Security Overview

Secure Boot

This articles bring information about Secure Boot integration on Torizon OS. Learn how it ensures a trusted boot chain on Toradex SoMs using hardware root of trust, signed bootloaders, and authenticated OS images.

Integrate Secure Boot on Torizon OS

This article is a guide to integrate Secure Boot on Torizon OS — from prerequisites, Yocto build setup, image signing, to key management and fuse programming.

Security Hardening of U-Boot

This is a detailed description of the security hardening modifications to U-Boot carried out by Toradex.

Root Filesystem Protection

Overview and guidelines on using the root filesystem protection on Torizon OS.

Secure Boot on AM62x-Based Devices

This article explains how to enable Toradex Secure Boot implementation on AM62-based devices.

Fuse Programming for Secure Boot

Programming Torizon Devices for Secure Boot Fuses at Scale

In-field Upgrades to Secure Boot

Procedures for upgrading devices in the field from Non-Secure to ECoT (Extended Chain of Trust).

Encryption

Encryption on Torizon involves securing data partitions with dm-crypt for data-at-rest protection, utilizing OP-TEE for trusted execution of sensitive operations, and integrating comprehensive security layers to safeguard encryption keys

Enforcing Strong Passwords

During the evaluation and development phases, it's a common practice to leave it disabled to speed up the process. But, just before production, it's strongly advised to enable and configure this feature in order to enforce security. Torizon brings the possibility to enforce strong passwords, and that feature comes disabled by default.