Hi- Did some searching, but could not really find any answers that directly relate to the Due/CortexM3.
How easy/hard would it be to pull the Arduino program out of a Due and copy it?
I realize nothing is "unhackable", but on a scale of 1-10, how secure is a Due program?
What are some cheap/easy ways of making the program more secure? Can you access some of the CortexM3 security features easily via the native USB port and enable those?
Final question...if it is possible to access some of the CortexM3 security stuff with Arduino, is it still possible to erase/reprogram the Due? A "one-way door" would be nice, with the ability to program the Due easily for updates, while keeping the "read program out" function secure.
duramaxhd:
I realize nothing is "unhackable", but on a scale of 1-10, how secure is a Due program?
What is 1? What is 10? For 99% of the population, programming is magic spells spoken by magicians. They don't attempt to understand it. "Uncrackable" to them is "How hard is it to hit with a hammer?" If your product sells in the millions or billions then there's quite likely an organization with an electron microscope reading it right now.
The Arduino framework specifically makes it difficult for you to close the door. It wants it to be as easy as possible to keep using the door to upload programs. That is good enough for the 99%. If you want to protect against 99.9% of hackers then it rapidly gets very very expensive - you must have one-time-only programmable chips. In fact often it's zero times - the chip is manufactured with the program already on the etch masks. Then you have to worry about the smart engineers at the factory doing that maybe took a copy on a USB stick when you weren't looking. A truly uncrackable chip is compromised by a USB stick.
A stock Due with normal Arduino sketch is trivial to copy. Nothing is done to protect the flash from being read, and the bootloader probably bypasses some of the things that could be done.
The chip on the Due DOES include mechanisms for making it harder (supposedly "not possible", but there's always the acid-decapping and probing with electron microscope...) I don't know offhand what they are. Typically disabling bootloaders and setting some fuse bits.
You could also use SW measures, like reading the HW unique identifiers and saving them in an unused flash space the first time the sketch is run (hopefully "factory test.") Thereafter, if the code is run on some other chip, it could refuse to work. Easy to work around by reading and patching the code, but that may be more difficult than defeating the hardware protection, for some groups...
westfw:
You could also use SW measures, like reading the HW unique identifiers and saving them in an unused flash space the first time the sketch is run (hopefully "factory test.") Thereafter, if the code is run on some other chip, it could refuse to work. Easy to work around by reading and patching the code, but that may be more difficult than defeating the hardware protection, for some groups...
Very interesting thought...clever idea!
Is it easy/hard to read the Due chip's serial number?
MorganS:
The Arduino framework specifically makes it difficult for you to close the door. It wants it to be as easy as possible to keep using the door to upload programs. That is good enough for the 99%..
Ok, if its "good enough for the 99%", thats probably good enough for me.
Im still interested to look into westfw's idea though, as that would be easy to implement and maybe add an extra .1%.
