Dear Mahendra, In message <bay176-w29a41e1225fe7e1d2479b890...@phx.gbl> you wrote: > > thanks for replying..I think , if I encrypt entire rootfs , and > embedded decryption key in uboot (at the time of compiling uboot)..it > can be protected ...what is your suggestion..?I have never work with > uboot..so that I need help to embedded decryption key to uboot to > load encrypted rootfs..best
As I can read your U-Boot image on that hardware, I can also read your key, and then probably use it. Security is not so easy to implement. If an attacker can get physical access, you must make sure he cannot access your keys anyway. Usually this gets addresses in hardware - like TPM chips (where you cannot read the keys), or processors that support protected / encrypted boot modes. If your SOC does not have any such options, and neither does your board, then you lose. Viele Grüße, Wolfgang Denk -- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: w...@denx.de Every program has at least one bug and can be shortened by at least one instruction - from which, by induction, one can deduce that every program can be reduced to one instruction which doesn't work. _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot