ilan_sw
Posts: 5
Joined: Wed Apr 10, 2019 4:55 pm

Preventing reading and changing contents of SD card

Thu May 23, 2019 9:19 am

Hello, all
I would like to prevent people from reading and changing the contents of the SD card the Pi uses (it has semi-sensitive data)
That is, the image on the SD card will not be read / used by anyone that is not the specific Pi, and the Pi will not work with an SD card that is not that particular one.

I suppose, the most straightforward way to achieve this is via physical barrier, like pouring a hardening plastic material over the SD card once it's in the slot.

My questions are:
1. What are the common methods for this?
2. If it's physical barrier - what method / material is recommended?
3. If there are more delicate way, using SW / HW - what are they?

Thanks!

User avatar
thagrol
Posts: 1471
Joined: Fri Jan 13, 2012 4:41 pm
Location: Darkest Somerset, UK
Contact: Website

Re: Preventing reading and changing contents of SD card

Thu May 23, 2019 12:45 pm

Here's my 2 pence woth:
ilan_sw wrote:
Thu May 23, 2019 9:19 am
1. What are the common methods for this?
Dunno. Frankly I'm not even sure it's possible. The card has to be readable in order to be bootable. You could encrypt the root partition and prompt for a password on boot or store the key on an external device
2. If it's physical barrier - what method / material is recommended?
A physical barrier won't prevent someone getting at the SD card. It'll slow them down and make it more obvious that tampering has occured but that's all. If you glue in the SD card you'll be making problems for later: if the SD card fails (or you need to upgrade it) you can't just swap it out.

If the Pi can be connected to over a network (or serial if the GPIO header is exposed), or if the USB ports are open, a physical barrier on the SD card will be of little value. You don't need physical access to the SD card to read or copy its contents
3. If there are more delicate way, using SW / HW - what are they?
Encrypt your "semi-sensitive data". Store the decryption key on a seperate device (internet server, USB dongle, user's head). If using a password to access this data, store and compare the password the same way that linux does: one way encrypted and compare it against the encrypted one from the user. Use a different password/key for each Pi/SD card.

You could tie things into the Pi's serial number but that could cause maintenance problems (you can't swap out the hardware and keep the same SD card) and there are know to be duplicate serial numbers in the wild.
Note to self: don't feed the trolls

If I've asked you a question, please answer it. I'm unlikely to be able to help without that information.

LTolledo
Posts: 1399
Joined: Sat Mar 17, 2018 7:29 am

Re: Preventing reading and changing contents of SD card

Thu May 23, 2019 2:23 pm

Put it in Mars orbit? ;)
"Don't come to me with 'issues' for I don't know how to deal with those
Come to me with 'problems' and I'll help you find solutions"

Some people be like:
"Help me! Am drowning! But dont you dare touch me nor come near me!"

Andyroo
Posts: 2920
Joined: Sat Jun 16, 2018 12:49 am
Location: Lincs U.K.

Re: Preventing reading and changing contents of SD card

Thu May 23, 2019 2:48 pm

Do not store it on the Pi in the first place.

Any security audit will highlight that the physical storage device can be removed and put into another machine so bypassing any security in the OS other than encryption. I will bet any user will write down a complex password if used for on the fly encryption (normally on a handy post it note) :lol:

Failing that - look at https://www.zymbit.com/securing-raspberry-pi/ or possibly Infineon - I think the latter may do something in the Pi TPM line.
Need Pi spray - these things are breeding in my house...

epoch1970
Posts: 2798
Joined: Thu May 05, 2016 9:33 am
Location: Paris, France

Re: Preventing reading and changing contents of SD card

Fri May 24, 2019 1:47 pm

ilan_sw wrote:
Thu May 23, 2019 9:19 am
the image on the SD card will not be read / used by anyone that is not the specific Pi, and the Pi will not work with an SD card that is not that particular one.
The common answer to securing the system is prototyping on Pi3 and deploying on CM3+adhoc board, I think.
If you believe anything smarter than a brick can really be secured, that it.

Otherwise, use a Pi3, take advantage of the platform's low price, flexibility and unbeatable availability, and stop worrying.
You can possibly replace security devices with online monitoring and get to know if something is happening to the device. That could even get you accused of performing proactive customer service...
"S'il n'y a pas de solution, c'est qu'il n'y a pas de problème." Les Shadoks, J. Rouxel

Return to “Advanced users”