Chrome OS ran into this problem, and solved it by directing writes to an encrypted stateful partition. To reset, you then "simply" securely erase the encryption key, which is much faster than full-disk-overwrites of yore. (There are additional details, like "how do you do updates?")
But in an embedded context, I would speculate that a single unencrypted filesystem is nice for debugging and the like.
Given the anecdotes of "in the early days we had to parallel ssh into individual cars to apply patches", I could imagine this just fell by the wayside in the name of "ship faster".
But in an embedded context, I would speculate that a single unencrypted filesystem is nice for debugging and the like.
Given the anecdotes of "in the early days we had to parallel ssh into individual cars to apply patches", I could imagine this just fell by the wayside in the name of "ship faster".