Encrypting data at rest in Particle Flash/EEPROM and external FRAM

I couldn't find a topic on securing data at rest on edge devices on the forum.

Is there a best practice for encrypting data before writing to external FRAM or B/MSoM EEPROM memory regions?

I am concerned about someone dumping the FRAM and possibly the BSoM.

Harley

The EEPROM on the B-SoM is actually just a file on the flash file system, so it's more generic problem. And making the data on the device secure is a tricky problem when the device is not in a physically secure location.

This isn't specific to Particle devices; if you encrypt the data in a file or external chip, you need to put the encryption key somewhere. And unlike using a PIN or biometrics to unlock, like a phone, presumably you will be using the Particle device not always in the presence of its owner to unlock it.

There are various features like Device Protection for Particle devices that can make the device more secure by disabling SWD/JTAG, USB, and BLE configuration, for most common scenarios, however.