Hi,
Browsed through the ESP-IDF documentation but couldn't find any specific part regarding recommendations for creating a production build. Our device will be used in a public environment where anyone can access it and easily steal it if wanted, so making it as hard as possible to reverse engineer, manipulate and replace the software would be good.
Some things that have come up,
Disable the serial debug message output from boot and application (ESP_LOG, printf and other ways that third party libraries may use to write to console)
Disable the debug output if device crashes
Disable the JTAG interface
Optimize the build
Later on,
Disable the possibility to upgrade via serial/JTAG
Disable the possibility to readout any part of the flash and decode it (Boot, application and NVS)
Only allow our software to run on the device and block tampering
I have found settings for most parts in the menuconfig, and also read about "Secure Boot & Flash Encryption". But it would be good to have a summary so nothing is missed.
https://docs.espressif.com/projects/esp ... -boot.html
Recommendations for creating production build
Who is online
Users browsing this forum: Bing [Bot] and 378 guests