[yocto] General Question: Device specific value store
Morné Lamprecht
morne at linux.com
Wed Jun 26 03:03:34 PDT 2019
On Tue, Jun 25, 2019 at 09:25:13AM -0400, Larry Brown wrote:
>>> I wonder, if there are best practices, how to protect the data from getting
>>> corrupted (intentionally by an attacker or by accident through ... flash
>>> corruption or whatever).
Ideally your hardware should have some sort of hw-based secure key storage, and
use that to support some sort of secure boot scheme. You can then implement a
chain of trust, allowing you to securely verify a hash signature of the data
during bootup, to ensure that it hadn't been tampered with or gotten corrupted.
Atmel / Microchip, for example, offers a range of Crypto Authentication ICs that
could be added to your hardware to support this, if you hardware didn't have
built in support for something like this. Their offering also included tools to
securely inject the data into the secure ICs during manufacturing, or
alternatively, you could write your own tool to interface with their API.
- Morné
More information about the yocto
mailing list