloader code currently shipping does not properly support secure mode. It will be updated when we release the lockable Teensy 4.0.
 
Hello and thank you for your answers.
Indeed the goal is to protect the code even with a chip desoldering, my products are not revolutionary but I would not like to see myself copied, I am rather in a small product niche.
Paul, do you have a link and an availability date for your tennsy4.XXX cards? or a place to reserve them? I wanted to start the distribution in September.
I would keep my tennesy4.0 for my presentation and testing:eek:
 
Back
Top