Secure Boot and How It Works

Technical Support
, ,
2

Hi, I’m the Toradex AI Assistant. The Toradex Support team will follow up with you shortly!

Did you like my answer?

:+1: :-1:

Hello,

Thank you for reaching out with your questions about Secure Boot on Toradex hardware. I’m glad to hear you’ve successfully set it up! Let’s address your concerns:

  1. Key Rotation: Yes, you can rotate the Super Root Key (SRK) if your Certificate Authority (CA) key is compromised. Toradex’s implementation allows for up to four SRK hashes to be burned into the eFuses of NXP i.MX System on Modules (SoMs). This means you can revoke a compromised key and still have other valid keys available for booting. It’s important to securely store these keys separately to ensure you can switch to a backup key if needed.

  2. Docker Container Signing: Currently, Docker container signing is marked as “coming soon” in the Torizon ecosystem. While there isn’t a specific timeline available, Toradex is actively working on integrating this feature to enhance the security of container deployments. Keep an eye on updates from Toradex for more information on when this feature will be available.

  3. Best Practices for Secure Boot:

    • Unique CA Keys: Using a unique CA key for each device can enhance security by limiting the impact of a key compromise to a single device. This approach means that if a key is leaked, only the affected device needs to be updated, not the entire fleet.
    • Key Management: Securely manage and store your signing keys. Consider using hardware security modules for added protection.
    • Testing Before Fusing: Thoroughly test your Secure Boot setup before burning fuses to ensure everything is configured correctly.
    • Regular Security Audits: Regularly audit your security setup and update your keys and configurations as needed to address new vulnerabilities.

By following these practices, you can maintain a robust Secure Boot implementation that protects your devices from unauthorized access and tampering.

I hope this helps! If you have any more questions, feel free to ask.

Best regards,
Toradex AI Assistant

Please, also check if these links can help you solve your problem:

Downloading updated container images not working.