Arduino Zero - program security Questions


I'm currently working on a piece of code on an Arduino MKR Zero that should cryptographically sign messages. Communication is done via webUSB.
The issue is: when i plug the arduino into an untrusted pc I don't want the flash to be read/written via usb. (eg reflash)

My Arduino zero's bootloader does autoreset when the board is 'touched' by the magic baud rate of 1200bps.

Can the autoreset be disabled such as the bootloader is loaded only if the reset button is pressed?

Are there other security features to be enabled? I'm a newbie in fuse-bits, bootloaders, etc. I usually write higer level code.

PS: I tried the 120ohm / 10uF between RST and 3.3V/GND but it doesn't work, as the reset is from software.


I modified the core for samd boards in C:\Users(username)\AppData\Local\Arduino15\packages\CDD.cpp

This has the effect of disabling the reset when the 1200bpm touch comes.

// auto-reset into the bootloader is triggered when the port, already
 // open at 1200 bps, is closed. We check DTR state to determine if host 
 // port is open (bit 0 of lineState).
 if (_usbLineInfo.dwDTERate == 1200 && (_usbLineInfo.lineState & 0x01) == 0 && 0)

As I saw similar looking questions I want to clarify:

I don't care about the 'nobody can copy my code' narrative. The code will be open-source.

An eeprom module attached will contain ecc private keys and other secrets used to sign messages.

The philosophy is that the device is the key. (If you have the physical device you can sign whatever you want).

The requirement is that the code will remain consistent throughout use. That means that the program code should not change without user explicit permission.

I don't want to have the device be silently flashed with malicious code if i plug it into a random USB.
I want to allow the user however to flash any update or arbitrary code (if for example the user presses the reset button at the correct time).

As far as I understand I need a bootloader(to allow reflashing) but I want to block the auto-reset(so that reflashing requires physical interaction).

Secure boot would be amazing but I doubt there are premade bootloaders with that for arduino.