Re: [U-Boot] secure embedded linux system

30 May 2014


      Dear Mahendra,
In message BAY176-W29A41E1225FE7E1D2479B890270@phx.gbl you wrote:
...
thanks for replying..I think , if I encrypt entire rootfs , and
embedded decryption key in uboot (at the time of compiling uboot)..it
can be protected ...what is your suggestion..?I have never work with
uboot..so that I need help to embedded decryption key to uboot to
load encrypted rootfs..best
As I can read your U-Boot image on that hardware, I can also read
your key, and then probably use it.
Security is not so easy to implement.  If an attacker can get physical
access, you must make sure he cannot access your keys anyway.  Usually
this gets addresses in hardware - like TPM chips (where you cannot
read the keys), or processors that support protected / encrypted boot
modes.  If your SOC does not have any such options, and neither does
your board, then you lose.
Viele Grüße,
Wolfgang Denk
-- 
DENX Software Engineering GmbH,     MD: Wolfgang Denk & Detlev Zundel
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de
Every program has at least one bug and can be shortened by  at  least
one instruction - from which, by induction, one can deduce that every
program can be reduced to one instruction which doesn't work.