Nick Sayer 10/23/2017 at 00:58

I've gotten a finalized case design teed up. Recall that the major reason for putting Orthrus in a case (beyond aesthetics and protection) is to isolate the ERASE pin of the controller. If you load the firmware in and set the security bit in the GPNVM register, there should be no way to compromise the firmware with access only to the available external interfaces (the button, the USB port and the two SD card slots). The only avenue is to short the ERASE jumper and load new firmware with SAM-BA (or the SWD port).

To effect this, the case itself has to have barriers in place behind or around any openings in the case to prevent someone trying to fish a wire in. The case as currently designed is in 3 1/8" layers and one 1/16th inch layer. The thinner layer is the layer where the board sits, and is exactly the same thickness as the board. The layer immediately above the board is equipped with "dams" around the button, USB and SD card receptacles. Unless an attacker could damage those features without it being visible (which would be incredibly difficult for acrylic), then the interior of the board should be virtually airtight as long as the layers remain securely stacked. This is because the interior walls will sit exactly between the surface of the board and the top layer.

To insure that, a pair of FIPS 140 holographic security seals will be placed on opposite corners wrapping from the top to bottom. As long as you know the serial numbers of the seals remain unchanged, you can be sure that no one has replaced the firmware.

Unfortunately, to make this all work, I've had to move a handful of components on the board, so another revision will have to be made to go along with the new case. The case will be made available on Tindie as soon as these new boards come back from the fab (likely late this week). The case will add $25 to the cost. To facilitate field firmware updates, replacement security seals will be available for $3 a pair.