Programming one time only?

Hello I'm trying to program a UNO or any type of arduino one time. So it can't be changed or reprogrammed is this possible and how would i be able to do that?

Thank you

josephchrzempiec:
Hello I'm trying to program a UNO or any type of arduino one time. So it can't be changed or reprogrammed is this possible and how would i be able to do that?

Use some epoxy to seal off the usb port.

. . . or for a more conventional solution, google for "arduino atmega328 lock bits" to see if you get your required level of protection.

PaulMurrayCbr:
Use some epoxy to seal off the usb port.

That won't stop someone from connecting a FTDI cable and downloading the hex file from the chip. Not that such a file is generally useful, since it can't be converted back into C++ code.

Setting the fuse bits is the proper answer. That is not done using the IDE, though.

I do like the fact that you think outside the box, though.

Hello all yes before i posted here i did look and researched in google what is the best way to a one time burn in process and there looks like there is a few ways of doing it. One way to stop others from snooping into the code is to write all the pins that was not being used to High. The other way is to Cut off the RX and TX pins. Some even said removing the .01uf Capacitor will stop that as well. Also say some say to Lock bits witch not sure on that yet. there are many talks on that as well. But still i wasn't able to figure out how to stop my UNO board from being reprogrammed. It is why i came here.

But still i wasn't able to figure out how to stop my UNO board from being reprogrammed.

Physical security is the only way. Setting the lock bit will prevent uploading code using conventional means (USB cable or FTDI cable), but it will not prevent someone from using a high voltage programmer from blasting past the fuse bit.

I'm curious why you are worried about THAT, though, and not worried about someone with physical access to the Arduino simply replacing it with one that can be easily programmed.

Well the project I'm doing is making a digital wallet. and having it display on a lcd screen. It is just me being over paranoid that's all.

PaulS:
Physical security is the only way. Setting the lock bit will prevent uploading code using conventional means (USB cable or FTDI cable), but it will not prevent someone from using a high voltage programmer from blasting past the fuse bit.
. . .

I don't believe that a high voltage programmer can be used to compromise the security provided by the lock bits. These can be reset only if there is a complete chip erase (as I understand it), which would effectively prevent data/code being stolen. I believe that it is the data theft aspect which is important for the OP.

6v6gt:
I don't believe that a high voltage programmer can be used to compromise the security provided by the lock bits. These can be reset only if there is a complete chip erase (as I understand it), which would effectively prevent data/code being stolen. I believe that it is the data theft aspect which is important for the OP.

OP did say that he wanted to prevent reprogramming the Arduino. He said nothing about not having the code or data copied off the Arduino.

  • Load the sketch using an ISP programmer, not the bootloader. As long as the bootloader is there, you can reset the board and talk to the bootloader over the serial port and it will let you read and write the flash.
  • Adjust the fuses - during development, make sure you've changed BOOTRST fuse so it doesn't think it's supposed to have a bootloader. After development, when you want to secure it, in a single avrdude invocation, set the lockbits to prevent reading the code, and the fusebits to disable SPI programming and EESAVE (if the data in the eeprom needs to be protected).

At this point, the only way the chip can be messed with is if the attacker puts 12v onto the RESET line with a high voltage serial programmer - at that point, they could change the fuses to permit SPI programming again, and then use that to execute chip erase (blanking the chip and clearing the lockbits) and proceed to load code of their choice onto the chip. Assume that a sufficiently well resourced attacker can get the data anyway though; there are companies that advertise extraction of code from locked micros as a service.

You can make life hard for someone who just has an HVSP programmer by putting a diode from Reset to Vcc (this may already be there on the Uno), so they have to rework the board to do it.

Is the goal to protect the data in FLASH from access or protect the rest of the hardware from being used with rogue firmware in FLASH? The fuse settings you can prevent someone from reading out the FLASH memory.

There is no easy way to prevent rogue firmware from being put on the chip if it is possible to access the chip’s pins. Fuse settings won’t prevent the chip from being cleared and re-written with rogue firmware. You would also have to protect against counterfeit hardware: just swapping devices.

I would have thought that the main issue was protecting the data/code in flash which may contain critical items like encryption keys, passwords, intellectual property etc. and not simply to make a stolen chip unattractive for a thief to reuse for another application.

6v6gt:
I would have thought that the main issue was protecting the data/code in flash which may contain critical items like encryption keys, passwords, intellectual property etc. and not simply to make a stolen chip unattractive for a thief to reuse for another application.

Except that the problem was explicitly: "program a UNO or any type of arduino one time. So it can't be changed or reprogrammed". That would indicate that the anticipated threat is rogue firmware, perhaps one that acts like the original unit but provides secrets to a third party.

I agree that the OP didn't phase his original question in a way which was consistent with the requirements of his application, which he later described. And anyway, what he was originally asking was not a useful thing to do, especially on a Uno where the processor chip is not even soldered in (in the official versions).
It is good, anyway, to know that the flash contents can, if required, be protected to a reasonably high degree which would protect against users with 'standard' tools.

I’d suggest that if security is that important, you shouldn’t be using an Arduino. Arduinos are for hobbyists who want to fool about with microcontrollers.

Hello Everyone sorry i could not get back to post on here my wife is badly sick and well things happen. So I'm back now and I would like to thank everyone for there comments My project to keep something like this safe is a little over my head. I'm trying to figure out what would be the best way to keep it as what i would call safe. So in this case into i do I will keep on doing my research and move on to the next arduino project. I have 3 projects I'm working on this is one of them. So let's see how it goes and if i come up with any idea's i'll be back. Again thank you all for the idea's and Suggestions i will keep them in mind.

Oh i did have one question if they can not probe normal Serial pins or spi pins Can they get information from I2c lineS? I was just wondering. Because I'm only really using is I2c and 2 digital pins that is all.

josephchrzempiec:
Oh i did have one question: If they can not probe normal Serial pins or SPI pins, can they get information from I2C lines? I was just wondering. Because I'm only really using is I2c and 2 digital pins that is all.

If 'they' can get to the I2C lines without destroying the hardware they can see every bit that travels in either direction on the I2C bus.

Hello Johnwasser. That is true. I'm debating on IF this this what i would like to take on or not. For now I have another project I'm working on. That is a little more important then this one. So i will see in the next day or two if i want to complete this project or wait and see what i would like to do.