jason-2911

jason-2911 / bonearmor

Public

Hardened BeagleBone Black: U-Boot verified boot, LUKS2, dm-verity, A/B OTA, SELinux enforcing — full build system from source to signed SD image

20
3
100% credibility
Found Apr 06, 2026 at 20 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Shell
AI Summary

Scripts and files to build a highly secure SD card image for BeagleBone Black devices, featuring boot verification, full encryption, file integrity checks, and seamless over-the-air updates.

How It Works

1
🔍 Discover secure setup for tiny computer

You hear about a simple recipe to make your BeagleBone Black small computer extra safe from tampering and ready for safe updates.

2
🛠️ Prepare your main computer

Install a few everyday tools on your regular computer so it can create the safe image.

3
📦 Gather the basic pieces

Download the ready-made operating system base and other safe parts to your folder.

4
🔒 Create your private locks

Make special secret codes that keep everything protected during setup.

5
⚙️ Bake the secure startup card

Run one easy command to mix all pieces into a fully protected memory card image that checks itself and stays safe.

6
💾 Copy to memory card

Transfer the new safe image to your SD card with a quick copy.

7
🔌 Plug in and start up

Insert the card into your BeagleBone Black and power it on to see it boot securely.

Enjoy your tamper-proof device

Your small computer now runs locked down, verifies everything is unchanged, stores data safely, and updates without risk.

Sign up to see the full architecture

6 more

Sign Up Free

Star Growth

See how this repo grew from 20 to 20 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is bonearmor?

Bonearmor is a Shell-script build system that spits out production-ready SD card images for BeagleBone Black, stacking U-Boot verified boot, LUKS2 encryption, dm-verity rootfs integrity, A/B OTA updates, and SELinux enforcing mode. It solves the pain of manually hardening embedded Linux from bootloader to userspace, delivering a tamper-resistant image you can flash and deploy. Run one command after setup, and you get a full boot chain with signed FIT images and encrypted persistent data.

Why is it gaining traction?

It stands out by building the entire hardened Linux stack from source – think github hardened images with linux hardened github rigor, but for BeagleBone Black. Atomic A/B updates with automatic rollback, kernel netsafe outbound firewall, and overlayfs writables on dm-verity rootfs mean zero-downtime security without custom hacks. Devs dig the deterministic builds and ota_apply CLI for seamless field updates.

Who should use this?

Embedded devs shipping BeagleBone Black in IoT gateways, industrial controllers, or sensors where boot integrity and OTA matter. Perfect for teams needing full hardened boot chains like bone armor against physical attacks or supply chain tampering. Avoid if you're on other ARM boards or just tinkering – it's laser-focused on BBB production firmware.

Verdict

Grab it if BeagleBone Black security is your jam; the thorough README and single-script flow make it usable despite 20 stars and 1.0% credibility score. Maturity shows in features, but low adoption means audit patches and test OTAs yourself before prime time.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.