how to avoid the pico-hsm firmware be dumped from its flash and run on other pico boards

[copilot20462]

Hello, When I want to use the pico-hsm as a security module on some specified pico boards to do ECDSA signature. If other guys dump the pico-hsm firmware of these board and copied the uf2 file to their own pico board.

Is there any way to prevent that the copied pico-hsm can't run on their own pico boards?

[polhenarejos]

It’s impossible to avoid it due to the design of Rpi2040. Keys are encrypted with AES256 32-bytes key (master key) and this is encrypted using the hash of your PIN. Therefore, without knowing your PIN is not possible to decrypt the keys. BUT if your flash is dumped to a disk nothing prevents an attacker to do a brute force attack during hours, weeks or months. It will depend on the robustness of your PIN. All the security system depends on your PIN as the input vector.

[al-heisner]

Just a thought - Could we hash PIN + pico_unique_board_id for encrypting the DKEK to break simple copy of flash like this? It could still be attacked, but this would make it harder than simply copying the firmware.

[polhenarejos]

pico_unique_board_id is not a secret number, it can be retrieved easily so it would not add any level of added security. At the end, the input of the whole system is your PIN. If it mixes letters and numbers and is long (>=8), it will take decades.