How to secure a linux device with physical access?

Sorry I am a little late to the party. Security, of any system, depends on a number of factors. The three most important factors are, how important is the data and/or how important is control of the hardware and finally the amount of risk you are willing to live with (aka Residual Risk).

In one of the supplied answers, a cold-boot attempt was mentioned. This is a very sophisticated attack and requires significant skill, training and hardware. Which tends to mean, if someone wished to use it against an IoT device, then that device must have some dynamite data on it or it controls something very important (like a power grid or bank alarm system) or give you access to a high value target.

Since you didn't describe what your project does, I won't be able to understand the full risks the project entails. Your defenses, both software and physical, should be commensurate with the risk the project represents in its environment. Thus, if the home owner is not a high value target, the project does not control the alarm system (say on a safe, or for a home with significant valuables like artwork) or the data disclosure risks aren't anything higher then possible financial fraud (say credit card or run of the mill banking disclosures), then you will not need to worry about cold-boot attacks (or chip manipulation, via something like a bus pirate; or even something more exotic like a Tempest attack using Radio Frequency or other exotic memory based side-channel attacks).

I would ask, right off the bat, what is the probability of a physical attack? Who do you envision seeking to attack the hardware? If its nation state actors or corporate espionage... then you would have to worry about everything thus far mentioned. If its just say, a maid or hired worker tampering with the device then your risk is lower and accordingly a simple armored box with a battery backed up alarm trigger would suffice; preferably something hooked up to a home alarm system through an armored sheath, so that a remote monitoring service can alert the owner or police (and an annoying high decibel audible alarm might be a nice touch).

When it comes right down to it, if a potential attacker is already in the home, you have a much bigger problem then securing the device.

If you require more sophisticated physical defenses, in most cases, the important thing to remember is that the device must be able to detect the attack and have sufficient power long enough to wipe critical data from memory and secondary storage AND both the volatile and non-volatile storage cannot be removed without extreme measures (or physical damage).

It sounds harder then it really is. I built a such a device a few years back out of a Beagle Bone Black with a charger and battery, 2 part steel case glued shut (screws and some seams glued) with a photo resistor to detect changes in light and a electret microphone to detect changes in sound level. The device would notify us if there was any dramatic change in light or sound levels and if the main power was disconnected after such a change it proceeded to wipe itself while on battery power. Technically, security was not the devices primary function, but there was a high theft risk and we didn't want someone walking off with a usable device or with one in which they could extract password hashes from. Call us paranoid...

Sorry I am a little late to the party. Security, of any system, depends on a number of factors. The three most important factors are, how important is the data and/or how important is control of the hardware and finally the amount of risk you are willing to live with (aka Residual Risk).

In one of the supplied answers, a cold-boot attempt was mentioned. This is a very sophisticated attack and requires significant skill, training and hardware. Which tends to mean, if someone wished to use it against an IoT device, then that device must have some dynamite data on it or it controls something very important (like a power grid or bank alarm system) or give you access to a high value target.

Since you didn't describe what your project does, I won't be able to understand the full risks the project entails. Your defenses, both software and physical, should be commensurate with the risk the project represents in its environment. Thus, if the home owner is not a high value target, the project does not control the alarm system (say on a safe, or for a home with significant valuables like artwork) or the data disclosure risks aren't anything higher then possible financial fraud (say credit card or run of the mill banking disclosures), then you will not need to worry about cold-boot attacks (or chip manipulation, via something like a bus pirate; or even something more exotic like a Tempest attack using Radio Frequency or other exotic memory based side-channel attacks).

I would ask, right off the bat, what is the probability of a physical attack? Who do you envision seeking to attack the hardware? If its nation state actors or corporate espionage... then you would have to worry about everything thus far mentioned. If its just say, a maid or hired worker tampering with the device then your risk is lower and accordingly a simple armored box with a battery backed up alarm trigger would suffice; preferably something hooked up to a home alarm system through an armored sheath, so that a remote monitoring service can alert the owner or police (and an annoying high decibel audible alarm might be a nice touch).

When it comes right down to it, if a potential attacker is already in the home, you have a much bigger problem then securing the device.

If you require more sophisticated physical defenses, in most cases, the important thing to remember is that the device must be able to detect the attack and have sufficient power long enough to wipe critical data from memory and secondary storage AND both the volatile and non-volatile storage cannot be removed without extreme measures (or physical damage).

It sounds harder then it really is. I built a such a device a few years back out of a Beagle Bone Black with a charger and battery, 2 part steel case glued shut (screws and some seams glued) with a photo resistor to detect changes in light and a electret microphone to detect changes in sound level. The device would notify us if there was any dramatic change in light or sound levels and if the main power was disconnected after such a change it proceeded to wipe itself while on battery power. Technically, security was not the devices primary function, but there was a high theft risk and we didn't want someone walking off with a usable device or with one in which they could extract password hashes from. Call us paranoid...