Thanks for the ramblings! Sounds like a PITA to secure against physical access. I'll have to put my thinking cap on. I'm just (rightfully) paranoid about private keys.
On Thursday, January 14, 2016 at 5:05:29 PM UTC-8, Joshua Datko wrote: > > On Thu, 2016-01-14 at 16:44 -0800, Jonathan Ross wrote: > > If I am running debian off the emmc, and give a board to someone > > else, is there a way of locking down access to the emmc so that my > > filesystem is not easily readable to them? > > I'm thinking of the situation of inserting a microSD and booting off > > that, then mounting the emmc. At that point they have access to my > > private keys that are stored on the emmc. > > Or is the BBB inherently unprotected regarding physical access to the > > board and I need to figure out a better method for key access than > > storing the keys locally? > > JR > > -- > > Interesting questions... > > As a hobbyist geared board, yes the BBB is inherently open-by-design so > if your threat model includes a physical hardware hacker, she will have > access to pretty much everything on there. > > You could probably go the route of making a LUKS container for part of > the file system and then distributing the key out of band. If you are > protecting keys (small number of files, possibly one file) you could > GPG encrypt that file and then transmit the BBB. GPG has a symmetric > key option if your recipient doesn't have a GPG public key. > > I had looked into using the EEPROM on the BBB to store some very small > data (a key split/share). You need to electrically clear the WP pin > though but it is locked by default. Unless of course, you are > considering the hardware hacker and physical access. > > Basically, when you let the BBB leave your sight I think you'd have to > assume that worst case somebody has copied/tampered with it. But, if > you had a LUKS container/GPG encrypted file, then *that* would still be > ok as the attacker wouldn't have the key. > > But... if that's the case you'd probably be better off just sending > your recipient an encrypted message (GPG/OTR/Tor Chat/etc...). > > A chip, like a TPM, is supposed to measure your boot process to ensure > that it has not been modified. Then, you could unlock keys only if it > has booted correctly. I made a cape that has this ( > https://www.sparkfun.com/products/12773) but you need to get a > different uboot that includes TPM support. > > Of course, somebody can just change out your MLO b/c the ROM on the > AM3358 just boots that fixed address w/o any signature checking (this > version of the AM3358 that is...). > > Anyway, those are some of my ramblings. I don't know if you liked any > of the answers :) > -- For more options, visit http://beagleboard.org/discuss --- You received this message because you are subscribed to the Google Groups "BeagleBoard" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
