September 13-16, 2022
Dublin, Ireland + Virtual
View More Details & Registration
Note: The schedule is subject to change.

The Sched app allows you to build your schedule but is not a substitute for your event registration. You must be registered for Open Source Summit Europe 2022 to participate in the sessions. If you have not registered but would like to join us, please go to the event registration page to purchase a registration.

This schedule is automatically displayed in Irish Standard Time (UTC +1). To see the schedule in your preferred timezone, please select from the drop-down menu to the right, above "Filter by Date."

IMPORTANT NOTE: Timing of sessions and room locations are subject to change.

Back To Schedule
Wednesday, September 14 • 14:20 - 15:00
Tales from the Crypt: Implementing Secure Boot and Disk Encryption on Tegra Platforms - Tim Orling, Konsulko Group

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
“Secure boot” is not one size fits all, but rather there are different implementations on different platforms. For Tegra platforms, secure boot involves a one-time only burning of keys into the on-device fuses. We’ll share the lessons learned from turning a board into a lovely paperweight as well as the reliable approach we used to confidently secure boot into the vendor’s Ubuntu based OS before creating our own Yocto Project built OS. For disk encryption with LUKS and dm-crypt, we extended our approach of testing the vendor’s OS before moving on to creating our own. The added complexity of unique passphrases derived from disk UUIDs and per-device HW-derived keys was an interesting challenge. We attempted to stay as close to the vendor's tools (luks-srv and luks-srv-app) and design as we could, to hopefully future proof the implementation for newer releases of Linux for Tegra. Extending to A/B flashing for OTA updates (e.g. rauc or mender) added additional challenges, especially when trying to generalize the approach for the meta-tegra community. The end solution must address the bootloader, initramfs, kernel command line, /etc/crypttab, /etc/fstab and more. Add in the complexity of the partition table layout and flashing tools for Tegra platforms and you are in for a wild ride.

avatar for Tim Orling

Tim Orling

Principal Software Engineer, Konsulko Group
Tim Orling is a Principal Software Engineer at Konsulko Group. Tim joined Konsulko Group at the end of 2021. Tim was elected to the OpenEmbedded Board in 2022. He has spent many years as a volunteer developer for OpenEmbedded and the Yocto Project. He has been an open source software... Read More →

Wednesday September 14, 2022 14:20 - 15:00 IST
Liffey Hall 1 (Level 1)