Hello,
for security and privacy improvement, could you add a LUKS setup in order to encrypt the main SD and the external SD with a user-chosen password? It should be a great feature for advanced privacy oriented users and the drive will be also very easy to mount in a linux machine, almost any linux distro has LUKS support.
Thanks
- What’s the performance overhead of this - reminder, you’re using a CPU that costs $3.
- it’s a handheld gaming console - why does it need encryption? Are you Johnny Mnemonic, trafficking PharmaCon data with the Yakuza after you?
That is true for most full featured Linux distributions. However, we are not running a general purpose distribution here. This is a minimal Buildroot based system and plus we don’t even have kernel level access available.
Without native kernel support, we would have to rely on a userspace implementation of LUKS via FUSE, which introduces unnecessary complexity, overhead, and potential stability concerns. Honestly, the idea of FUSE based LUKS on such a lightweight system is less than ideal.
Also, lets keep the following in mind… this is a budget, handheld gaming device. It is running in single user mode, as root, with no expectation of multi user isolation or hardened security. It is definitely not designed for high trust or privacy critical environments, and I personally wouldn’t recommend treating it as such.
That said… I appreciate the enthusiasm for privacy features, I do. However if you are still curious, feel free to explore what is technically possible and let us know what you find. But as far as this idea goes, unfortunately we won’t be pursuing LUKS integration at this time
Though I understand that may disappoint some privacy-focused users.
3 Likes
I feel like getting userspace off root would take precedence over encryption in terms of security
I agree with arkun, and thanks xonglebongle for your exhaustive answer