01-29-2024 11:02 AM - edited 01-29-2024 11:17 AM
I want to Bitlocker a cRIO's hard drive using the onboard TPM 2.0 chip provided in a PXIe. I need this device to collect information and run as real-time target using the WES OS provided. Which application does Windows Embedded Standard (WES) Operating System (OS) use for running real-time targets? Can this be done to where when the controller is deployed, the real-time target receives information within the WES OS?
I see that Labview cRIO offers the WES and Ni LinuxRT embedded OS'. I am confused as to whether the LinuxRT only runs real-time and the WES only runs as run-time or can the WES run as Real-time with bitlocker and provided TPM?
Can someone please explain to me better?
Thank you! 🙂
02-05-2024 10:02 AM
Based on my research, Linux is capable of utilizing the TPM 2.0 technology with LUKS partitions. Can this be done with the NI Linux Real-Time (RT) OS, if placed on a TPM 2.0 PXIe board? If so, how do we do that to ensure better security?
References:
1. "Unlock Linux Unified Key Setup (LUKS) encrypted partitions with TPM 2.0", https://4sysops.com/archives/unlock-linux-unified-key-setup-luks-encrypted-partitions-with-tpm-20/#r...
2. Dislocker Fuse, https://github.com/Aorimn/dislocker/blob/master/man/darwin/dislocker-fuse.1
3. TPM2 Tools, https://tpm2-tools.readthedocs.io/en/latest/
4. "Accessing Bitlocker-Encrypted Device in Linux", https://www.baeldung.com/linux/bitlocker-encrypted-device
5. "Right way to use the TPM for full disk encryption", https://security.stackexchange.com/questions/124338/right-way-to-use-the-tpm-for-full-disk-encryptio...
02-05-2024 10:13 AM
LUKS seems indeed the way to go on Linux. But it is not a 'so easy' process.
Also, be careful ! LinuxRT, as the stated in the name, is a real-time OS.
Whatever you do to encrypt what resides on the disk might decrease the OS performances, and you might end up with a system that may not meet your RT demands anymore.
To be tested ! Let us know ! 🙂
02-05-2024 10:41 AM - edited 02-05-2024 10:47 AM
Based on the research I have read in many other's comments within forums and articles, they have stated they did not see a decline or loss of processing. It was very minimal. However, the trick is can I do this and utilize the TPM 2.0 on a PXIe board for better security?
Can I purchase the PXIe board with a NI LinuxRT on it, rather than WES OS?
I do not want to deal with flashing the drive.
02-05-2024 10:45 AM
The OS run on a controller (just to clarify it is not a board).
Controller can be bought with LinuxRT preinstalled.
Otherwise flashing an existant system is made pretty easy with MAX
Again, ensure that you perform extensive tests after encryption to ensure your system still runs correctly (in a timely manner).
02-05-2024 10:49 AM
Where does the TPM 2.0 lay?
02-05-2024 11:42 AM
I don't know if there is one, I tought you were saying there is one for sure ! Sorry for the confusion.
I guess if there is one, it is associated to the controller.
I guess you are better suited to open a support request to have the exact information !