16525 East Laser Drive
Fountain Hills, AZ 85268
Phone (480) 837-5200
Technologic Systems' Logo

Home > Software > Solutions for ARM > SD Card Security

 

SD Card High-Security Features

arrow

Technologic Systems has developed a Linux application named "sdlock" which can be used to manipulate SD card hardware-enforced password locks and set the card's permanent write-protect feature. Using a password protected SD card is a great way to ensure software security and/or to make sure your TS-7000 SBC based product cannot be used in an unintended matter once deployed. This utility is only available for the TS-7300 and TS-7400 products, which are configured with the TS-SDBOOT firmware.

Some of the possibilities include:

  • Password protecting SD Cards
  • Set the SBC to boot only locked SD Cards
  • Set the SD Card readable only on a specific SBC
  • Checksum verification of bootable SD Cards
  • Make an SD Card permanently write-protected

How To Use It

Usage and command line help for this command:

$ sdlock –help
Usage: sdlock [OPTION] ...
Controls SD card lock and permanent write-protect features.

General options:
-p, --password=PASS Use PASS as password
-c, --clear Remove password lock
-s, --set Set password lock
-u, --unlock Unlock temporarily
-e, --erase Erase entire device (clears password)
-w, --wprot Enable permanent write protect
-h, --help This help

The "sdlock" Linux utility is available for download at:

When the TS-7000 SBC is configured with the TS-SDBOOT bootup firmware (TS-7300 and TS-7400 boards only), the SD unlock password can be stored in onboard EEPROM for automatic unlocking and booting of password protected SD cards. By default, TS-SDBOOT will still boot unlocked cards, but this behavior can be changed with the "--verifylock" option to the "tsbootrom-update" command described above-- with the "--verifylock" option the TS-7000 SBC will only boot locked SD cards.

TS-SDBOOT firmware contains several features for high security. One feature is the ability to store a checksum of the SD card on the board to verify before bootup. If the checksum fails, the bootup firmware will refuse to boot the inserted SD card. TS-SDBOOT can also verify an arbitrary number of sectors of the SD flash card before allowing bootup. If the stored CRC does not match the actual CRC, the board will refuse to boot and blink the red LED continuously.

Another feature is the ability to boot a password protected SD card. With this, it is possible to make an SD unreadable to any device except the TS-7000 SBC to which it is assigned. Although not directly a function of TS-SDBOOT, an SD card can also be made permanently write-protected through a software command. The combination of these features allows product designers several options on the security of their software and of their deployed TS-7000 SBC based devices.

The various SD commands that manipulate the password lock are marked as "optional" in the SD card specification. This means that not all SD card vendors may implement them in their devices. If they are not implemented, you will not be able to set the SD lock with the "sdlock" command.

For further information, contact a Technologic Systems engineer.

Contact us!

Search the KB