Date: Fri, 15 Jun 2007 14:25:45 +0200 From: Henrik Brix Andersen <henrik@brixandersen.dk> To: freebsd-embedded@freebsd.org Subject: Re: Embedded systems protection? Message-ID: <20070615122545.GA53280@tirith.brixandersen.dk> In-Reply-To: <5d84cb30706150434u6e722912w9edac38e62bd97c3@mail.gmail.com> References: <467272F7.4010301@bulinfo.net> <5d84cb30706150434u6e722912w9edac38e62bd97c3@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--45Z9DzgjV8m4Oswq Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jun 15, 2007 at 01:34:49PM +0200, Karl Sj=F6dahl - dunceor wrote: > One way that is popular is to use a OTP flash with a cert inside that > you verify to see if something has changed. How will that protect from copying? The contents of the flash can still be read. One solution, which I have used earlier, is to have a small bootloader in internal flash which then loads, verifies and decrypts the main application (which has been encrypted) from external flash. The key point here is to make sure the internal flash can not be read out by any means. Regards, Brix --=20 Henrik Brix Andersen <henrik@brixandersen.dk> --45Z9DzgjV8m4Oswq Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: GnuPG signed iD8DBQFGcoVJv+Q4flTiePgRAkufAJ9xD3yY616iJSJZq9sj4ZnovnGyVgCbBOBu ECSgpDWsiS7bUEiYui2sZ34= =sFj8 -----END PGP SIGNATURE----- --45Z9DzgjV8m4Oswq--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070615122545.GA53280>