Overview
Syllabus
Intro
Becoming a tyrant: Implementing secure boot in embedded devices
Hi, I'm Irving . I want to talk about secure boot
Chain of trust mechanism • Verify integrity of next component before executing . Can use hashes or public keys . Can provide some protection against tampering (incl. physical)
The Tyrant . Whoever controls the keys/hashes, controls everything
Who is your adversary? . Can be used in a variety of scenarios • Important to determine who has control and who has none
Hyphothetical scenario 3
Anything involving financial transactions
Automotive ECU / Industrial controls • Some devices control heavy and powerful things · Cars, cranes, industrial equipments, steam turbines · Tampering can cause injury, death, and legal liabilities
But I should be able to modify my devices!
What about fixing bugs in ECUs?
Vendor lock-in · Tamperproofing can be used to lock out competitors eg generic spare parts, consumables, self-repair
What kind of secrets? • User data
What kind of protection? · Physical attacks
Why do we need secure boot for this? • Blob / Filesystem/Full disk encryption is not enough
Trusted Platform Modules?
TPM pitfalls · Enable parameter encryption
Encryption with secure boot
Is it worth it?
First stage (hardware-specific) · Always vendor-specific, so start with vendor instructions • Get multiple hardware kits - You will need to burn e-fuse and test different signed builds
Firmware updates . You should use signed images
Mass manufacturing • Locking software/interfaces can limit manufacturing flexibility
U-boot verified boot • Secure and flexible boot with U-Boot bootloader by Marek Vasut
Real-world examples
Taught by
linux.conf.au