5

I have a system that displays video from a camera feed with an overlay, and it must boot without any user intervention (the quicker the better). However, these systems will be in the hands of customers so we are worried about reverse-engineering.

The OS (linux), software, and logs are stored on an mSATA SSD. The CPU is a 4th-gen Core i3 with 4GB RAM.

Basically, how can we prevent any unscrupulous customers or competitors from simply removing the SSD and stealing our application code? The obvious answer is to encrypt the drive, but it needs to boot unattended. The next logical step is to decrypt the software at runtime, but you would still need to store the decryption key somewhere in plaintext right?

There is a TPM module onboard, which might be a solution, but I couldn't find any good documentation on using it for this.

I am open to any and all suggestions.

Chriszuma
  • 151

1 Answers1

4

Overview

  1. encrypt the disk
    • use dm-crypt and LUKS
  2. seal the key to a TPM and use access restrictions according to well-known PCR set.
  3. use secure boot
    • Intel TXT and TBoot are capable of securely booting a Linux Kernel. You have to check whether your CPU and chipset support TXT.

Security

  • Without secure boot the only way to prevent the TPM from releasing the key to everybody is to use a password - not feasible if unattended operation is required.

  • The disk can only be decrypted on the machine with the particular TPM.

  • The key is only released after a secure boot. Thus, only software approved by you may access the disk. However, you have to design a proper update strategy to be able to update the system. (If updates are a concern)

  • The TPM can be tricked by low cost (< 100 €) hardware attacks. This needs some skills, but is totally feasable.

  • The key might still be obtained by removing the RAM and reading it using a special device. But it will be wiped during a paltform reset by Intel TXT.

  • Backups are always a problem. If it's easy to access the precious data in the backups, all your platform protection is worth nothing. If you store the backup on the same system, it's not a backup.

  • Runtime behavior! If your customer can get access on the running system (SSH, HTTP, ...) then the disk will be mounted and all data accessible.

Links

Some years ago a protorype research project was released, you might find some information there as well: IAIK acTvSM Platform

Scolytus
  • 454