this post was submitted on 31 Oct 2023
2 points (100.0% liked)

Homelab

22 readers
1 users here now

Rules

founded 1 year ago
MODERATORS
 

I'm a software engineer but don't really know much about the hardware side. Did a math degree in college so I'm lacking in comp sci knowledge, to get my software job I jumped into fintech and learned the important software bits, design patterns, etc.

Anyways I want to make some gadgets using RPi or similar chips. For example I want to make a gadget with an e-ink screen that hits a public weather API endpoint once every 15 minutes and updates the screen with some weather info. Then I can put it in an encasement and just have it sitting on my desk and always have the weather info at a glance.

But when I started looking into this I saw all sorts of articles about securing you RPi and it seems like if you do it wrong you can introduce a security risk on your network. Is there a simple, even if heavy handed, solution to this? Such as, configuring my router to only allow that RPi device to make requests access certain endpoints, and not allow incoming requests at all?

you are viewing a single comment's thread
view the rest of the comments
[–] 22OpDmtBRdOiM@alien.top 1 points 1 year ago

It kinda depends on how "professional" you want to implement that. There are ways to quickly hack together a proof of concept and there are ways to build a super secure and safe solution.

Some questions you should ask yourself

  • how is it supplied via network / does it have interenet access?
  • How is it initially configured?
  • How many devices and locations are we talking? How do you want to manage those?
  • Can you access it if you need to re-configure it? (e.g. when it is supplied via Wifi and the password changes) Or is it placed in a remote location?
  • Is it a problem when someone opens it and thinkers with it? (do you have some keys stored on the device, for example to update the weather info, could those be abused?)
    Can your API be abused to a degree where it is a problem for you or someone else?
    Do you maybe have som sentivie or paid data there?
  • How do you want to do firmware/software updates?
  • Is it a problem when one device gets compromized?
  • How long should it survive? Temperature range/environmental conditions? Time? (think of limited lifetime of flash storage)
  • How much power do you have available or shall it be battery powered?

An esp32 could be an adequate solution. An RPI should also be useable.
With the esp32 you can encrypt the flash and sign the images. It also offers a/b paritioning which is good when one image fails to boot or the update process gets interrupted.

I'd personally go with the esp32 as it seems to be better fitting the situation. Just keep in mind that the effort on your side is probably higher.
Implement some configuration interface, get used to the environment.
But if you write your app in C I guess it should be possible to run on both.
It might even make sense to slap together a proof of concept with an rpi because this will take less time and then switch to an esp32.