On Thu, 2016-01-14 at 16:44 -0800, Jonathan Ross wrote: > If I am running debian off the emmc, and give a board to someone > else, is there a way of locking down access to the emmc so that my > filesystem is not easily readable to them? > I'm thinking of the situation of inserting a microSD and booting off > that, then mounting the emmc. At that point they have access to my > private keys that are stored on the emmc. > Or is the BBB inherently unprotected regarding physical access to the > board and I need to figure out a better method for key access than > storing the keys locally? > JR > --
Interesting questions... As a hobbyist geared board, yes the BBB is inherently open-by-design so if your threat model includes a physical hardware hacker, she will have access to pretty much everything on there. You could probably go the route of making a LUKS container for part of the file system and then distributing the key out of band. If you are protecting keys (small number of files, possibly one file) you could GPG encrypt that file and then transmit the BBB. GPG has a symmetric key option if your recipient doesn't have a GPG public key. I had looked into using the EEPROM on the BBB to store some very small data (a key split/share). You need to electrically clear the WP pin though but it is locked by default. Unless of course, you are considering the hardware hacker and physical access. Basically, when you let the BBB leave your sight I think you'd have to assume that worst case somebody has copied/tampered with it. But, if you had a LUKS container/GPG encrypted file, then *that* would still be ok as the attacker wouldn't have the key. But... if that's the case you'd probably be better off just sending your recipient an encrypted message (GPG/OTR/Tor Chat/etc...). A chip, like a TPM, is supposed to measure your boot process to ensure that it has not been modified. Then, you could unlock keys only if it has booted correctly. I made a cape that has this ( https://www.sparkfun.com/products/12773) but you need to get a different uboot that includes TPM support. Of course, somebody can just change out your MLO b/c the ROM on the AM3358 just boots that fixed address w/o any signature checking (this version of the AM3358 that is...). Anyway, those are some of my ramblings. I don't know if you liked any of the answers :) -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
