Are micro controllers like espruino or others usually unencrypted? thanks

Posted on Mon 30th, October 2023

• #1

ccchan

hi,
i am completely new to the MCUs.

just wanna ask are things at this level, are usually not encrypted?
because several years ago, some made a smart gun that help you to shoot.
it runs on android unencrypted.
someone found that one can take out the IC, and flash evil roms so that you think you are shooting the bad guy, indeep shoots the good guy.
their solution is to encrypt the rom.

i understand that NOT everything should/will be encrypted,
like i dont expect a CASIO calculator be encrypted (but it wont hurt if it is).
i am still exploring what espruino/bangle could do in my life
so i wanna ask this at the beginning.

yah, i am new to this world where 256KB RAM means a lot of RAM.

thanks

ref:
https://www.popsci.com/smart-rifle-software-can-be-hacked/
• #2

fanoush

In the use case you described it is not about encryption but about signed firmware updates or what is called 'secure boot' on PCs - system will not run unsigned kernel or drivers.

Nordic dfu bootloader can do signed firmware updates but we have it turned off, also it can prevent modification of bootloader by setting some part of flash memory read only before the application is started. It can also verify the application at each reboot that it was not modified.

If you would enable this you could sign your builds with your private key and only such signed builds could be uploaded to the device
• #3

ccchan in reply to @fanoush

good to know that,

if nordic dfu could provide some "secure boot"function,
then may be for processing sensitive information, i could handle it like
the bangle app "2fa auth watch" and "pin lock"?

then the situation just be similar to android before v4,
that the OS is ensured to be authenic by the boot lock,
and only the sensitive data is encrypted and handled by the app?

thanks
• #4

fanoush in reply to @ccchan

that the OS is ensured to be authenic by the boot lock,
and only the sensitive data is encrypted and handled by the app?

Well I see those two as unrelated but yes.

Anyway, to have the whole system 'authentic' you'd also need to check the bangleApps layer, Either the app install/upload needs to be restricted too (to some verified source) or every piece of javascript needs to be signed (like e.g in powershell).and checked on upload (or execution, but upload should be enough too - that would save storage and execution speed)

No mater how 'authentic' the system is some apps could support encrypted data, however I am not sure how practical it is in daily use.

Post a reply
- Bold
- Italics
- Link
- Image
- List
- Quote
- code
- Preview
Formatting Help

Don't worry about formatting, just type in the text and we'll take care of making sense of it. We will auto-convert links, and if you put asterisks around words we will make them bold.

Tips:

Create headers by underlining text with ==== or ----

To *italicise* text put one asterisk each side of the word

To **bold** text put two asterisks each side of the word

Embed images by entering:
![](https://www.google.co.uk/images/srpr/logo4w.png)
That's the hard one: exclamation, square brackets and then the URL to the image in brackets.

* Create lists by starting lines with asterisks

1. Create numbered lists by starting lines with a number and a dot

> Quote text by starting lines with >

Mention another user by @username

For syntax highlighting, surround the code block with three backticks:

```
Your code goes here
```
Just like Github, a blank line must precede a code block.

If you upload more than 5 files we will display all attachments as thumbnails.

For a full reference visit the Markdown syntax.

Are micro controllers like espruino or others usually unencrypted? thanks

About

Are micro controllers like espruino or others usually unencrypted? thanks

Actions

Are micro controllers like espruino or others usually unencrypted? thanks

Formatting Help

About

Are micro controllers like espruino or others usually unencrypted? thanks

Actions

Espruino