I'm working on securing a device built on Yocto 3.14.52, and I succesfully signed and authenticated the bootloader, kernel image and device tree, and get no HAB events on startup. What I'm looking at now, is how do we ensure that the applications that actually perform the device function, are the ones we released?
Do I sign all the applications individually and add code to the kernel to verify them before they're run? This seems like an odd approach, but I haven't seen any mention of how to secure the rest of the programs that are run on the device.
