You are reading a single comment by @allObjects and its replies.
Click here to read the full conversation.
Espruino is a JavaScript interpreter for low-power Microcontrollers. This site is both a support community for Espruino and a place to share what you are working on.
@allObjects
@Eyzi, take a look at conversation about Security: not much to do... and worse, if there is easy way to access by wire connection...
There are two things:
Unfortunately, latter is more difficult than the first one.
Not accepting any content or command - javascript expression - that has run successfully through the local decryption by the public key is the only way to secure the Espruino device from executing unauthenticated / unauthorized activities, such as dumping through any communication channel...
Take a look at Microchip - Security ICs.
Espruino firmware would need a change to route all console input - input that does system control - through such a protective filter.
As Microchip has MCs w/ embedded security (SW or HW or both), so does ST have embedded security (SW). Licensing may be an issue, but I'm sure Espruino could be modified in order to enable / include it... Experience though says that code and execution memory are a factor and both are already tight... Porting a security considerate version of Espruino on a STM32 chip with built-in HW security features could be the next step...