On Tue, Jun 25, 2019 at 09:25:13AM -0400, Larry Brown wrote:
I wonder, if there are best practices, how to protect the data from getting
corrupted (intentionally by an attacker or by accident through ... flash
corruption or whatever).
Ideally your hardware should have some sort of hw-based secure key storage, and
use that to support some sort of secure boot scheme. You can then implement a
chain of trust, allowing you to securely verify a hash signature of the data
during bootup, to ensure that it hadn't been tampered with or gotten corrupted.
Atmel / Microchip, for example, offers a range of Crypto Authentication ICs that
could be added to your hardware to support this, if you hardware didn't have
built in support for something like this. Their offering also included tools to
securely inject the data into the secure ICs during manufacturing, or
alternatively, you could write your own tool to interface with their API.
- Morné
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
