Flashkeeper
Write Protection on SOIC-8 flash chips without soldering
Firmware security projects such as Heads assume the firmware itself to be protected against tampering. Outside of proprietary solutions Boot Guard, partial write protection (WP) of the SPI flash chip (recently implemented by 3mdeb) is one solution. However, WP requires grounding the chip's WP pin, something that currently requires users to solder to the chip. As many users find this difficult, this has limited "retrofit" adoption of WP.
This project is developing Flashkeeper, a device that can be permanently installed on a common SOIC-8 flash chip. It attaches to the chip with a peel-and-stick layer and spring-loaded contacts or low-profile solder-down flex cable, interfacing with the SPI flash pins for easy write protection and external reprogramming (unbricking). For users concerned with physical attacks on their systems, for whom easy access to SPI flash pins may be seen as a risk, a variant including a microcontroller (MCU) is also being developed, allowing authenticated external reprogramming and WP control, and independently verifying the SPI flash image against a user-controlled signature each boot.
- The project's own website: https://dodoid.com/flashkeeper
Run by tlaurion(Insurgo), Dodoid
This project was funded through the NGI0 Core Fund, a fund established by NLnet with financial support from the European Commission's Next Generation Internet programme, under the aegis of DG Communications Networks, Content and Technology under grant agreement No 101092990.