Expect a IoT Device with user exposed USB-Port and CM4 with eMMC and Secure Boot enabled in EEPROM.
Is it a wise decision to set BOOT_ORDER=0xf14? (USB-Stick, then eMMC)
My idea behind this decision is that the system is capable to boot a recovery system (signed!) from a USB-Stick if there is ever the case of a catastrophic problem in the eMMC preventing proper boot. (Thus providing a kind of recovery experience for service personal)
Does this provide any downside or security risks? Maybe with partition walk or similar mechanisms?
Is it a wise decision to set BOOT_ORDER=0xf14? (USB-Stick, then eMMC)
My idea behind this decision is that the system is capable to boot a recovery system (signed!) from a USB-Stick if there is ever the case of a catastrophic problem in the eMMC preventing proper boot. (Thus providing a kind of recovery experience for service personal)
Does this provide any downside or security risks? Maybe with partition walk or similar mechanisms?
Statistics: Posted by batwing — Thu Nov 20, 2025 1:24 pm