Well, to be honest I don’t need all those secure boot thing (HAB). I don’t need RSA encryption or signing my existing images.
I just want to make external eMMC content to be encrypted so that it can not be read by external parties. This is very a primitive, yet effective feature provided by almost every FPGA and MCUs.
The processor on the SoM has to support to burn a key which is not readable, let’s say 128bit symmetric AES key, that should be all. All data to eMMC should be encrypted and data from eMMC should decrypted automatically.
Hi Fide,
we at KOAN delivered ‘weak’ solutions as well as the strongest possible one (in this case using HAB).
Everything depends on how important is the protection level for you
– Marco
Hello @Fide ,
At the moment we don’t have any ready-made documentation on this topic.
NXP has an application note where they explain how to use Linux’s encryption support with HW acceleration. https://www.mouser.com/pdfDocs/AN12714.pdf