Security critical features:
- optional secure bootloader checking signatures on the firmware
- make sure that code and secrets are stored on internal flash, not QSPI (see dual_flash_storage branch)
- secure poweroff that erases all the secrets from RAM
- moving device secret to the very beginning of the flash or even to the bootloader
- smartcard integration for key storage
- add tests, fuzzing, catch random crashes
- optimize the code
Documentation:
- firmware protection instructions with tools from STM
Would be nice to add:
- Devkit (WIP)
- SD card support