As far as I understood it, currently it's impossible to protect code stored on SD Card or in EMMC as you can simply stop the boot process, make us of the debug interface or simply clone the SD Card. So surprisingly the Windows 10 IOT site mentions that TPM is supported by DB410c, but I am unable to find any information about this neither on the qualcom website nor here.
In case TPM is build in can you share a little knowledge how this works? Is the image
encrypted and only readable by the MCU, thus readout protected? Is the entire boot process secured and all EMMC data required is decrypted on the fly between the processor and memory?
Is this feature only supported by W10IOT or debian too?
Thanks in advance