Security Settings

Security is an important consideration for gateways. In this demo, some security settings are open for configuration to facilitate custom development. It is recommended to modify the security settings.

Root password

The default password for the development board is tygw@SSD20x. To change the password, run echo root:password | chpasswd -m and replace the password with your own.

SSH

Enabling SSH can leave the system vulnerable to unauthorized access attempts and cyberattacks.

Open build/board/startup.sh and comment out dropbear -p 22 so that the system will not launch SSH on startup. To enable SSH again, run this command. You can edit -p <port number> to define a port.

Executable

The released executable should be striped. In this demo, the executable has been striped with pack.sh.

U-Boot

It is recommended to disable U-Boot when not in use.

You can run the following command to disable U-Boot.

nvram set persist.boot.enter off
nvram commit

You can run the following command to enable U-Boot.

nvram set persist.boot.enter on
nvram commit

Other recommendations

If your product is intended for commercial use, consider the following recommendations to enhance security.

• Deploy firmware updates via OTA using Tuya’s cloud service and validate the update file. Add and verify a custom signature.
• Remove the physical debug interfaces, such as JTAG and SWD. Take care of this when you design your PCB layout.
• Do not expose any sensitive data in logs, such as UUID, AuthKey, and password.
• Allow only Tuya’s services to use the local network port.
• Allow only Tuya’s services to access the device remotely.
• All network interaction data shall be uploaded to or downloaded from the server where the device is deployed, or the server in the country or region in compliance with applicable laws and regulations.
• Do not use local network services such as web server and Telnet.
• Do not include any hard-coded sensitive information in the firmware.