[yocto] General Question: Device specific value store
Andrea Adami
andrea.adami at gmail.com
Wed Jun 26 03:21:33 PDT 2019
On Wed, Jun 26, 2019 at 12:03 PM Morné Lamprecht <morne at linux.com> wrote:
>
> On Tue, Jun 25, 2019 at 09:25:13AM -0400, Larry Brown wrote:
> >>> I wonder, if there are best practices, how to protect the data from getting
> >>> corrupted (intentionally by an attacker or by accident through ... flash
> >>> corruption or whatever).
>
> Ideally your hardware should have some sort of hw-based secure key storage, and
> use that to support some sort of secure boot scheme. You can then implement a
> chain of trust, allowing you to securely verify a hash signature of the data
> during bootup, to ensure that it hadn't been tampered with or gotten corrupted.
>
> Atmel / Microchip, for example, offers a range of Crypto Authentication ICs that
> could be added to your hardware to support this, if you hardware didn't have
> built in support for something like this. Their offering also included tools to
> securely inject the data into the secure ICs during manufacturing, or
> alternatively, you could write your own tool to interface with their API.
>
> - Morné
> --
> _______________________________________________
> yocto mailing list
> yocto at yoctoproject.org
> https://lists.yoctoproject.org/listinfo/yocto
Hi,
almost all flash have a non-volatile storage.
It was OTP on old NOR, now there are more flavors: your board appears
to have eMMC and so OTP/MTP should be supported by the mmc stack.
Check out this link:
https://www.synopsys.com/designware-ip/technical-bulletin/memory-options.html
Regards
Andrea
More information about the yocto
mailing list