Electronic – arduino – Securing code on an AVR/Arduino and delivering updates

arduinoavrencryptionreverse-engineering

  1. What is the best way to protect code flashed onto any AVR based device from reverse engineering?
  2. What is an easy way to provide updates to end users to flash on their own without disclosing the code? (Is it with a bootloader that decrypts an encrypted image?)

Don't flame me for promoting DRM, I am in favor of open platforms–I am just curious how this would work.

Best Answer

First:

There are fuses on the chip that can be set to prevent external tools from reading the code off the chip. Look for the protection fuses in your datasheet and/or programmer documentation.

It's not perfect, but it protects you from simple attacks.

Second:

You cannot download firmware securely. The AVR cannot self-program protected areas:

http://www.atmel.com/dyn/resources/prod_documents/doc1644.pdf

The best you might be able to do is to use an encrypted token language (such as basic, or forth) and have the interpreter protected on the chip with a bootloader that can program the encrypted tokens into an open area. When running, the chip would decrypt and execute the instructions on the fly.