Community
cancel
Showing results for 
Search instead for 
Did you mean: 
CTwit
New Contributor I
1,433 Views

edison and securing the device

Jump to solution

Hello,

I am interested in taking reasonable protections for my Intel device. I.e. I don't want people to pull the image of off it, or otherwise hop on the system and muck around. I've turned wifi off, ssh off, console off, etc in a production image. However, it seems to me, one can always pull down the image on the disk with dfu-util. It also seems quite hard to secure the edison, even if I have verified u-boot, can't someone just reflash the u-boot partitions to something that will boot the image?

Additionally, I want to verify firmware before applying it. This can't be done with dfu-util, I think, but has to live at u-boot/after linux booting. Again, wondering what others have tried/standard practices.

I am wondering what other people have tried or considered and what, if anything others have tried.

thanks.

1 Solution
idata
Community Manager
99 Views

Hi ziacat,

 

 

There is a thread with a similar topic: https://communities.intel.com/thread/59741 https://communities.intel.com/thread/59741

 

A verified U-Boot could work as an alternative, but there would still be ways to access the main image due that Edison software and image are designed as open software and there is nothing available to protect intellectual property as it would contradict the open source principle. (https://communities.intel.com/message/338549# 338549 https://communities.intel.com/message/338549# 338549)

 

There would be ways to access the partitions and image by using dfu-utils, the Edison was designed in this way and there isn't supported alternatives to change this.

 

 

Regards,

 

Charlie

View solution in original post

3 Replies
CTwit
New Contributor I
99 Views

As an aside, is verified boot useful when we have no locked down, read only portion of memory?

idata
Community Manager
100 Views

Hi ziacat,

 

 

There is a thread with a similar topic: https://communities.intel.com/thread/59741 https://communities.intel.com/thread/59741

 

A verified U-Boot could work as an alternative, but there would still be ways to access the main image due that Edison software and image are designed as open software and there is nothing available to protect intellectual property as it would contradict the open source principle. (https://communities.intel.com/message/338549# 338549 https://communities.intel.com/message/338549# 338549)

 

There would be ways to access the partitions and image by using dfu-utils, the Edison was designed in this way and there isn't supported alternatives to change this.

 

 

Regards,

 

Charlie

View solution in original post

CTwit
New Contributor I
99 Views

Thanks!!! That makes sense!

Reply