Have you have tested or support any pi-like devices that use emmc?
eg, Orange Pi 3, Banana Pi BPI-M64, ROCK64 or any others.
I’m wondering if using emmc would be more secure than using an sd card if you weren’t using the perimeter detect component of the zymkey
Would the boot process be anymore secure using the embedded flash (smt, not a pluggable module) or could it still be tampered with?
I found a post from March last year where you stated you were working on support for Odroid, tinkerboard, beagleboard etc. Is there any update on that?
thanks
We have prototyped on Odroid and Beaglebone. Using eMMC, even if it’s soldered on board, really doesn’t give much of a security advantage because someone determined could still easily tap on to the eMMC signals and suck out the binary image, so it’s still important to encrypt partitions, especially the ones with sensitive data or intellectual property.
Using zymkey to store private keys securely tied to a tamper detect system is still important for eMMC based systems.
We don’t officially support any other platforms except Raspberry Pi yet but we have done some proof of concept on ODroid, Tinkerboard and BeagleBone. There are a couple of things to make sure of:
Our Debian packages currently are only available for 32-bit systems. If your distro is 64-bit things, our software won’t work.
Make sure that there the groups ‘i2c’ and ‘gpio’ are present. Typically on distros other than Raspbian, those groups do not exist. In this case, the way to get the group ‘i2c’ is to install ‘i2c-tools’. Things are a bit more complicated for group ‘gpio’: you may have to create the group with ‘sudo groupadd gpio’. Next, you will have to make sure you have an appropriate udev rule so that everything under /sys/class/gpio is reassigned to group ‘gpio’.
We are planning on releasing support for 64-bit Ubuntu bionic soon and, consequently, a new install script that will address the issues I have mentioned above. This is currently in test.
Thank you for this information.
Indeed I tried this on Armbian Bionic and Stretch 64bit Distro’s
i2c-tools and the groups are already installed/created, as I also use I2C OLED displays.
From my point of view, soldered eMMC is more secured than SD (not removable, hard to unsold a BGA).
64bit support is just now mandatory…hope you will release a compatible version asap