At the Embedded Linux Conference in Dublin, Ireland, September 13-16, 2022, Konsulko Group’s Tim Orling will present “Tales from the Crypt: Implementing Secure Boot and Disk Encryption on Tegra Platforms.” Learn about the challenges and successes implementing effective security on Nvidia’s Tegra.

Secure Boot challenges

“Secure boot” needs different implementations on different platforms. For Tegra platforms, secure boot involves a one-time only burning of keys into the on-device fuses. Tim will share a reliable approach to confidently secure boot into the vendor’s Ubuntu-based OS before creating a Yocto Project-built OS.

Disk encryption with LUKS and dm-crypt

Extending this approach to disk encryption – testing the vendor’s OS before moving on to creating our own, Tim attempted to stay as close to the vendor’s tools (luks-srv and luks-srv-app) and design as possible, to try to “future proof” the implementation for newer releases of Linux for Tegra.

Extending for Over-the-Air updates

A/B flashing for OTA updates (e.g. rauc or mender) added additional challenges, generalizing the approach for the meta-tegra community. The end solution must address the bootloader, initramfs, kernel command line, /etc/crypttab, /etc/fstab and more. Add in the complexity of the partition table layout and flashing tools for Tegra platform, and it can be a wild ride.

Dublin and ELCE

The city of Dublin, Ireland has a storied history of literature, music and beverage. In September, Dublin will play host to the Embedded Linux Conference, Europe (ELCE), part of the Linux Foundation’s Open Source Summit.

Launched in 2005, Embedded Linux Conference is for companies and developers using Linux in embedded products. It gathers the technical experts working on embedded systems and applications for education and collaboration, paving the way for transformation in these important and far reaching areas.

To attend, register for Open Source Summit. You’ll also get access to all the other events in the Open Source Summit collection. Hope you will be able to join us in person or virtually.