Overview
Explore the intricacies of secure bootloaders and software update support in the Civil Infrastructure Platform (CIP) through this informative conference talk. Delve into the collaborative efforts of CIP's Security, Core, and Kernel workgroups to implement secure bootloaders and software updates. Gain insights into CIP's progress in meeting IEC-62443 security requirements, including the identification of necessary Debian packages and the creation of an IEC security layer. Learn about the importance of secure boot, its key components, and the dual copy mechanism for software updates. Discover the challenges and benefits of open-source solutions in industrial software development, and understand the threat model considerations for CIP implementations. Acquire valuable knowledge about CIP's overall Open Source Base Layer (OSBL) and its potential applications in long-lifespan industrial software.
Syllabus
Intro
About CIP
What is CIP
Hardware Support
Work Groups
Secure Boot and Software Update
Secure Software Update
What is Secure Boot
Why Secure Boot is important
Secure Boot
Secure Boot Keys
Snake Coil Keys
Uboot
Unified Kernel
Root FS
Software Updates
Dual Copy Mechanism
Signed Software Updates
Updates from IEC Perspective
CIP Security Work Group
IEC Layer
Gap Assessment
Open Source Challenges
Benefits
Reference Hardware
OSS Japan
Threat Model
Taught by
Linux Foundation