Disable USB reflashing

[codekrolik2]

Hello guys, I'm working on a project to build a security token based on Thumby (RP2040 based) - a password manager.

I put together a PlatformIO project (early stage WIP, https://github.com/flower-org/phraser/), and encountered an interesting issue.
There is this software called picotool, and if RP2040 is connected to a computer via USB, this tool can send some commands and rewrite firmware on RP2040 via USB, no user action required. It's a part of PlatformIO, and I learned about it when I started using PlatformIO.
This makes it very dangerous to implement any security-related features, in situation when USB re-flashing functions are enabled on hard/firmware. I tried to reach out to picotool team, but they don't provide support for PlatformIO (more info on that here: raspberrypi/picotool#215)
They suggested changing some defines in my code, but it didn't work for me, see details in the issue above.

Would you be able to help me with this?
My goal is to make sure that the function of re-flashing RP2040 by USB is disabled in my release build, because keeping it enabled makes any usb-connected security application easily hackable and super-unsafe. I was wondering if you could give me a hint on how I can achieve that.
Thank you in advance!

[dquadros]

Long story short, you can't really disable loading new software on the RP2040, and that is by design. Like they said in the picotool issue, this feature was put in the RP2350, so you should move to a hardware based on it.

[maxgerhardt]

This was also cross posted from maxgerhardt/platform-raspberrypi#95