I've thought about some similar issues a while back but, don't have many ideas.
But, you are talking about using one of the standard linux encrypted OS features to protect the root partition. you'll basically need an encrypted FS for your root file system. (easy) getting the crypto keys to the kernel in anything close to a secure manner will be interesting to see done. (hard. You don't have a trusted u-boot.) Further you don't have a trusted kernel. (also hard ) Storing the crypto keys for the file system is also an interesting question. Basically you want to have your encrypted FS not decrypt for anything but a trusted uboot and kernel. I.e. only trusted (as defined by the FS) kernels and maybe boot-loaders should be allowed to decrypt the FS. I'm not sure how such a beast could be created without some sort of trusted execution environment which I don't think exists on the beagle bone. --mark On Tue, Jul 17, 2012 at 6:09 AM, sodjas <[email protected]> wrote: > Hi Guys! > > I imagine this topic not to be like an exact problem or a question but > have a constructive brain storming and gather ideas how to protect micro SD > based Android installations like ones on Beagleboard and Beaglebone > platform. > > The keywords could be: platform security, integrity check, secure u-boot. > > The main topics to brainstorm on could be: > 1 How to protect the micro sd so that the Android OS and its root > filesystem can't be fetched with a simple are reader > 2 How to extend or use alternatives for u-boot to check kernel and root > filesystem integrity > 3 Is there an alternative for Beagleboard-like firmwares to store a > compressed/encrpyted instance of firmware instead of having a plain root > filesystem readable by everyone > > Any comments from more experienced fellows are welcome. I'd for this topic > to cover a wide spectrum how to protect your system even if you have a > micro SD based platform. > > Best Regards, > Zoltan > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/android-security-discuss/-/6poe9eu6CZsJ. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > -- create interesting things. -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
