rpi4 secure boot + rootFS decryption via OTP registers possible? #54
Comments
|
Greetings, |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
My plan is to ship Raspberry Pi 4s out to the wild, but I don't want people to easily reverse engineer the proprietary software on them.
According to https://github.com/raspberrypi/usbboot/blob/master/secure-boot-recovery/README.md Raspberry Pi 4 supports secure boot.
Also there seem to be user-burnable fuses / OTP registers in the CPU: https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#otp-registers
So the plan is to:
setup secure boot, save public signing key in OTP registers 47-55
burn fuses to disallow bootloader downgrade, disable boot JTAG, disable boot loader HDMI output, set strict boot order
-> prevents anyone from booting a different system than our own or changing boot-args to gain root access, I guess?
-> also prevents anyone from then reading OTP register values, as they can't boot anything to read the register and can't use JTAG?
burn in a decryption key in the user defined OTP register 36-43 (or use cpu serial number?) for encrypted rootFS that resides on the SD card
-> prevents access to proprietary software on the encrypted volume, even if the SD card is read somewhere else
decryption key is different on every shipped Pi
-> prevents cloning the SD card and use in another Pi
What am I missing here or why did nobody do this yet?
The text was updated successfully, but these errors were encountered: