Signing all Applications

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Signing all Applications

437 Views
gregorydavies
Contributor II

I'm working on securing a device built on Yocto 3.14.52, and I succesfully signed and authenticated the bootloader, kernel image and device tree, and get no HAB events on startup. What I'm looking at now, is how do we ensure that the applications that actually perform the device function, are the ones we released? 

Do I sign all the applications individually and add code to the kernel to verify them before they're run? This seems like an odd approach, but I haven't seen any mention of how to secure the rest of the programs that are run on the device.

Labels (2)
0 Kudos
1 Reply

321 Views
b36401
NXP Employee
NXP Employee

After kernel starts up it can run all applications without authentication.
Howevet if you wish you can encrypt and sign whole filesystem.

Have a great day,
Victor

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

0 Kudos