January 9, 2020

185 words 1 min read

Authenticated and Encrypted Storage on Embedded Linux

Authenticated and Encrypted Storage on Embedded Linux

The Linux kernel provides many building blocks for authenticating and/or encrypting data (and code) on storage devices: dm-crypt, dm-verity, dm-integrity, fscrypt, ecryptfs, IMA/EMV, fsverity, and UBI …

Talk Title Authenticated and Encrypted Storage on Embedded Linux
Speakers Jan Lübbe (CTO, Pengutronix e.K.)
Conference Open Source Summit + ELC Europe
Conf Tag
Location Lyon, France
Date Oct 27-Nov 1, 2019
URL Talk Page
Slides Talk Slides
Video

The Linux kernel provides many building blocks for authenticating and/or encrypting data (and code) on storage devices: dm-crypt, dm-verity, dm-integrity, fscrypt, ecryptfs, IMA/EMV, fsverity, and UBIFS authentication. As is often the case with cryptographic tools, understanding the trade-offs and limitations are necessary to select the appropriate combination for any given project.This talk will give an overview of both mature and recently implemented mechanisms, with a focus on which embedded-specific use cases they are best suited for. As the design of a system’s storage has direct influences on performance, security and ease of development & debugging and is difficult to change in the field, finding a good compromise in these axes early in a project can avoid expensive refactoring later.

comments powered by Disqus