Locked down meaning the storage devices are encrypted and decrypted on-the-fly via the SoC/CPU using a key programmed into the Fuses/OTP (this is usually per device keys), bootrom/loader requiring signed firmware images, limited exposure of external interfaces (attack surface) - from my memory even the Uart interface attached to the SoC was disabled very early on in the boot loader, exposing only one or two messages. I would not expect that ram is encrypted - I cannot think of a single time I have seen that implemented in a device. Maybe it’s time to dig that board out of storage and poke at it a bit more invasively, my understanding is they are not very robust when faced with fault injection :>
No comments yet.