On Raspberry Pi you can buy Zimkey, which basically just uses the LUKS, and on boot Zimkey gets some undisclosed readings from RPi and generates a key from this, which always will be the same when the same Zimkey is connected to the same RPi. So on that RPi the os will boot and services will start running, but if you take out the sd card and try to read it, you won’t be able to.
On Jetson Nano there is the secure boot, and it seems that just by enabling that it would be harder to steal data from any non-removable storage because you would need to know the OS login and password to get to the storage. And you can’t install any other software to access it, because any image would need to be signed. Is this right?
If my above assumption is right, it wouldn’t help if we’re booting from an SD card, because you can easily remove it and read it from a computer. I have read the documentation for the secure boot, it mentions a safe storage key, but there aren’t any specifics on it. Is it possible to use it in a similar way as Zimkey? So that the SD card would get decrypted on boot when it is in the right Jetson?