Implementing Secure Boot and Disk Encryption on Tegra Platforms

Explore the intricacies of implementing secure boot and disk encryption on Tegra platforms in this 42-minute conference talk by Tim Orling from Konsulko Group. Delve into the challenges and solutions for secure boot implementations, including the one-time burning of keys into on-device fuses. Learn from real-world experiences, including potential pitfalls that can render a board unusable. Discover the step-by-step approach to securely booting into a vendor's Ubuntu-based OS before creating a custom Yocto Project built OS. Examine the complexities of disk encryption using LUKS and dm-crypt, including the implementation of unique passphrases derived from disk UUIDs and per-device hardware-derived keys. Understand the efforts to maintain compatibility with vendor tools and designs for future-proofing. Investigate the additional challenges of extending the implementation to support A/B flashing for OTA updates, and the considerations for generalizing the approach for the meta-tegra community. Gain insights into addressing various components such as bootloader, initramfs, kernel command line, crypttab, and fstab. Uncover the complexities introduced by Tegra platforms' partition table layout and flashing tools in this comprehensive exploration of secure boot and disk encryption implementation.

Tales from the Crypt: Implementing Secure Boot and Disk Encryption on Tegra Platforms - Tim Orling