We use beaglebone black with Debian Console 7.9 (2015-11-03) for our project. All work fines and the project is in completion phase.
But we want protect our application files. SSH was protect but if a person start the BBB with a µSD card with debian, this person can access to eMMC and get files of our application. In our project we have planned a procedure for restoration with a µSD card (a simply eMMC Flasher).
How can we protect the eMMC and the restore image for nobody can have access of our application files? We think encrypt the image but we don’t know if it’s possible and how do it?
I up the post, nobody has a solution for encrypting an image ?
I see more solution for the raspberry but i don’t find a same solution for BBB…
I tested with encfs but the password must be typed or in a script. For automount folder at startup this is not secure. And i think with encFS a personne can boot with µSD card and find the ssh/encFS passwords on eMMC…
I up the post, nobody has a solution for encrypting an image ?
I see more solution for the raspberry but i don't find a same
solution for BBB...
I'm not sure what solution would work for the pi that can't also be
used for the BBB.
I tested with encfs but the password must be typed or in a script.
For automount folder at startup this is not secure. And i think with
encFS a personne can boot with µSD card and find the ssh/encFS
passwords on eMMC...
You should know that anybody can walk up to any BBB, overwrite the MLO
and boot their own image. The SoC doesn't verify the boot image.
What's your threat model? Are you worried about people having physical
access to the BBB? Then perhaps put it in a tamper evident/responsive
container. Otherwise, yes, you hold the USR_BOOT button and boot from
the SD card.
Does the application need an automated way to get the key to unlock the
file system? Can it get the key from a server? from a human?
Otherwise, you need to store/derive the key somehow on the BeagleBone.
You can use a TPM to store a LUKS encrypted key ( TrouSerS / tpm-luks / [3fa3ea]). If
somebody did boot from the sd card, and if you have a TPM enabled uBoot
and application, then hopefully the PCR on the TPM will be different
and the LUKS key won't be accessible.
It's a big rube-goldberg machine of sorts, but it will make the
attacker's (and your) life more complicated, which is an added layer.
Hi Julien
It's illegal to encrypt a Linux image (and sell it)! Please read the
GPL in detail! http://www.gnu.org/licenses/gpl-3.0.en.html
But, if your software is strictly your software, _and_ not depending
on any GPL'd libraries, (LGPL might work, I am no lawyer;) Then it
might work with a user with an encrypted home folder. Ask Google, how
to do this.
And BBB is open source as well. Has no CE IMHO. Did u read the legal
issues of BBB?
Dieter
You should know that anybody can walk up to any BBB, overwrite the MLO
and boot their own image. The SoC doesn’t verify the boot image.
What’s your threat model? Are you worried about people having physical
access to the BBB? Then perhaps put it in a tamper evident/responsive
container. Otherwise, yes, you hold the USR_BOOT button and boot from
the SD card.
Does the application need an automated way to get the key to unlock the
file system? Can it get the key from a server? from a human?
Otherwise, you need to store/derive the key somehow on the BeagleBone.
I need propose a factory restore procedure and the only solution is an µSD card with flasher…
The best solution is that of Dieter with Ecryptfs although I would have preferred to avoid it, because i need to move my application files to the home folder and change more script…