I want to protect software on a BeagleBone Black from corruption and snooping. Once Android OS and app are loaded, can I disable all boot methods other than on-board flash? Can I also disable all of the external methods to read the memory, such as JTAG? Is this just a matter of removing OS services?
I don't know for sure, but it would be worth checking AM335x technical reference manual. There is some reference to disabling JTAG there, clearing a register bit that may be able to hold the JTAG in reset internally:
Also, there are 'high security' versions apparently, but you may need to contact TI directly for more info.