encrypted boot device (compact flash)

[nettie <nettie@xxxxxxxxxx>]

Hi guys,

I'm building a linux (2.6) embedded device, the system will boot from a 
compact flash device.

I'm actively looking for a way to encrypt the data stored in the compact 
flash to preevent possible reverse engineering of the custom 
applications and also to preevent 3rd party modification and related 
services abusing.

I'm very pleased of the results I achieved using loop-aes and I was 
wondering if any of you guys can suggest me some possible solutions to 
reach my goal.

The fisr problem I encounter is realted to the password storage, 
considering that the embedded device will not have keyboard, serial 
console and that it will be installed in an hostile/untrusted 
environment. If I store it in the compact flash someone will be able to 
read it and as said before the human input is not an option.

The only non-crypto solution I found is redesign the whole bootstrapping 
architecture, build a light/intelligent that will boot download from our 
servers to ram the real kernel, a cramfs image containing the 
preconfigured applications and tools, pivot the root and kexec to the 
fresh downlaoded full featured kernel.

I'm sorry for the non-crypto related informations of my last sentence 
but I wanted to make a clear picture of what I'm trying to achieve, 
maybe this could be useful for someone else working on a similar project.

Thanx a lot in advance for your time guys, any feedback will be very 
appreciated.

Best,

nettie


-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/