himkiet
Posts: 30
Joined: Sat May 14, 2016 9:14 am

Make SD Card Read and Write Protected

Fri Mar 31, 2017 5:30 am

1) I am working on a project on RPI. Once I finished my all stuff, I want my SD card to be properly locked. so that no one is able to read and write on SD card just like we locked other small microcontrollers(avr/pic).Please help to do that.
2) I am generating logs in my code using logging library, will I be able to write logs if my SD card is write/read protected.

User avatar
rpdom
Posts: 16100
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 5:42 am

himkiet wrote:1) I am working on a project on RPI. Once I finished my all stuff, I want my SD card to be properly locked. so that no one is able to read and write on SD card just like we locked other small microcontrollers(avr/pic).Please help to do that.
The Pi is a computer, not a microcontroller. Things work differently.
If you make the card read protected so no one can read the contents, the Pi won't be able to read it either and won't work.
2) I am generating logs in my code using logging library, will I be able to write logs if my SD card is write/read protected.
No, you can't write to a write-protected card, obviously.
There are various instructions out there for using the card in read only mode and writing the log files to temporary areas. You will lose them if the power goes.

himkiet
Posts: 30
Joined: Sat May 14, 2016 9:14 am

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 6:00 am

Thanks for the reply.
My objective is no one be able to steal my code or make modifications to the code. What should I do to protect my code from stealing and make changes into the code.

User avatar
rpdom
Posts: 16100
Joined: Sun May 06, 2012 5:17 am
Location: Chelmsford, Essex, UK

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 6:06 am

Put the card in the Pi and cover the card and socket in epoxy glue. Or seal it into a case. You won't get better than that.

Basically, if someone has physical access to your Pi and its SD card, all bets are off. There is no security at that level. The Pi was designed for people to learn to program on. It wasn't designed to be locally secure.

himkiet
Posts: 30
Joined: Sat May 14, 2016 9:14 am

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 6:19 am

So, Is there any way we can make only code read/write protected if someone uses RPI for product development?

User avatar
allfox
Posts: 452
Joined: Sat Jun 22, 2013 1:36 pm
Location: Guang Dong, China

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 6:25 am

I guess a label with "warranty void if take the Micro SD out of the case" would threaten some people away. Those still take the card out are determined, and when given time, could break in any consumer grade device.

So we need lawers.

W. H. Heydt
Posts: 11472
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 6:30 am

Besides the points that have been brought up, unless you are writing your code from scratch--and possibly your tool chain as well (it's been debated...)--you may not be able to *legally* conceal all of it. If you are using one of the relatively standard OSes (Raspbian or another flavor of Linux), you risk being subject to GPL licensing.

At the physical level, you'd probably be better off using a Compute Module (CM), either a CM1 or a CM3 (the CM3L would present you with the problems you have now). At least that way, the non-volatile storage is physically part of the module, not a removable device.

All of this begs the question, though...what makes you think that your code is of sufficient value that someone might wish to steal it?

himkiet
Posts: 30
Joined: Sat May 14, 2016 9:14 am

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 7:18 am

I am developing a prototype using raspberry pi, If we go for product development or production we need to think how we can secure our code from reading/writing.

Looking into this---
http://stackoverflow.com/questions/5593 ... linux-unix
If I changed file permission to chmod 000 filename, then the only root can access it, what should I do so that no one should be able to change the permissions of the file?

Heater
Posts: 14444
Joined: Tue Jul 17, 2012 3:02 pm

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 7:38 am

Root permissions do not help you.

If I have a Pi with your code on it's SD I can simply take the SD card out, pop it into my Linux running PC and read whatever I like.

Basically if I have physical access to the Pi I can do what I like.

You could put me off a bit by encasing the whole thing in epoxy resin or some such. But if you have a product of any value and I want to copy it I might find the time to dig the SD out of there.

I think the best idea is to use a micro-controller that has on board FLASH and fuse bits that can be blown to stop anyone reading or writing the content. If your code is too big to fit on such a device, I have no idea what is available now a days, then just put the valuable code on the micro-controller, link that to a Pi running the lesser code.
Memory in C++ is a leaky abstraction .

i486
Posts: 172
Joined: Sun Aug 28, 2016 3:41 pm
Location: BG

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 7:47 am

You can lock the card with password. But the problem is that SD protocol is not encrypted and it is easy to sniff and catch the password. Your software will be protected against non-expert users (hackers).

Heater
Posts: 14444
Joined: Tue Jul 17, 2012 3:02 pm

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 8:35 am

i486,

By "hackers" I guess you mean anyone who can google for something like "sd card password protection" and immediately find a dozen articles describing in a few simple steps how to get the password off an SD card. For example:

http://ccm.net/faq/4154-lost-password-to-microsd-card

Also I was wondering how a Pi could boot from such a password protected card. It has no place to st the password.
Memory in C++ is a leaky abstraction .

i486
Posts: 172
Joined: Sun Aug 28, 2016 3:41 pm
Location: BG

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 9:08 am

Heater wrote:i486,

By "hackers" I guess you mean anyone who can google for something like "sd card password protection" and immediately find a dozen articles describing in a few simple steps how to get the password off an SD card. For example:

http://ccm.net/faq/4154-lost-password-to-microsd-card

Also I was wondering how a Pi could boot from such a password protected card. It has no place to st the password.
No. By hackers (low qualified) I mean someone who want to remove the password but is not able to connect to SD card pins and store SD protocol commands to catch the password. Your link is for other kind of smartphone "password" at user level. The SD card can be password protected for read and write access. Without the password you can only erase it, but cannot access the data. It is another question where will be stored the password and how will be protected...

About booting - it cannot be done from such protected card. But Pi3 can boot from USB, then unlock the card. Once again, such protection is only for non-expert users or pseudo-hackers which "work" mainly with Google. My answer is for R/W protection of SD card, not strong solution for copy protection.

Similar topic:
viewtopic.php?f=63&t=158423

User avatar
CarlRJ
Posts: 599
Joined: Thu Feb 20, 2014 4:00 am
Location: San Diego, California

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 9:30 am

himkiet wrote:1) I am working on a project on RPI. Once I finished my all stuff, I want my SD card to be properly locked. so that no one is able to read and write on SD card just like we locked other small microcontrollers(avr/pic).
It sounds like you didn't do proper research in the requirements analysis phase of your project to find out whether or not the Pi fit your use case before starting to write code. Your question is a bit like saying, "I've finished developing my submarine project around this boat, now I just need the boat to go underwater, how do I do that?" The Pi is not like the microcontrollers you mention - those were designed for use inside commercial products, with capabilities oriented towards the needs of companies that develop such products. The Pi was designed specifically for education, an environment where peeking inside of everything to see how it works is not just possible, it's one of the goals. So it doesn't have the kinds of protections you seek.
himkiet wrote:2) I am generating logs in my code using logging library, will I be able to write logs if my SD card is write/read protected.
The only sure way to make your SD card read/write protected is to smash it repeatedly with a hammer. You won't be able to write anything to it after that. As others have said, the only way to keep people out of the Pi is to physically seal it up in a container of some sort (and turn off all networking services). But if someone is sufficiently motivated to get your secrets, and has physical access, they will eventually work out how to open the container no matter what you do. How valuable are your secrets, really?

Heater
Posts: 14444
Joined: Tue Jul 17, 2012 3:02 pm

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 9:44 am

i486,

Do you have any links describing the SD card read protection you mention? I can't for the life of me find any.
Memory in C++ is a leaky abstraction .

i486
Posts: 172
Joined: Sun Aug 28, 2016 3:41 pm
Location: BG

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 10:51 am

Page 34 (4.3.7 Card Lock/Unlock Operation):

http://users.ece.utexas.edu/~valvano/EE ... r_Spec.pdf

"Note that unlocking is done only for the current power session. As long as the PWD is not cleared, the card will be locked automatically on the next power up."

Heater
Posts: 14444
Joined: Tue Jul 17, 2012 3:02 pm

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 11:07 am

Cool, thanks.

Now I can't find a way to use that feature from Linux. Except this https://www.embeddedarm.com/software/ar ... d-security
which seems to a commercial offering.
Memory in C++ is a leaky abstraction .

i486
Posts: 172
Joined: Sun Aug 28, 2016 3:41 pm
Location: BG

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 11:14 am

I found this - hope it will run under Linux:

http://www.bertold.org/sdtool/

Note that the type of SD reader is important. Most cheap readers and some Laptop internal readers are connected over USB and cannot do this operation.

himkiet
Posts: 30
Joined: Sat May 14, 2016 9:14 am

Re: Make SD Card Read and Write Protected

Fri Mar 31, 2017 11:21 am

Is it possible to get some protection if we use on board EMMC storage rather than using an SD card ?

User avatar
DougieLawson
Posts: 37092
Joined: Sun Jun 16, 2013 11:19 pm
Location: Basingstoke, UK
Contact: Website Twitter

Re: Make SD Card Read and Write Protected

Sat Apr 01, 2017 6:48 am

himkiet wrote:Is it possible to get some protection if we use on board EMMC storage rather than using an SD card ?
Yes and no.

Yes, because it's not physically possible to remove the hardware. The compute modules are designed for industrial applications where folks don't want to faff about with SDCards and want to remove some of the risk of root filesystem failure. They are not designed for high security.

No, because the RPis with EMMC are the CM1 or CM3 compute modules and there's a very high probabilty that when I insert that into my compute module developer kit I'll be able to read and steal all of your secrets (in just the same way that I can steal your secrets from an SDCard). So physical security becomes ever more important than logical security.
Note: Having anything humorous in your signature is completely banned on this forum. Wear a tin-foil hat and you'll get a ban.

Any DMs sent on Twitter will be answered next month.

This is a doctor free zone.

W. H. Heydt
Posts: 11472
Joined: Fri Mar 09, 2012 7:36 pm
Location: Vallejo, CA (US)

Re: Make SD Card Read and Write Protected

Sat Apr 01, 2017 5:42 pm

DougieLawson wrote:
himkiet wrote:Is it possible to get some protection if we use on board EMMC storage rather than using an SD card ?
Yes and no.

Yes, because it's not physically possible to remove the hardware. The compute modules are designed for industrial applications where folks don't want to faff about with SDCards and want to remove some of the risk of root filesystem failure. They are not designed for high security.

No, because the RPis with EMMC are the CM1 or CM3 compute modules and there's a very high probabilty that when I insert that into my compute module developer kit I'll be able to read and steal all of your secrets (in just the same way that I can steal your secrets from an SDCard). So physical security becomes ever more important than logical security.
A CM3L with the eMMC on the carrier would prevent the "move the CM to a CMIO board" route. Since such a carrier could be designed without a way to program the eMMC (and least after the board leaves the factory) it would afford *some* physical protection. The logical/software route in is a whole 'nother kettle of fish.

As previously noted...it really comes down to how much time and expense is it worth to "secure" whatever code has been written, and that--in part--depends on how much of the device in question is really software and how much is hardware. At the very least, the software will be under copyright (that is automatic these days under the Berne Convention, but--at least in the US--you need to register the copyright in order to have a big stick if you sue someone for violating it). Hardware designs, if they fall within the rules, can be patented--but that requires disclosing the design in the patent application. In any case, it can all be held as trade secrets, but if it gets revealed in a legal manner, the trade secret goes "Poof!" and the device is unprotected. That's not a genie you can put back in the bottle, though many companies have tried.

And even *if* all protection measures are taken, and no one succeeds in breaking in, the whole device could still be subject to "clean room" reverse engineering. Ultimately, the real answer is: How much money is someone willing to devote to duplicating the device? The developer/manufacturer is attempting to make that cost higher than any reward that could be reaped by doing so. However, even then, devoted amateurs can throw enough *time* at the effort to break in/reverse engineer/whatever and make all the protections moot.

UF_DoC
Posts: 49
Joined: Wed Jul 01, 2015 9:00 am

Re: Make SD Card Read and Write Protected

Mon Apr 03, 2017 8:54 am

What programming language is your code written in?

Return to “General discussion”