Security & Access Control

This page summarizes the most relevant security and access control methods.

Storing of Sensitive Information

PX4 Logging

SDLOG_BACKEND controls where flight log data is written — to the FMU SD card, over MAVLink to the companion computer, or both. Note that on the Skynode S, SD card logging is unavailable and only logging on the companion side is possible. The content of the FMU SD card is unencrypted, while the companion computer is encrypted.

SDLOG_NO_POS_DAT allows position and GPS data to be excluded from logs entirely, which is useful in privacy-sensitive or operationally sensitive deployments where recording the vehicle's flight path is undesirable. Note that flight logs originating from flights with SDLOG_NO_POS_DAT are often missing crucial information for incident analysis.

PX4 Mission, Safe Points and Geofence Storage

SYS_DM_BACKEND controls the storage backend used by PX4's dataman module, which persistently stores operationally sensitive data including mission waypoints, mission state, geofence polygons, and safe points. Setting the backend to RAM rather than file means this data is never written to disk and is lost on power cycle, which can be desirable in deployments where residual mission data on the vehicle poses a security concern.

Skynode S does not have an SD card and thus the data is always only stored in RAM.

PX4 Secure Mode

The PX4 parameter COM_SEC_MODE_EN enables secure mode, which protects operationally sensitive information by automatically purging GCS-related data after landing. This includes deleting the Home position, mission, and land approaches, resetting the local position origin, and disabling the serial console — ensuring that details about the GCS location cannot be reconstructed from the vehicle after a flight.

Access Control

Production Image

Skynode releases ship with two image variants: a development image and a production image. On the production image, the MAVLink shell is password protected, the UART debug port is changed to read only, and parameter changes are blocked by default — the PX4 parameter MAV_PARAM_LOCK must be explicitly set to allow them. The development image has no such restrictions and is intended for integration and testing only; it should not be used in deployed vehicles.

PX4 Parameter Summary

Parameter Name

Values

Function

SDLOG_BACKEND

bit 0: FMU SD card bit 1: Companion computer

Selects where flight log data is written — FMU SD card, Companion computer (streamed over MAVLink), or both.

SDLOG_NO_POS_DAT

0: disabled 1: enabled

Excludes position and GPS data from flight logs.

SYS_DM_BACKEND

0: Default storage

1: RAM storage

Place to store Mission, Safe Points and Geofences. Default storage for Skynode X and N is the SD card, for Skynode S this parameter has no effect.

COM_SEC_MODE_EN

0: disabled 1: enabled

Purges GCS-related data after landing to protect operationally sensitive information.

MAV_PARAM_LOCK

0: Whitelist in restricted, full otherwise 1: Only whitelist 2: Full access

Prevents modification of parameters except for white-listed ones.

PreviousFrequently Asked Questions NextAuterion Apps

Last updated 14 days ago

hashtagStoring of Sensitive Information

hashtagPX4 Logging

hashtagPX4 Mission, Safe Points and Geofence Storage

hashtagPX4 Secure Mode

hashtagAccess Control

hashtagProduction Image

hashtagPX4 Parameter Summary