As the device is writing to the filesystem during PIN verification, cutting off the power can cause damage of the flash FS.
It can be mitigated if we split the flash to 2 parts, write data to the second part, and copy it to the first part when we are done.
This approach can be abused for an attack though - if the attacker bruteforces the PIN and cuts the power every time PIN verification fails he could rewind the device to the previous state. So we have to be very-very careful when implementing this.
Probably copying back and forth should be done in a few iterations to make sure we don't open an opportunity for such an attack.
As the device is writing to the filesystem during PIN verification, cutting off the power can cause damage of the flash FS.
It can be mitigated if we split the flash to 2 parts, write data to the second part, and copy it to the first part when we are done.
This approach can be abused for an attack though - if the attacker bruteforces the PIN and cuts the power every time PIN verification fails he could rewind the device to the previous state. So we have to be very-very careful when implementing this.
Probably copying back and forth should be done in a few iterations to make sure we don't open an opportunity for such an attack.