The existing SDK is not designed with security in mind. We may however want to improve certain areas, and indeed offer a build setting to provide a hardened subset of functionality or additional behavior.
This will probably divide into separate issues (more to be added):
- Hardening of path to
main. The RP2350 bootrom takes great care on a secured chip to make it to the secure firmware safely, however things go down hill from there as there is no hardening of code run before main. This makes writing a truly secure app with the SDK tricky atm (though of course the runtime init can be customized).
The existing SDK is not designed with security in mind. We may however want to improve certain areas, and indeed offer a build setting to provide a hardened subset of functionality or additional behavior.
This will probably divide into separate issues (more to be added):
main. The RP2350 bootrom takes great care on a secured chip to make it to the secure firmware safely, however things go down hill from there as there is no hardening of code run beforemain. This makes writing a truly secure app with the SDK tricky atm (though of course the runtime init can be customized).