Is there a way to protect whole Linux content to be read by 3rd eyes?

Hi,

We are using Verdin iMX8M-Plus with BSP6 for one of our products.

Whole image is written on internal eMMC and serial accesses or SSHs are disabled.
But whole eMMC chip on the module is still reachable externally.

Is there a way to protect the whole image content stored on the eMCC so that it cannot be read by 3rd persons?

Thank you.

Hi @Fide ,

Interessting topic.

For this I can recommend the following blog by @sergio.tx .

I think that is a good starting point. Maybe @sergio.tx can comment here as well :slight_smile:

Best Regards
Kevin

Well, to be honest I don’t need all those secure boot thing (HAB). I don’t need RSA encryption or signing my existing images.

I just want to make external eMMC content to be encrypted so that it can not be read by external parties. This is very a primitive, yet effective feature provided by almost every FPGA and MCUs.

The processor on the SoM has to support to burn a key which is not readable, let’s say 128bit symmetric AES key, that should be all. All data to eMMC should be encrypted and data from eMMC should decrypted automatically.

Hi @Fide !

We just got enabled some encryption kernel configs for TorizonCore, as you can see from this thread: USB storage encryption - #8 by jeremias.tx

Would it be something that helps your use case?

Best regards,

Hi Fide,
we at KOAN delivered ‘weak’ solutions as well as the strongest possible one (in this case using HAB).
Everything depends on how important is the protection level for you :wink:
– Marco

Hello @Fide ,

Were you able to solve your issue? Do you need more help on our side?

Best regards,
Josep

Not really, I was expecting to have some clear instructions from Toradex :slight_smile:
Do you have any plan to prepare one soon? Or shall we look for our own way?

Thank you.

Hello @Fide ,
I have asked internally about this topic. I will keep you updated here.

Best regards,
Josep

1 Like

Hello @Fide ,
At the moment we don’t have any ready-made documentation on this topic.
NXP has an application note where they explain how to use Linux’s encryption support with HW acceleration.
https://www.mouser.com/pdfDocs/AN12714.pdf

Hope that this helps

Best regards,
Josep

1 Like