Fellow Raspberry Pi digital signage CEO here :). Surprised you didn’t mention the secure boot support, available since the Pi4, in your talk. While our service doesn’t use it (yet?) it sounds quite solid on paper and allows you to protect the data on disk/SD.
We’re still pretty happy with the Pi and the move to more open source APIs (Mesa/DRM/KMS/FFmpeg) is, now that they are finally in a state they feel usable, really promising. As our main use case is still digital signage, the raw processes power isn’t really that relevant as the expensive part (video decoding) is obviously accelerated and the backwards compatibility that’s possible with the Pi is awesome. We still have customers running Pi1B+ devices continuously for almost 10 years with the latest OS release we provide.
Hello I am just curious what does different digital signage companies offer? From the outside, I can't think of any innovations or differentiation that is possible. Perhaps its all a matter of cutting down cost?
Agree on the adoption of open standards. That’s a step in the right direction. But even with secure boot on the pi, it’s still missing a TPM for other cryptographic operations. We use a lot of Zero Trust stuff on x86 and you can’t do that on the Pi.
The Pi is fine for videos/images (less proper storage), but chokes on a lot of modern web assets.
True, but now I’m curious what kind of cryptographic operation you’re doing that would need to be protected from local root. Because that should be the only case a TPM is helpful (compared to the Pi secure boot option) and in that case the device is compromised anyway and can show anything on the screen and have all local processes taken over.
Agreed on the web stuff. But I’d say the web sucks, not the Pi. :-)
We consider anything that you can extract from the drive by removing it security theater. Root or not doesn’t matter.
You’re right that physical access is game over for content in general. This is more about extracting sensitive data (like credentials/tokens to 3rd party sites).
All backend communication is done using mTLS, where the private key never leaves the TPM (on x86).
Moreover, we’re encrypting all sensitive data we send to the device using the corresponding public key. Thus even if you rip the drive out of the device, you won’t have much luck.
Sounds reasonable, but the secure boot mechanism of the Pi not only allows verifying the boot chain but also enables you to implement disk encryption with keys stored in the the hardware itself that you can then only access from the running OS. Stealing the Pi or just taking out the SD card will not allow access to the non-OS parts. I'm not sure if the secure boot stuff of the Pi has ever been thoroughly verified or exposed to serious attacks, but in theory that's all possible.
We’re still pretty happy with the Pi and the move to more open source APIs (Mesa/DRM/KMS/FFmpeg) is, now that they are finally in a state they feel usable, really promising. As our main use case is still digital signage, the raw processes power isn’t really that relevant as the expensive part (video decoding) is obviously accelerated and the backwards compatibility that’s possible with the Pi is awesome. We still have customers running Pi1B+ devices continuously for almost 10 years with the latest OS release we provide.