Any way to implement protection on python code from reading?

Hi folks,

The OpenMV is so convenient that we’d like to use it in some small batch products. However, we’d like to make it not that convenient to duplicate or modify. So if there is a way to prevent the user from getting the Python code, it will be ideal. Unless the script is easy to be extracted from firmware dump, I guess the hardware ID can protect against firmware dump.

We are wondering how many ways we can get Python script from openMV? I can get file either from Mass Storage device or REPL, I suppose disable USB may block these ways? Or there are better ways to protect?

Any thoughts are appreciated.


Hi, yes, it is possible to do this. I can’t tell you the steps because I haven’t done it before but the STM32 microcontroller has code protection features in it that you can turn on to disable reading of the flash on the microcontroller via the debug interface to prevent jtag firmware dumps. See the 2000+ page STM32 product reference manual and look at the flash section to get the registers you have to set. As for disabling the USB access, you’ll need to recompile the firmware image not to have the mass storage device. I don’t know how to quite remove the device… However, you can easily embedded the python script in the main.c file and edit our startup code to execute the python script on turn on. This will bypass the mass storage of the script. Then… By setting the prevent jtag flash read flag the firmware cannot be dumped anymore without a complete erase of the device.

Our bootloader or DFU will let you flash the new firmware image you make over USB so you don’t need any special hardware once you have a script. Also you can just put the register prevent read back register writes in C and they can execute every time the device boots. One the first run the flash will be locked and then on any other turn on they won’t have any affect after the first execute until the entire device is erased again.

Awesome! Thanks for your suggestion.