File-system encryption keys must always be device specific.Question is if it is per-device secrets that need to be protected, or software/IP.The above are possible but time consuming and possibly expensive to do on a per device basis, and are mitigated by not having shared secrets across a fleet of devices.
Regarding time consuming. Commercial software to find the LUKS password in a memory dump is readily available to anyone that can afford it.
Secure-boot is explicitly not a copy protection mechanism.
Statistics: Posted by timg236 — Wed Jul 24, 2024 3:37 pm