Security. The built-in M-Shield security technology enables operators to add value-added services for content protection, transaction security and secure network access, plus terminal security functions such as secure flashing and booting, terminal identity protection and network lock protection. Enhanced with ARM TrustZone support, OMAP3430 security is based on open APIs and provides an environment for secure applications that deliver robust performance and interoperability.

http://www.ti.com/general/docs/wtbu/wtbuproductcontent.tsp?contentId=14649&navigationId=12643&templateId=6123

Not Found

The requested URL /m-shield was not found on this server.

I thought that m-shield block and secure boot was only available on high security version, was I wrong?

Actually I could write my own secure boot since I have the working knowledge how of works

This is on my ToDo list for a while, too (since my discussion with the creator of the CryptoCape which diverted in an other direction)

Good starting points are:

• Secure Boot (as mentioned by clem57
• a trusted TRNG
• encryption and verification of software to run on the device

Happy Hacking!

Glad to read that you are chatting with Josh Datko.  He's a driving force in the topic of security applications for the BeagleBone.

Phil Polstra may also be worth a look:  BeagleBoard.org - 2013-10-08-project-spotlight-the-deck

This was in 2013, looong time ago!

I was thinking of a secure platform for online banking etc. and while at it I found Josh blog on the CryptoCape. Since then I got lost in other projects. I still have to check the Rev C for it's capabilities. From clem57's answer I decuct that they have added some more security features.

Opposed to Phil Polstra I am more interested in the defensive side of security, even if the world looks much brighter for the attackers.

Yeah, that blog post was from awhile ago, but Phil continues to develop the platform: BeagleBoard.org - Forums.  You are right that he is more focused on penetration testing.

The prospect of secure boot is interesting.  I found this on LWN.net:

Verified U-Boot

https://lwn.net/Articles/571031/

It is from 2013 but does mention the BaegleBone Black:

The crypto code is simple and does not deal with multiple indirections and data conversions. In fact, it typically takes longer to hash a kernel than it does to verify it using RSA. On a BeagleBone Black (OMAP4), it takes about 6ms to verify a configuration and only adds 6.2KB to U-Boot's code size.

thanks,

drew

It looks like this person, Teddy Reed, had been working on TPM and BBB, too:

http://prosauce.org/blog/2012/7/5/embedded-trust-p1-beginning-to-trust-my-beaglebone.html

And has repo for libSboot:

https://github.com/theopolis/sboot/

"libSboot provides an example 'Secured Boot' for U-Boot and a U-Boot Second

Phase Loader (SPL)."

That are all great finds! I'll surely have a closer look when I am finished with the design challenge!