[U-Boot] secure embedded linux system
Mahendra Dobariya
mahendra_mahendra at hotmail.com
Fri May 30 14:15:13 CEST 2014
thanks for fast replying..I am using beaglebone black..I kindly request you to give some more detail if it is possible to secure BBB..its TI AM335X chip..please tell me if it is possible with this chip
Regards..
> To: mahendra_mahendra at hotmail.com
> CC: u-boot at lists.denx.de
> From: wd at denx.de
> Subject: Re: [U-Boot] secure embedded linux system
> Date: Fri, 30 May 2014 14:10:44 +0200
>
> Dear Mahendra,
>
> In message <BAY176-W29A41E1225FE7E1D2479B890270 at phx.gbl> you wrote:
> >
> > thanks for replying..I think , if I encrypt entire rootfs , and
> > embedded decryption key in uboot (at the time of compiling uboot)..it
> > can be protected ...what is your suggestion..?I have never work with
> > uboot..so that I need help to embedded decryption key to uboot to
> > load encrypted rootfs..best
>
> As I can read your U-Boot image on that hardware, I can also read
> your key, and then probably use it.
>
> Security is not so easy to implement. If an attacker can get physical
> access, you must make sure he cannot access your keys anyway. Usually
> this gets addresses in hardware - like TPM chips (where you cannot
> read the keys), or processors that support protected / encrypted boot
> modes. If your SOC does not have any such options, and neither does
> your board, then you lose.
>
> Viele Grüße,
>
> Wolfgang Denk
>
> --
> DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel
> HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
> Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd at denx.de
> Every program has at least one bug and can be shortened by at least
> one instruction - from which, by induction, one can deduce that every
> program can be reduced to one instruction which doesn't work.
More information about the U-Boot
mailing list