thanks for replying..I think , if I encrypt entire rootfs , and embedded decryption key in uboot (at the time of compiling uboot)..it can be protected ...what is your suggestion..?I have never work with uboot..so that I need help to embedded decryption key to uboot to load encrypted rootfs..best regards.Mahendra
To: mahendra_mahendra@hotmail.com CC: u-boot@lists.denx.de From: wd@denx.de Subject: Re: [U-Boot] secure embedded linux system Date: Fri, 30 May 2014 11:40:43 +0200
Dear Mahendra Dobariya,
In message BAY176-W171CCC856593BA0F7380DC90240@phx.gbl you wrote:
hello,,I am from India.I am electronics hobbyist.currently I am using beaglebone black in my project.and I am afraid of security of linux systemits quite easy to copy or modify data from linux system if it has physical access.lets say ,I have BBB , and I boot it from external device(like external mmc ). and mount internal emmc then modify shadow file. and then boot from internal Emmc. now I will get root access , and I can modify anything on the system.
If you cannot prevent physical access, you cannot prevent one from taking full control over your hardware. If needed, I'll attach a JTAG debugger and run my own version of U-Boot that circumvents all security measures you installed in yours.
Best regards,
Wolfgang Denk
-- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de There are three things I always forget. Names, faces - the third I can't remember. - Italo Svevo