fs-verity: Embedded Linux File Protection

See my previous post on Announcing the Cryptotronix Podcast.

Embedded Linux devices are generally lacking in security, but especially file system security. While I’m seeing the ship start to turn with respect to secure boot, there is still a wide lack of file system prevention and monitoring security.

In this video, I describe and provide a quick demo on fs-verity, a new-ish addition that allows similar protection from dm-verity, but on a file system level. What’s dm-verity you ask? Well, I go into that too.

The demo is using our spearf1sh OS — a #buildroot based hacking platform that we are getting closer to releasing. This board also has a Microchip ATECC608A on a Pmod, which could be used to sign the fs-verity measurements.

For a full list of my available trainings, check out Advanced Security
For consulting, contact us at Cryptotronix.

One thought on “fs-verity: Embedded Linux File Protection

Leave a Reply