Skip to main content
Version: Torizon OS 7.x.y

Encryption on Torizon OS

Introduction

This article provides an overview of implementing Data-at-Rest Encryption and Trusted Execution Environment (TEE) on Toradex System-on-Modules (SoMs) using the meta-toradex-security layer. It covers the supported SoMs, necessary tools, and step-by-step pointers for building a Torizon OS image with enhanced security features, ensuring the protection of sensitive data and secure execution of critical operations.

Data-at-rest Encryption

The encryption process encodes information into an unreadable format. It keeps sensitive data confidential and secure.

The Toradex encryption implementation leverages the Linux kernel's encryption features, supporting encrypted partitions and utilizing CAAM/TPM as hardware-based trust sources for encryption keys.

Encryption support varies by device; please check availability on the Torizon OS Security Features matrix for details.

You can use the meta-toradex-security layer provided by Toradex to build a Torizon OS image capable of data-at-rest Encryption. It requires you to Build Torizon OS from Source With Yocto Project/OpenEmbedded.

Refer to the GitHub documentation for instructions on how to use this feature: meta-toradex-security: README-encryption.

Trusted Execution Environment

A Trusted Execution Environment (TEE) is a secure space where code and data are protected for confidentiality and integrity. TEEs are ideal for managing secrets like encryption keys and securely executing sensitive tasks like biometric authentication and digital payments. OP-TEE, an open-source TEE, runs alongside a non-secure Linux kernel on ARM Cortex-A processors using TrustZone technology, with support for specific System-on-Modules (SoMs).

You can use the meta-toradex-security layer provided by Toradex to build a Torizon OS image capable of running OP-TEE. It requires you to Build Torizon OS from Source With Yocto Project/OpenEmbedded.

The Verdin iMX8M Plus is supported.

Refer to the GitHub documentation for instructions on how to use this feature: meta-toradex-security: README-optee.

Send Feedback!