Using of Watchdog to secure the firmware

Hi Zerynth Support Team!

I’m trying to secure my firmware in Zerynth.
What we want is that all code we develop needs to be secure against copying to another device and also against disassembly.

In Zerynth Docs2.4.2, I see that watchdog feature can support the securing the firmware.
https://docs.zerynth.com/latest/official/core.zerynth.stdlib/docs/official_core.zerynth.stdlib_sfw.html#watchdogs-for-esp32-devices

I have already checked an watchdog example supported by Zerynth Studio IDE, but no matter how much I look at it, there seems nothing else than the feature to restart the board at a certain time by program. I couldn’t find anything related to detecting any illegal device tampering.

Zerynth guide says this sample code can be imported to any customized firmware to secure the firmware.
However, I’m really not sure how can I apply this sample code to my firmware to secure the firmware.
So I want to know if the using of the watchdog is really a good solution for our idea of securing the firmware and how to apply it if that’s possible.

I hope you’ll get back to me soon.

Thanks in advance.
Anatoli.

Hi @Anatoli_Juny
All Secure-Firmware-enabled-VM have two features by default, Bytecode integrity check and Watchdog implementation.
The Bytecode integrity check detects firmware tampering.
The watchdog timer detects and recovers from software malfunctions and errors.

However, You’re referring to prevention of firmware access or tampering, like the encryption of the VM and the compiled code for example.
If you need those features, Feel free to ask the Sales team, These features could be developed and customized for your project.

If you have further questions, feel free to ask.

Hi @karimhamdy1

Thanks for your reply.
So are you saying that it’s not possible to implement the secure firmware feature we want using Bytecode integrity or watchdog timer?
If so, could you offer another alternative for secure firmware?
And I’m not sure the meaning of the firmware tampering?
I want to know if the bytecode integrity check can be a good choice to prevent all illegal access to the firmware.

Frankly speaking, I have already contacted Zerynth sales team. However, I didn’t get any satisfied solution from them.
What do you think?

Anatoli.

Hi @Anatoli_Juny

Typically when a device is shipped, any firmware or data is stored in the SPI flash connected to the Micro-controller.
Since typically flashes are external to the SoC, a sufficiently inclined person could read the contents of this flash if she so desires for their benefit. What’s more, the contents could also be modified or edited to affect the flow of execution.
Simply, tampering means access to the firmware on the device (compiled code), reading the firmware or editing it.
Which would enable them to do a lot of things including making a copy of your product basically.

If you want to prevent all illegal access to the firmware Then you need to use features to prevent firmware access, tampering and secure your product.
Features such as Firmware encryption, One time programming …
These features could be developed by the Zerynth development team for you at low cost fee.

What kind of product/project are you working on? :smile: