Explore the implementation of secure boot in embedded devices in this 42-minute conference talk from linux.conf.au. Delve into the mechanisms involved in secure boot, examining reasons why it might be desirable for manufacturers, customers, and the public. Gain insights into the speaker's experiences implementing secure boot, including challenges and considerations. Learn about the chain of trust mechanism, adversary scenarios, and applications in automotive ECUs and industrial controls. Discuss the balance between device security and user freedom to modify. Examine encryption methods, Trusted Platform Modules, and firmware update considerations. Discover practical tips for implementing secure boot in manufacturing and using U-boot verified boot. Gain a comprehensive understanding of secure boot's implications for embedded systems through real-world examples and expert insights.
Overview
Syllabus
Intro
Becoming a tyrant: Implementing secure boot in embedded devices
Hi, I'm Irving . I want to talk about secure boot
Chain of trust mechanism • Verify integrity of next component before executing . Can use hashes or public keys . Can provide some protection against tampering (incl. physical)
The Tyrant . Whoever controls the keys/hashes, controls everything
Who is your adversary? . Can be used in a variety of scenarios • Important to determine who has control and who has none
Hyphothetical scenario 3
Anything involving financial transactions
Automotive ECU / Industrial controls • Some devices control heavy and powerful things · Cars, cranes, industrial equipments, steam turbines · Tampering can cause injury, death, and legal liabilities
But I should be able to modify my devices!
What about fixing bugs in ECUs?
Vendor lock-in · Tamperproofing can be used to lock out competitors eg generic spare parts, consumables, self-repair
What kind of secrets? • User data
What kind of protection? · Physical attacks
Why do we need secure boot for this? • Blob / Filesystem/Full disk encryption is not enough
Trusted Platform Modules?
TPM pitfalls · Enable parameter encryption
Encryption with secure boot
Is it worth it?
First stage (hardware-specific) · Always vendor-specific, so start with vendor instructions • Get multiple hardware kits - You will need to burn e-fuse and test different signed builds
Firmware updates . You should use signed images
Mass manufacturing • Locking software/interfaces can limit manufacturing flexibility
U-boot verified boot • Secure and flexible boot with U-Boot bootloader by Marek Vasut
Real-world examples
Taught by
linux.conf.au
