Recommendations for creating production build

PatrikB
Posts: 16
Joined: Tue Aug 07, 2018 7:43 pm

Recommendations for creating production build

Postby PatrikB » Sun Mar 10, 2019 10:23 am

Hi,

Browsed through the ESP-IDF documentation but couldn't find any specific part regarding recommendations for creating a production build. Our device will be used in a public environment where anyone can access it and easily steal it if wanted, so making it as hard as possible to reverse engineer, manipulate and replace the software would be good.

Some things that have come up,
Disable the serial debug message output from boot and application (ESP_LOG, printf and other ways that third party libraries may use to write to console)
Disable the debug output if device crashes
Disable the JTAG interface
Optimize the build

Later on,
Disable the possibility to upgrade via serial/JTAG
Disable the possibility to readout any part of the flash and decode it (Boot, application and NVS)
Only allow our software to run on the device and block tampering

I have found settings for most parts in the menuconfig, and also read about "Secure Boot & Flash Encryption". But it would be good to have a summary so nothing is missed.

https://docs.espressif.com/projects/esp ... -boot.html

Who is online

Users browsing this forum: Bing [Bot] and 378 guests