• @Eyzi, take a look at conversation about Security: not much to do... and worse, if there is easy way to access by wire connection...

    There are two things:

    1. securing the transmission between Espruino device and other devices
    2. securing the Espruino device

    Unfortunately, latter is more difficult than the first one.

    Not accepting any content or command - javascript expression - that has run successfully through the local decryption by the public key is the only way to secure the Espruino device from executing unauthenticated / unauthorized activities, such as dumping through any communication channel...

    Take a look at Microchip - Security ICs.

    Espruino firmware would need a change to route all console input - input that does system control - through such a protective filter.

    As Microchip has MCs w/ embedded security (SW or HW or both), so does ST have embedded security (SW). Licensing may be an issue, but I'm sure Espruino could be modified in order to enable / include it... Experience though says that code and execution memory are a factor and both are already tight... Porting a security considerate version of Espruino on a STM32 chip with built-in HW security features could be the next step...

About

Avatar for allObjects @allObjects started