1
\$\begingroup\$

I'm wondering if there is a state of the art method for securing a PCB with a microcontroller against copy and illegal distribution. For example the well known the flight controller SP racing F3 had big issues with illegal copies from China. As firmware updates were freely available, there was no chance to enforce their copyright, as it runs perfectly on the copies.

Is a factory hash on an external eeprom which is necessary to run the firmware, a good method to secure the PCB against illegal copies? Or are there better methods?

\$\endgroup\$
18
  • 3
    \$\begingroup\$ If you do it right, a secure microcontroller with encrypted firmware updates might be all you need. \$\endgroup\$
    – Jonathan S.
    Commented Dec 27, 2022 at 20:48
  • 2
    \$\begingroup\$ Of course there are MCUs that are powerful enough to do cryptography. There are even ones with crypto accelerator hardware. And "reverse engineering" in this context refers to "extracting the firmware". However, if such an encryption system is not implemented by a professional, it'll likely be very easy to bypass since every tiny mistake can render the entire system insecure. \$\endgroup\$
    – Jonathan S.
    Commented Dec 27, 2022 at 21:12
  • 3
    \$\begingroup\$ I would ask yourself how many of these boards do you intend on selling, are they going to be prevalent enough to make cloning worthwhile for a third party, how much you're willing to spend on making an anti-duplication system that works and is transparent to the end user, and if the cost of dealing with the inevitable headaches from deploying and maintaining the anti-duplication system make it worthwhile. \$\endgroup\$
    – vir
    Commented Dec 27, 2022 at 21:27
  • 4
    \$\begingroup\$ On the more esoteric side: it's a shame that most PCB-scale features correspond to frequency response in the 10s GHz. You could, for example, embed a trademarked logo into the board, in such a way that its EM response is distinctive, and can be authenticated by the hardware and firmware. This might be feasible for something like a wideband VNA. The trademark would then give legal standing for import restrictions or international suit. This is analogous to the Game Boy scanning for the trademark on startup. \$\endgroup\$
    – Tim Williams
    Commented Dec 27, 2022 at 22:07
  • 2
    \$\begingroup\$ @TimWilliams IIRC one of the gane console manufacturers (Nintendo?) tried that from the software side, the cartridge was required to contain their logo as a bitmap at the start of the ROM and this was displayed and validated at startup. Theory was this made it a trademark issue not a copyright one. IIRC they eventually lost on the grounds that it was a functional requirement for a cartridge in that system and thus not protectable except by patent! \$\endgroup\$
    – Dan Mills
    Commented Dec 28, 2022 at 19:26

1 Answer 1

Reset to default
4
\$\begingroup\$

There are several steps you can take to secure your PCB design from being reverse-engineered and copied. Every added security step will make it more difficult to copy your design, at some cost to you; there is no way to ensure the design is completely copy-proof. Furthermore, you will have to reveal some internal/secret details of your design to somebody, at some point -- somebody needs to actually manufacture it, after all. Somebody needs to write code for it.

A determined organization with an unlimited budget will always succeed in reverse-engineering your product. Your goal is really to make the reverse-engineering process unprofitable.

As such, here are some suggestions, generally listed in order of less-expensive to more-expensive.

  1. Packaging. Make it difficult for anyone to open the device; hidden latches, secret screws, short wiring harnesses, adhesives.
  2. Apply opaque conformal coating or potting to the PCB, to obscure the parts you've chosen.
  3. Etch or scrape the part numbers off of chips. They might know you're using an SOT-23, but which one?
  4. Design a 4+ layer board. Use blind or buried vias and internal signal lines.
  5. Design two separate boards connected by a header, card edge, or ribbon cable. Have each half made by two different manufacturers.
  6. Design a copy-protection subcircuit, e.g. some small microcontroller running an encryption algorithm to verify the board's authenticity to an external device.
  7. Assemble your board in-house. Keep your parts list a secret to everybody outside of your organization.
  8. Manufacture the PCB, or the entire device, in-house.

In my understanding, most intellectual piracy is the result of some trusted person spilling a secret. The fewer people who know your secrets, and the harder you make it for an outsider to figure them out, the less likely that you will be a victim of piracy.

Finally, a couple words of warning:

  1. The most successful designs in history have been the most hackable. Are you sure you want to go through all this effort to protect your work, if it means nobody's going to use it anyway? Most likely the early adopters will just pick a different device/tool/ecosystem entirely.

  2. Nothing's stopping anybody from stealing your idea. Is your design so revolutionary, and so creative, that anybody who sees your device can't just sit down and design their own? Is your work even patentable? Is it really worth the effort to obscure design details that aren't even necessary for the functionality of the final product?

\$\endgroup\$

Not the answer you're looking for? Browse other questions tagged or ask your own question.