Basic lock down
14 views
Skip to first unread message
Lee Armstrong
May 2, 2016, 5:22:30 AM5/2/16
to BeagleBoard
I have my BBB flashed onto the eMMC and it is feasible for someone to boot from the SD Card and/or use the serial debug cable to gain access.
What methods if any have people used to prevent some access?
c...@isbd.net
May 2, 2016, 7:49:00 AM5/2/16
to beagl...@googlegroups.com
Lee Armstrong <l...@pinkfroot.com> wrote:
> [-- text/plain, encoding 7bit, charset: UTF-8, 12 lines --]
If someone has physical access then all bets are off, they just take
the whole thing and can see all the data on it. You can't really
prevent that unless you install an encrypted OS.
--
Chris Green
·
> [-- text/plain, encoding 7bit, charset: UTF-8, 12 lines --]
>
> I have my BBB flashed onto the eMMC and it is feasible for someone to boot
> from the SD Card and/or use the serial debug cable to gain access.
>
> What methods if any have people used to prevent some access?
>
What sort of 'access' are you trying to prevent?
> I have my BBB flashed onto the eMMC and it is feasible for someone to boot
> from the SD Card and/or use the serial debug cable to gain access.
>
> What methods if any have people used to prevent some access?
>
If someone has physical access then all bets are off, they just take
the whole thing and can see all the data on it. You can't really
prevent that unless you install an encrypted OS.
--
Chris Green
·
Lee Armstrong
May 2, 2016, 7:53:25 AM5/2/16
to beagl...@googlegroups.com
Yes very true but the 2 easy vectors I can see are serial debug cable and micro SD. If anything could be done to discourage it then that would be welcomed.
Will look into encrypting the OS though. Good idea.
Will look into encrypting the OS though. Good idea.
--
For more options, visit http://beagleboard.org/discuss
---
You received this message because you are subscribed to a topic in the Google Groups "BeagleBoard" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/beagleboard/tDABFWGMWVE/unsubscribe.
To unsubscribe from this group and all its topics, send an email to beagleboard...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/beagleboard/m1rjvc-o51.ln1%40esprimo.zbmc.eu.
For more options, visit https://groups.google.com/d/optout.
Dennis Lee Bieber
May 2, 2016, 8:27:43 AM5/2/16
to beagl...@googlegroups.com
On Mon, 2 May 2016 02:22:30 -0700 (PDT), Lee Armstrong
<l...@pinkfroot.com> declaimed the following:
>I have my BBB flashed onto the eMMC and it is feasible for someone to boot from the SD Card and/or use the serial debug cable to gain access.
>
>What methods if any have people used to prevent some access?
Locking the unit in a vault with no external connections (no internet;
though internal LAN may be allowed), TEMPEST shielding, and sign-in/out
with a guard for vault access should work.
Which is the long way of saying: if "someone" has physical access to
the device, there is nothing you can do to prevent "access".
--
Wulfraed Dennis Lee Bieber AF6VN
wlf...@ix.netcom.com HTTP://wlfraed.home.netcom.com/
<l...@pinkfroot.com> declaimed the following:
>I have my BBB flashed onto the eMMC and it is feasible for someone to boot from the SD Card and/or use the serial debug cable to gain access.
>
>What methods if any have people used to prevent some access?
though internal LAN may be allowed), TEMPEST shielding, and sign-in/out
with a guard for vault access should work.
Which is the long way of saying: if "someone" has physical access to
the device, there is nothing you can do to prevent "access".
--
Wulfraed Dennis Lee Bieber AF6VN
wlf...@ix.netcom.com HTTP://wlfraed.home.netcom.com/
Reply all
Reply to author
Forward
0 new messages