Security Overview
Secure Boot
Secure Boot, for the sake of this article, is the process of booting an image that comes from a valid trusted source (authenticity check) while ensuring it has not been modified in any way (integrity check). The actual artifact used for booting - the Torizon OS image with Secure Boot support enabled - is referred to as the Secure Boot image.
Integrate Secure Boot on Torizon OS
Secure Boot, for the sake of this article, is the process of booting an image that comes from a valid trusted source (authenticity check) while ensuring it has not been modified in any way (integrity check). The actual artifact used for booting - the Torizon OS image with Secure Boot support enabled - is referred to as the Secure Boot image.
Security Hardening of U-Boot
This is a detailed description of the security hardening modifications to U-Boot carried out by Toradex.
Root Filesystem Protection
Overview and guidelines on using the root filesystem protection on Torizon OS.
Secure Boot on AM62x-Based Devices
This article explains how to enable Toradex Secure Boot implementation on AM62-based devices.
Fuse Programming for Secure Boot
Programming Torizon Devices for Secure Boot Fuses at Scale
In-field Upgrades to Secure Boot
Procedures for upgrading devices in the field from Non-Secure to ECoT (Extended Chain of Trust).
Encryption
Encryption on Torizon involves securing data partitions with dm-crypt for data-at-rest protection, utilizing OP-TEE for trusted execution of sensitive operations, and integrating comprehensive security layers to safeguard encryption keys
Enforcing Strong Passwords
During the evaluation and development phases, it's a common practice to leave it disabled to speed up the process. But, just before production, it's strongly advised to enable and configure this feature in order to enforce security. Torizon brings the possibility to enforce strong passwords, and that feature comes disabled by default.