Thank you Peter! I've taken a quick look, will need to check how it applies to the Edison (especially where we would need to put our public key - the root of trust).
However, I think what we're looking for is a way to make sure keys cannot be _extracted_ from the board. We don't want to prevent the users from reflashing the board with their own firmware, we just want to make sure they can't extract the one we flash (that contains our keys).
Is there any way for users to extract the current firmware (without booting it up)? JTAG maybe or access to the console?
Thanks,
Razvan