Using a Cherry SECURE BOARD
Overview
Cherry SECURE BOARD 1.0 provides a secure keyboard input mode which safeguards against hardware keylogging and "Bad USB" attacks.
The following security features are available when an IGEL OS 11 device is connected to a Cherry SECURE BOARD 1.0 in secure mode:
- Your IGEL OS 11 devices will accept keyboard input only from a personalized Cherry SECURE BOARD with secure mode enabled.
- The keyboard traffic between the keyboard and the endpoint is transmitted over a TLS 1.3 encrypted connection.
- Optionally, the keyboard can be configured so that it will only accept endpoints that have the right certificates.
For further details on the Cherry SECURE BOARD, see https://www.cherry-world.com/cherry-secure-board-1-0.html.
Prerequisites
- Devices with IGEL OS 11.03 or higher
- UMS 6.01 or higher
Getting the Cherry SECURE BOARD to Work in Secure Mode
To set up a number of Cherry SECURE BOARD keyboards, you must first configure one endpoint that will be used for personalizing the keyboards. The personalization process implies deploying the appropriate certificates to every Cherry SECURE BOARD keyboard that will be used in secure mode.
In addition, the endpoints that are to be connected to the Cherry SECURE BOARD keyboards must be provisioned with the appropriate certificates.
To set up and use Cherry SECURE BOARD keyboards, perform the following steps:
- Getting the Certificates
- Setting Up the Personalization Machine
- Personalizing the Cherry SECURE BOARD
- Setting Up the Endpoints
If you want to put a Cherry SECURE BOARD keyboard into its original state, see Resetting the Cherry SECURE BOARD to Its Original State.