See my previous post on Announcing the Cryptotronix Podcast.
Embedded Linux devices are generally lacking in security, but especially file system security. While I’m seeing the ship start to turn with respect to secure boot, there is still a wide lack of file system prevention and monitoring security.
In this video, I describe and provide a quick demo on fs-verity, a new-ish addition that allows similar protection from dm-verity, but on a file system level. What’s dm-verity you ask? Well, I go into that too.
The demo is using our spearf1sh OS — a #buildroot based hacking platform that we are getting closer to releasing. This board also has a Microchip ATECC608A on a Pmod, which could be used to sign the fs-verity measurements.