search

Nitrokey / nitrokey-start-firmware

A mirror of Gnuk's 1.0.x and 1.2.x branches.
56 stars 15 forks source link

Self flash-read protection #15

Open szszszsz opened 5 years ago

szszszsz commented 5 years ago

Enable flash read-protection in the firmware, right on the very first device initialization.

Related: #14

coelner commented 3 years ago

As reminder: https://blog.zapb.de/stm32f1-exceptional-failure/

szszszsz commented 3 years ago

@coelner Indeed, in this view such solution is not that much needed to implement anymore.

coelner commented 3 years ago

Or, like the solokey, offer a normal and a hacker version The normal version could be sealed with your glitter epoxy. Without the photo, but atleast used as visible seal?

szszszsz commented 3 years ago

We thought about that, but epoxy does not scale well for the production. We plan to mitigate this problem by moving to another MCU in the next hardware revision. As for the user data, these are secure as long as the PIN is not brute-forced, which is why we ask to provide longer PINs since latest firmwares.