The Industrial Raspberry Pi Forum

I hope you’re doing well. I’m currently deploying a Revolution Pi in an industrial environment and want to ensure its cybersecurity is rock-solid. Could you please share your best practices and recommendations for the following areas?

- Do you advise enabling secure boot, disk encryption, SELinux/AppArmor, etc.?
- What’s the best way to physically or logically disable the micro-USB port to prevent unauthorized access to the eMMC storage?
- Do you offer port-locking accessories or firmware settings that can lock down USB mass-storage interfaces?
- Other layers you consider indispensable?

Thank you in advance for your guidance. Your insights will help me build a robust, secure installation.

Hi cerberus78,

thanks for your questions.

Since the operating system on RevPi Devices based on RaspberryPi OS respectively Debian it may be more straight forword to activate AppArmor instead of SELinux. We provide no support for it at the moment. For reference please have a look at the Debian Wiki.

Using Disk Encryption depends on your use case. You should note that the BCM2711 SoC used in RevPi Connect4 has no AES accelerator. You should evaluate full disc encryption carefully with regard to its performance impact. The new RevPi 5 Family might be a better option here.

Regarding the physical USB Ports we provide no locks or something alike. Since the security and trustworthiness of your data is generally not granted if someone can access the RevPi and it's IOs we recommend to place the complete setup it a lockable cabinet or something alike. In fact the front USB Port is nessesary to flash the RevPi and to configure SecureBoot if you like. There is no firmware option to disable it completely.

Regarding Secureboot we don't support it at the moment. But the hardware is ready to be configured. Please have a look at the Raspberry Pi Manuals for more information.

Best Regards,

Tommy Lehmann