[Cryptography] Open source encrypted file system for cheap IoT device?

Bakul Shah bakul at bitblocks.com
Wed Dec 27 10:02:44 EST 2017


On Tue, 26 Dec 2017 12:32:45 -0800 Henry Baker <hbaker1 at pipeline.com> wrote:
> >On Tue, Dec 26, 2017 at 9:59 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> >At 11:35 PM 12/23/2017, grarpamp wrote:
> >>No device info was included by OP.  Assuming BSD or Linux
> >>kernel, they both offer tiny simple full extent kernel block
> >>device encryptors upon which their standard filesystems can be
> >>laid down.
> >>
> >>Insufficient info given by OP to fit others.
> >
> >I was hoping for an open source encrypted file system on an
> >device that is so small and so limited that it doesn't even
> >run a form of Linux.  It doesn't even need multiple processes
> >or multiple threads.
> 
> >
> >Why would such a device even need an encrypted filesystem?
> >And where would you store the key material safely to protect
> >it against an adversary who would be able to get access to the
> >storage medium, and thus to the device itself?
> 
> Why?  Confidential info being stored/logged.
> 
> Key?  Hopefully something like public-key, so only the public
> key needs to be stored on the device -- but perhaps not even
> then.  If symmetric-key, then the device never stores the key
> at all, but it needs to be provided during bootup by some
> other mechanism, and is never stored to the file system itself
> (yet another reason for not using Linux -- way to much baggage
> to ever understand and/or verify).
> 
> Once again, it doesn't have to be fast, but it needs to have a
> small code footprint and be reasonably secure.

May be you can try something like the $5 RaspberryPi Zero +
plan9? The plan9 os 'image' also contains a small readonly
bootfs containing programs needed to bootstrap further.  You
can remove everything from this bootfs except a fileserver of
your choice + something to use an AES encrypted partition.
And you can remove all kernel devices you don't need.  You can
then feed the aes key via its GPIO pins or UART something.
The kernel is much simpler than BSD.

Or may be an AESlib + arduino will fit your bill better (but
not something I have played with). People have also interfaced
ESP8266 to SDcards + AES.

There are number of smaller devices but the specs are not
always available (having a running linux is not enough) or
they don't have a large enough community of users.


More information about the cryptography mailing list