Secure storage and the SD card

On JACE-8000, the SD card is the primary storage media for all data and configuration related to the Niagara installation. Since the SD card can be easily removed and the data duplicated, the sensitive data is encrypted when stored on the card. Files are stored in encrypted format, but decoded on the fly as they are accessed.

Sensitive data include the following:

Credentials for accessing a WiFi network
Niagara key material
Private key files
OS account credentials

The system is designed in a way that protects this data, while at the same time allowing you to move an SD card from a unit that suffered a hardware failure to a new unit with minimal effort.

In this scenario, the SD card inserted into the replacement unit contains the system passphrase for the original unit, which does not match the one in the replacement unit. This results in the boot sequence failing due to the passphrase mismatch (indicated by Stat LED flashing with a 50% duty cycle with a 1 second period).

You are then prompted to enter the system passphrase (for the original unit which is stored on the SD card) via serial connection. You must first authenticate with platform credentials, before you can update the system password.

NOTE: Pre-configuring (via serial connection) the replacement JACE-8000 unit with a system passphrase matching the one stored on the SD card (swapped out of the other unit) facilitates commissioning the replacement unit. In this situation, the commissioning process does not prompt for a passphrase since it detects a passphrase match.

Secure storage and the SD card

Related Links