Hello lovely community,
I would like to know how are people securing their BalenaFin on the field (loaded with BalenaOS or not) in general terms, but specifically on the mounting of the eMMC.
It is my understanding that the CM3 can be mounted as a mass storage media, via rpiboot for example.
This obviously leaves the device wide open for an attacker to take a look into the device.
Of the approaches I have seen around, none are conclusive since the fin lacks a crypto chip.
On the BalenaOS side, I will say that I don’t really now if this is a tackled issue or to understand how it was addressed.
Further, for raspberrypi3 users, the sd card would also require some encryption approach.
I hope this question becomes relevant to the community.