Putting all this out there so we can get some brainstorming going on. Im trying to lighten the work load of the maintainers of the OpenMV project. To not waste their time lets layout some ideas to pursue so we can package the solution as a cohesive plan to send to the OpenMV team.
For users concerned with device security, the OpenMV cam has issues that are yet to be addressed. Thankfully we have a good community and im sure we can figure something out. Here are some issues I foresee trying to use OpenMV in a commercial environment.
Note: these issues are not really a OpenMV specific, its actually more related to the underlying framework on which OpenMV runs. This framework is called MicroPython
- Source Code is easily accessible, end users simply have to insert SD card in another machine
- bytecode compiler: mpy-cross and use that to compile .py files into .mpy bytecode files. This is more obfuscation, but probably enough to cause most to give up.
- Utilizing “read protection” Code here: GitHub - xyb/upy-stm-flash: MicroPython STM Read Protection Module This option seems viable. It is not 100% secure but nothing is, so don’t expect that. Here is a nice post about exploiting Read-Out Protection Exception(al) Failure - Breaking the STM32F1 Read-Out Protection | blog.zapb.de
- Hardware. Some sort of add-on shield? Maxim, Ti, and Freescale all have hardware to address IOT security. The amount of work required and cost to implement this probably isn’t feasible. Securing the OpenMV cam seems to be a niche topic at the moment
- STM32Trust, maybe a solution? More Info: STM32Trust - STMicroelectronics
- Network based approach. Have unprotected code that queries remote server on boot, pulls code to ram then executes. Is this even possible? Doesn’t really protect from dumping memory of the MCU. This seems to be related - YouTube See here also: https://www.st.com/resource/en/user_manual/dm00414687-getting-started-with-the-xcubesbsfu-stm32cube-expansion-package-stmicroelectronics.pdf Would this require an active internet connection for boot?
Doing “proper” security is hard and expensive. It appears that solutions are out there but the process has not yet been streamed lined.