Security Overview
Secure Boot
Secure Boot, for the sake of this article, is the process of booting an image that comes from a valid trusted source (authenticity check) while ensuring it has not been modified in any way (integrity check). The actual artifact used for booting - the Torizon OS image with Secure Boot support enabled - is referred to as the Secure Boot image.
Encryption
Encryption on Torizon involves securing data partitions with dm-crypt for data-at-rest protection, utilizing OP-TEE for trusted execution of sensitive operations, and integrating comprehensive security layers to safeguard encryption keys
Security Hardening of U-Boot
This is a detailed description of the security hardening modifications to U-Boot carried out by Toradex.
Enforcing Strong Passwords
During the evaluation and development phases, it's a common practice to leave it disabled to speed up the process. But, just before production, it's strongly advised to enable and configure this feature in order to enforce security. Torizon brings the possibility to enforce strong passwords, and that feature comes disabled by default.