[Cryptography] Help with Raspberry Pi IoT initialization...

[Matt Johnston]

> On Thu 10/3/2016, at 12:58 pm, Phillip Hallam-Baker <phill at hallambaker.com> wrote:
...
> The boot media has the following additional information:
> ? Verifies the boot media signature
> * Creates a unique device profile for the device [forget the randomness issues, I have this covered other ways]
> * Requests connection to my Mesh profile using the temporary device profile authentication key.
> * On acceptance
>    * Creates all the necessary device application keys
>    ? Erases temporary device profile key(s)
...
> What is the best way to gurantee that I am authenticating the device boot media?
> What is the best way to guarantee that the temporary key is erased from the boot media?


To verify the boot media externally, partition the disk leaving 20k at the end, and put the signature there. The signature should be over the entirety of /dev/mmcblock0 apart from that last 20k. Ralf: a read-only "mount -o ro" shouldn't touch the bytes on the card, though a block-level signature would be better. 

If your SD card contents is smaller than ram size you could erase the boot media by copying the entire SD card image into RAM, write zeroes over the entire device, then copy the SD card image back over minus the key - should be safe? For good measure spread the key into parts across the card.

Matt