Can balena run encrypted container images?


We are investigating ways to protect our codebase on balenaFin. We have investigated FDE which doesn’t seems to be available at the moment so we are looking at running encrypted container images.
Can balena run encrypted images or is it pointless anyway since it would require a key on the balenaFin?


Hello, unfortunately, balenaFin doesn’t currently support some kind of hardware-level encryption so the decryption keys for any kind of encrypted data would have to be stored in an accessible area of the device, rendering the encryption itself moot. In general, this is a case like the one we describe in the docs about security. Also if I may, what other ways did you think of in order to protect the codebase? Something like obfuscation?

Thanks for the reply. You have confirmed what I was already thinking.

We have no other confirmed method of protecting the codebase yet. Obfuscation will be the next step to investigate.

Glad I helped!