On Wed, Jun 26, 2019 at 12:03 PM Morné Lamprecht <mo...@linux.com> wrote: > > On Tue, Jun 25, 2019 at 09:25:13AM -0400, Larry Brown wrote: > >>> I wonder, if there are best practices, how to protect the data from > >>> getting > >>> corrupted (intentionally by an attacker or by accident through ... flash > >>> corruption or whatever). > > Ideally your hardware should have some sort of hw-based secure key storage, > and > use that to support some sort of secure boot scheme. You can then implement a > chain of trust, allowing you to securely verify a hash signature of the data > during bootup, to ensure that it hadn't been tampered with or gotten > corrupted. > > Atmel / Microchip, for example, offers a range of Crypto Authentication ICs > that > could be added to your hardware to support this, if you hardware didn't have > built in support for something like this. Their offering also included tools > to > securely inject the data into the secure ICs during manufacturing, or > alternatively, you could write your own tool to interface with their API. > > - Morné > -- > _______________________________________________ > yocto mailing list > yocto@yoctoproject.org > https://lists.yoctoproject.org/listinfo/yocto
Hi, almost all flash have a non-volatile storage. It was OTP on old NOR, now there are more flavors: your board appears to have eMMC and so OTP/MTP should be supported by the mmc stack. Check out this link: https://www.synopsys.com/designware-ip/technical-bulletin/memory-options.html Regards Andrea -- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto