Explore the intricacies of implementing secure boot and disk encryption on Tegra platforms in this 42-minute conference talk by Tim Orling from Konsulko Group. Delve into the challenges and solutions for secure boot implementations, including the one-time burning of keys into on-device fuses. Learn from real-world experiences, including potential pitfalls that can render a board unusable. Discover the step-by-step approach to securely booting into a vendor's Ubuntu-based OS before creating a custom Yocto Project built OS. Examine the complexities of disk encryption using LUKS and dm-crypt, including the implementation of unique passphrases derived from disk UUIDs and per-device hardware-derived keys. Understand the efforts to maintain compatibility with vendor tools and designs for future-proofing. Investigate the additional challenges of extending the implementation to support A/B flashing for OTA updates, and the considerations for generalizing the approach for the meta-tegra community. Gain insights into addressing various components such as bootloader, initramfs, kernel command line, crypttab, and fstab. Uncover the complexities introduced by Tegra platforms' partition table layout and flashing tools in this comprehensive exploration of secure boot and disk encryption implementation.
Implementing Secure Boot and Disk Encryption on Tegra Platforms
Overview
Syllabus
Tales from the Crypt: Implementing Secure Boot and Disk Encryption on Tegra Platforms - Tim Orling
Taught by
Linux Foundation
Tags
Related Courses
-
Maintaining a Community BSP Layer: Updating Meta-Tegra Through Major Changes
-
Secure Boot from A to Z - Building a Complete Chain-of-Trust
-
Protecting Your System from Security Threats - Linux Security Mechanisms
-
Implementing UEFI-based Secure Boot and OTA Updates for Embedded ARM Devices
-
Surviving in the Wilderness: Integrity Protection and System Update for IoT Devices
-
Becoming a Tyrant - Implementing Secure Boot in Embedded Devices
