Is there a way to protect whole Linux content to be read by 3rd eyes?

Hi,

We are using Verdin iMX8M-Plus with BSP6 for one of our products.

Whole image is written on internal eMMC and serial accesses or SSHs are disabled.
But whole eMMC chip on the module is still reachable externally.

Is there a way to protect the whole image content stored on the eMCC so that it cannot be read by 3rd persons?

Thank you.

Hi @Fide ,

Interessting topic.

For this I can recommend the following blog by @sergio.tx .

I think that is a good starting point. Maybe @sergio.tx can comment here as well :slight_smile:

Best Regards
Kevin

Well, to be honest I don’t need all those secure boot thing (HAB). I don’t need RSA encryption or signing my existing images.

I just want to make external eMMC content to be encrypted so that it can not be read by external parties. This is very a primitive, yet effective feature provided by almost every FPGA and MCUs.

The processor on the SoM has to support to burn a key which is not readable, let’s say 128bit symmetric AES key, that should be all. All data to eMMC should be encrypted and data from eMMC should decrypted automatically.

Hi @Fide !

We just got enabled some encryption kernel configs for TorizonCore, as you can see from this thread: USB storage encryption - #8 by jeremias.tx

Would it be something that helps your use case?

Best regards,

Hi Fide,
we at KOAN delivered ‘weak’ solutions as well as the strongest possible one (in this case using HAB).
Everything depends on how important is the protection level for you :wink:
– Marco

Hello @Fide ,

Were you able to solve your issue? Do you need more help on our side?

Best regards,
Josep