Hi guys,
I'm building a linux (2.6) embedded device, the system will boot from a compact flash device.
I'm actively looking for a way to encrypt the data stored in the compact flash to preevent possible reverse engineering of the custom applications and also to preevent 3rd party modification and related services abusing.
I'm very pleased of the results I achieved using loop-aes and I was wondering if any of you guys can suggest me some possible solutions to reach my goal.
The fisr problem I encounter is realted to the password storage, considering that the embedded device will not have keyboard, serial console and that it will be installed in an hostile/untrusted environment. If I store it in the compact flash someone will be able to read it and as said before the human input is not an option.
The only non-crypto solution I found is redesign the whole bootstrapping architecture, build a light/intelligent that will boot download from our servers to ram the real kernel, a cramfs image containing the preconfigured applications and tools, pivot the root and kexec to the fresh downlaoded full featured kernel.
I'm sorry for the non-crypto related informations of my last sentence but I wanted to make a clear picture of what I'm trying to achieve, maybe this could be useful for someone else working on a similar project.
Thanx a lot in advance for your time guys, any feedback will be very appreciated.
Best,
nettie
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/