Completed
Trusted Platform Modules?
Class Central Classrooms beta
YouTube playlists curated by Class Central.
Classroom Contents
Becoming a Tyrant - Implementing Secure Boot in Embedded Devices
Automatically move to the next video in the Classroom when playback concludes
- 1 Intro
- 2 Becoming a tyrant: Implementing secure boot in embedded devices
- 3 Hi, I'm Irving . I want to talk about secure boot
- 4 Chain of trust mechanism • Verify integrity of next component before executing . Can use hashes or public keys . Can provide some protection against tampering (incl. physical)
- 5 The Tyrant . Whoever controls the keys/hashes, controls everything
- 6 Who is your adversary? . Can be used in a variety of scenarios • Important to determine who has control and who has none
- 7 Hyphothetical scenario 3
- 8 Anything involving financial transactions
- 9 Automotive ECU / Industrial controls • Some devices control heavy and powerful things · Cars, cranes, industrial equipments, steam turbines · Tampering can cause injury, death, and legal liabilities
- 10 But I should be able to modify my devices!
- 11 What about fixing bugs in ECUs?
- 12 Vendor lock-in · Tamperproofing can be used to lock out competitors eg generic spare parts, consumables, self-repair
- 13 What kind of secrets? • User data
- 14 What kind of protection? · Physical attacks
- 15 Why do we need secure boot for this? • Blob / Filesystem/Full disk encryption is not enough
- 16 Trusted Platform Modules?
- 17 TPM pitfalls · Enable parameter encryption
- 18 Encryption with secure boot
- 19 Is it worth it?
- 20 First stage (hardware-specific) · Always vendor-specific, so start with vendor instructions • Get multiple hardware kits - You will need to burn e-fuse and test different signed builds
- 21 Firmware updates . You should use signed images
- 22 Mass manufacturing • Locking software/interfaces can limit manufacturing flexibility
- 23 U-boot verified boot • Secure and flexible boot with U-Boot bootloader by Marek Vasut
- 24 Real-world examples
