The Raspberry Pi has become one of the most popular system boards in the world, and has been slapped onto just about everything at this point. German electronics manufacturer Wibu Systems has decided that the only thing missing from the equation is a hardware based security system.
Based on Wibu’s CodeMeter security dongles, the “starter kit” provides the Raspberry Pi with a secure boot that will only allow sign software to execute. The idea is that this will prevent any tampering with the code on the Raspberry Pi, although it is difficult to imagine that any hacker will be targeting the millions of individually customised Raspberry Pis in the world. Still, one cannot be too safe with the current spate of cyber-attacks going on.
The CmStick contains about 384kb of data, and can contain information on thousands of products. There is a catch this system though. It can only check against pre-approved signatures, which is fine if the Raspberry Pi is intended to run distributed code. However, it will still not be able to work with open source projects without a lot of back end work to digitally sign the code for each release. This is perhaps a better choice for the hobbyist who is following instructions to build a project, instead of hacking together something completely new.
Anyone who is concerned about the security of their Raspberry Pi as a new attack vector could possibly think about obtaining one of these. After all, most people wouldn’t think twice about executing a stranger’s code on their Raspberry Pi; especially if it was for a supposedly cool project.
[Source: Wibu-Systems via Ars Technica]
