Balena vs Ubuntu Core: Disk Security

I apologize for bringing up a competitors product in this forum. But I am trying to steer towards a fundamental platform choice and have come across Balena as an alternative to Ubuntu Core.
However from what I understand in this forum, it seems that Balena does not support disk encryption at all, which is somewhat surprising to me.
This would be essential to my application, as users would have first hand physical access to devices.

Is is correct that disk encryption is not supported and not in any concrete roadmap?

Are there any resources in the community that works on this or have the same need as we do?
If anyone has implemented or experimented with BalenaOS disk encryption support, maybe in their own branch or with a custom backend, I would be very interested to hear from your experiences.

Hi

Thanks for your message! It’s a valid concern, and we have thought of this a lot internally. We don’t have a good solution without external hardware - explained why here. For folks who are working with boards that have hardware level encryption, we ask them to get in touch with us so that we can work something out for them.

For devices like RPi, that are popular but don’t unfortunately have such features we are exploring solutions like zymbit - but this is still in R&D so I don’t have an eta for you.

If I may ask, what hardware are you working on? Does it support hardware encryption?

The target would be Intel NUC.
Hardware encryption through a TPM module, I am not aware of other options?

Thanks,

I know this is with the product team already, but I will make sure they’re aware of your HW setup. We have has requests similar before for the NUC.

Regards.

1 Like

Without a roadmap date, I am not sure I can go with Balena.
Are there major technical obstacles for a solution, or is it just a matter of “some work” ?

@bheintze what other options are there ? IBMIOT or ORACLEIOT or other ? nothing ive seen compares to balena

hey @BHeintze

unfortunately I cannot provide any concrete details regarding this feature. I have raised an internal issue and we will inform you if we have further details. Thanks

Well I am open to suggestions on alternatives! As suggested in the post title, Ubuntu Core could be an option for us, but we would probably have to build features on top that Balena seems to have already.
On the other hand, lack of disk encryption in 2020, isn’t that a show stopper for many applications?

why would i want to encrypt air temp and wind speed ? so no disk encryption is irrelevant for many IOT apps

You are right. There are probably also many applications where it doesn’t matter.