SlideShare a Scribd company logo

Measured boot for embedded devices

D
Dmitry Baryshkov

This document discusses using measured boot techniques to authenticate code on embedded devices. It describes how measured boot works by securely calculating a log of all boot components. While traditionally used on x86 platforms, these techniques can also be applied to embedded devices. The document outlines how to modify a bootloader to extend measurements to platform configuration registers and how to measure files within Linux using the Integrity Measurement Architecture (IMA) and Extended Verification Module (EVM). It also discusses how the measured state can be used for local attestation by sealing keys and for remote attestation by signing the measurements log. Finally, it provides recommendations for deploying these techniques on embedded devices using bootloader patches and build system layers.

1 of 15
Download to read offline
Dmitry Eremin-Solenikov Ivan Nikolaenko Measured Boot for embedded devices Open Source Software Engineer DI SW December, 2019
Restricted © 2019 Mentor Graphics Corporation Approaching authentic execution environment  Usually device manufacturer would like to be sure that deployed device executes authentic code: — Because it might be a medical device, — Or a safety-critcal device — Or just to insure generic platform integrity  We need to authenticate image contents! D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,2
Restricted © 2019 Mentor Graphics Corporation Traditional approaches  No authentication at all. – Oops  Verify image signature before flashing it. – Any intruder can still modify image contents after flashing  Or just verify whole image each boot. – So slooow.  We have to authenticate image contents in runtime! D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,3
Restricted © 2019 Mentor Graphics Corporation Measured boot  Measured boot is a technique of securely calculating a log of all boot components  Measured boot is typically thought as related to x86 platform only  However nothing stops us from employing the same technique for embedded devices  TPM chip is a hardware component that assists Measured Boot process D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,4
Restricted © 2019 Mentor Graphics Corporation Measured Boot for embedded devices D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,5 Boot time  Digest all boot components  Optionally use calculated boot state to unencrypt next stage Runtime  Digest selected set of files as they are accessed – E.g. digest all root-owned executable files – Or digest all root-owned files – Or anything you can come up with  Use digested information to unlock encryption keys  Use digested information to remotely verify device state
Restricted © 2019 Mentor Graphics Corporation Measuring boot components  TPM provides at least 24 PCRs (platform configuration register) to store boot log information  These registers are reset only at board reset time  The only way to change them is to Extend: – PCR[i] = Hash ( PCR[i] || ExtendArgument )  The code to access TPM is less than 500 lines of code  Modify your bootloader to Extend PCRs with the digests of next boot image D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,6
Restricted © 2019 Mentor Graphics Corporation Measuring inside Linux  Linux provides IMA (Integrity Measurement Architecture) and EVM (Extended Verification Module) subsystems  IMA maintains a runtime list of files measurements – Policy controlled – Can be anchored in TPM to provide aggregate integrity value  Steps to enable: – Enable in kernel – Mount filesystems with iversions option – Provide a signed policy – Load a policy at boot time D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,7
Restricted © 2019 Mentor Graphics Corporation Measuring inside Linux: protecting from tampering  Linux EVM subsystem protects against filsystem tampering  It can use either HMAC or digital signature to verify security attributes: – security.ima (IMA's stored “good” hash for the file) – security.selinux (the selinux label/context on the file) – security.SMACK64 (Smack's label on the file) – security.capability (Capability's label on executables)  Steps to enable: – Enable in kernel – Load certificate or HMAC key – Enable in securityfs D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,8
Restricted © 2019 Mentor Graphics Corporation Using measured state: local attestation  Use aggregated state to seal next state keys – Seal EVM HMAC key with bootloader data ● Attacker can not get HMAC key by tampering with bootloaders – Seal rootfs encryption key with bootloader and kernel data ● One can not access rootfs if any of boot components are changed! Your Initials, Presentation Title, Month Year9
Restricted © 2019 Mentor Graphics Corporation Using measured state: remote attestation  Remote attestation is a method by which a host authenticates it's hardware and software configuration to a remote host (server)  Use TPM capability to cryptographically sign measurements log and provide such log to remote server Your Initials, Presentation Title, Month Year10
Restricted © 2019 Mentor Graphics Corporation Deploying in embedded device  Patch your bootloader  Using MEL/Yocto/OE use one of 3 layers: – meta-secure-core (complex solution) – meta-measured (a bit outdated) – meta-security (optimal after receiving all our patches)  Use initramfs to load IMA policy and EVM certificate Your Initials, Presentation Title, Month Year11
Restricted © 2019 Mentor Graphics Corporation Deploying in embedded device #2  Choose a solution for remote attestation – OpenAttestation is an SDK for developing custom complex solutions – We recommend using strongSwan’s TNC (trusted network connect) capability to maintain a DB of devices – We ourselves ended up with a set of scripts to provisioning keys, gathering data and verifying the log Your Initials, Presentation Title, Month Year12
Restricted © 2019 Mentor Graphics Corporation What can we do without TPM TPM chips are cheap, but what if hardware is already finalized? Enable IMA/EVM! – Verifying all executable files to be signed by you – EPERM for all other binaries Your Initials, Presentation Title, Month Year13
Restricted © 2019 Mentor Graphics Corporation QUESTIONS?
Restricted © 2019 Mentor Graphics Corporation www.mentor.com
Ad

Recommended

Interrupts
InterruptsInterrupts
Interrupts
Anil Kumar Pugalia
 
Unit II - 3 - Operating System - Process Synchronization
Unit II - 3 - Operating System - Process SynchronizationUnit II - 3 - Operating System - Process Synchronization
Unit II - 3 - Operating System - Process Synchronization
cscarcas
 
Install ubuntu
Install ubuntuInstall ubuntu
Install ubuntu
pramoddps
 
Latest Trends in Mobile App Development
Latest Trends in Mobile App DevelopmentLatest Trends in Mobile App Development
Latest Trends in Mobile App Development
Dipesh Mukerji
 
multimedia technologies Introduction
multimedia technologies Introductionmultimedia technologies Introduction
multimedia technologies Introduction
Mohammed Fareed
 
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARMXPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
XPDS16: Porting Xen on ARM to a new SOC - Julien Grall, ARM
The Linux Foundation
 
Booting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot imagesBooting Android: bootloaders, fastboot and boot images
Booting Android: bootloaders, fastboot and boot images
Chris Simmonds
 
Hands on OpenCL
Hands on OpenCLHands on OpenCL
Hands on OpenCL
Vladimir Starostenkov
 
Android Multimedia Support
Android Multimedia SupportAndroid Multimedia Support
Android Multimedia Support
Jussi Pohjolainen
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for Embedded
Stefano Stabellini
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
David J Rosenthal
 
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
ICS
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Mobile operating system ppt
Mobile operating system pptMobile operating system ppt
Mobile operating system ppt
Santosh Kumar
 
How ubuntu works???
How ubuntu works???How ubuntu works???
How ubuntu works???
Nirma University
 
Android Memory Management
Android Memory ManagementAndroid Memory Management
Android Memory Management
Sadmankabirsoumik
 
Xvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorXvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisor
National Cheng Kung University
 
Android Operating System Architecture
Android Operating System ArchitectureAndroid Operating System Architecture
Android Operating System Architecture
DINESH KUMAR ARIVARASAN
 
Memory virtualization
Memory virtualizationMemory virtualization
Memory virtualization
Piyush Rochwani
 
5. IO virtualization
5. IO virtualization5. IO virtualization
5. IO virtualization
Hwanju Kim
 
introduction to blender
introduction to blenderintroduction to blender
introduction to blender
anand09
 
Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems
Haitham Ahmed
 
Chapter 12 - Mass Storage Systems
Chapter 12 - Mass Storage SystemsChapter 12 - Mass Storage Systems
Chapter 12 - Mass Storage Systems
Wayne Jones Jnr
 
Monitors
MonitorsMonitors
Monitors
Mohd Arif
 
Xen Hypervisor
Xen HypervisorXen Hypervisor
Xen Hypervisor
Susheel Thakur
 
ADB(Android Debug Bridge): How it works?
ADB(Android Debug Bridge): How it works?ADB(Android Debug Bridge): How it works?
ADB(Android Debug Bridge): How it works?
Tetsuyuki Kobayashi
 
Windows file system
Windows file systemWindows file system
Windows file system
sumitjain2013
 
XPDDS17: Bring up PCI Passthrough on ARM - Julien Grall, ARM
XPDDS17: Bring up PCI Passthrough on ARM - Julien Grall, ARMXPDDS17: Bring up PCI Passthrough on ARM - Julien Grall, ARM
XPDDS17: Bring up PCI Passthrough on ARM - Julien Grall, ARM
The Linux Foundation
 
Bootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-releaseBootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-release
Eric Koeppen
 
IPLOOK MME PRODUCT INFORMATION
IPLOOK MME PRODUCT INFORMATIONIPLOOK MME PRODUCT INFORMATION
IPLOOK MME PRODUCT INFORMATION
IPLOOK Networks
 
Ad

More Related Content

What's hot (20)

Android Multimedia Support
Android Multimedia SupportAndroid Multimedia Support
Android Multimedia Support
Jussi Pohjolainen
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for Embedded
Stefano Stabellini
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
David J Rosenthal
 
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
ICS
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Mobile operating system ppt
Mobile operating system pptMobile operating system ppt
Mobile operating system ppt
Santosh Kumar
 
How ubuntu works???
How ubuntu works???How ubuntu works???
How ubuntu works???
Nirma University
 
Android Memory Management
Android Memory ManagementAndroid Memory Management
Android Memory Management
Sadmankabirsoumik
 
Xvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorXvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisor
National Cheng Kung University
 
Android Operating System Architecture
Android Operating System ArchitectureAndroid Operating System Architecture
Android Operating System Architecture
DINESH KUMAR ARIVARASAN
 
Memory virtualization
Memory virtualizationMemory virtualization
Memory virtualization
Piyush Rochwani
 
5. IO virtualization
5. IO virtualization5. IO virtualization
5. IO virtualization
Hwanju Kim
 
introduction to blender
introduction to blenderintroduction to blender
introduction to blender
anand09
 
Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems
Haitham Ahmed
 
Chapter 12 - Mass Storage Systems
Chapter 12 - Mass Storage SystemsChapter 12 - Mass Storage Systems
Chapter 12 - Mass Storage Systems
Wayne Jones Jnr
 
Monitors
MonitorsMonitors
Monitors
Mohd Arif
 
Xen Hypervisor
Xen HypervisorXen Hypervisor
Xen Hypervisor
Susheel Thakur
 
ADB(Android Debug Bridge): How it works?
ADB(Android Debug Bridge): How it works?ADB(Android Debug Bridge): How it works?
ADB(Android Debug Bridge): How it works?
Tetsuyuki Kobayashi
 
Windows file system
Windows file systemWindows file system
Windows file system
sumitjain2013
 
XPDDS17: Bring up PCI Passthrough on ARM - Julien Grall, ARM
XPDDS17: Bring up PCI Passthrough on ARM - Julien Grall, ARMXPDDS17: Bring up PCI Passthrough on ARM - Julien Grall, ARM
XPDDS17: Bring up PCI Passthrough on ARM - Julien Grall, ARM
The Linux Foundation
 
Android Multimedia Support
Android Multimedia SupportAndroid Multimedia Support
Android Multimedia Support
Jussi Pohjolainen
 
ELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for EmbeddedELC21: VM-to-VM Communication Mechanisms for Embedded
ELC21: VM-to-VM Communication Mechanisms for Embedded
Stefano Stabellini
 
Windows 11 for the Enterprise
Windows 11 for the EnterpriseWindows 11 for the Enterprise
Windows 11 for the Enterprise
David J Rosenthal
 
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
Software Update Mechanisms: Selecting the Best Solutin for Your Embedded Linu...
ICS
 
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Secure Boot on ARM systems – Building a complete Chain of Trust upon existing...
Linaro
 
Mobile operating system ppt
Mobile operating system pptMobile operating system ppt
Mobile operating system ppt
Santosh Kumar
 
How ubuntu works???
How ubuntu works???How ubuntu works???
How ubuntu works???
Nirma University
 
Android Memory Management
Android Memory ManagementAndroid Memory Management
Android Memory Management
Sadmankabirsoumik
 
Xvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisorXvisor: embedded and lightweight hypervisor
Xvisor: embedded and lightweight hypervisor
National Cheng Kung University
 
Android Operating System Architecture
Android Operating System ArchitectureAndroid Operating System Architecture
Android Operating System Architecture
DINESH KUMAR ARIVARASAN
 
Memory virtualization
Memory virtualizationMemory virtualization
Memory virtualization
Piyush Rochwani
 
5. IO virtualization
5. IO virtualization5. IO virtualization
5. IO virtualization
Hwanju Kim
 
introduction to blender
introduction to blenderintroduction to blender
introduction to blender
anand09
 
Security in distributed systems
Security in distributed systems Security in distributed systems
Security in distributed systems
Haitham Ahmed
 
Chapter 12 - Mass Storage Systems
Chapter 12 - Mass Storage SystemsChapter 12 - Mass Storage Systems
Chapter 12 - Mass Storage Systems
Wayne Jones Jnr
 
Monitors
MonitorsMonitors
Monitors
Mohd Arif
 
Xen Hypervisor
Xen HypervisorXen Hypervisor
Xen Hypervisor
Susheel Thakur
 
ADB(Android Debug Bridge): How it works?
ADB(Android Debug Bridge): How it works?ADB(Android Debug Bridge): How it works?
ADB(Android Debug Bridge): How it works?
Tetsuyuki Kobayashi
 
Windows file system
Windows file systemWindows file system
Windows file system
sumitjain2013
 
XPDDS17: Bring up PCI Passthrough on ARM - Julien Grall, ARM
XPDDS17: Bring up PCI Passthrough on ARM - Julien Grall, ARMXPDDS17: Bring up PCI Passthrough on ARM - Julien Grall, ARM
XPDDS17: Bring up PCI Passthrough on ARM - Julien Grall, ARM
The Linux Foundation
 

Similar to Measured boot for embedded devices (20)

Bootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-releaseBootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-release
Eric Koeppen
 
IPLOOK MME PRODUCT INFORMATION
IPLOOK MME PRODUCT INFORMATIONIPLOOK MME PRODUCT INFORMATION
IPLOOK MME PRODUCT INFORMATION
IPLOOK Networks
 
Android Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOXAndroid Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOX
Samsung Biz Mobile
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
RISC-V International
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
Linaro
 
IPLOOK SMS product information
IPLOOK SMS product information IPLOOK SMS product information
IPLOOK SMS product information
IPLOOK Networks
 
Comguard expanding-portfolio
Comguard expanding-portfolioComguard expanding-portfolio
Comguard expanding-portfolio
xband
 
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET Journal
 
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti
 
ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...
ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...
ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...
Dieter Rudolf
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overview
Sajid Marwat
 
Introduction to Trusted Computing
Introduction to Trusted ComputingIntroduction to Trusted Computing
Introduction to Trusted Computing
Maksim Djackov
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Qualcomm Developer Network
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
Amy McMullin
 
DYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGESDYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGES
ijsptm
 
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Synopsys Software Integrity Group
 
9781305094352pptch04-16Security concerns of different types of devices0405184...
9781305094352pptch04-16Security concerns of different types of devices0405184...9781305094352pptch04-16Security concerns of different types of devices0405184...
9781305094352pptch04-16Security concerns of different types of devices0405184...
haymanottaddess2015m
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
bora.gungoren
 
Managing securityforautomotivesoc
Managing securityforautomotivesocManaging securityforautomotivesoc
Managing securityforautomotivesoc
Pankaj Singh
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
ITExamAnswers.net
 
Bootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-releaseBootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-release
Eric Koeppen
 
IPLOOK MME PRODUCT INFORMATION
IPLOOK MME PRODUCT INFORMATIONIPLOOK MME PRODUCT INFORMATION
IPLOOK MME PRODUCT INFORMATION
IPLOOK Networks
 
Android Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOXAndroid Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOX
Samsung Biz Mobile
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
RISC-V International
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
Linaro
 
IPLOOK SMS product information
IPLOOK SMS product information IPLOOK SMS product information
IPLOOK SMS product information
IPLOOK Networks
 
Comguard expanding-portfolio
Comguard expanding-portfolioComguard expanding-portfolio
Comguard expanding-portfolio
xband
 
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET Journal
 
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti
 
ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...
ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...
ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...
Dieter Rudolf
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overview
Sajid Marwat
 
Introduction to Trusted Computing
Introduction to Trusted ComputingIntroduction to Trusted Computing
Introduction to Trusted Computing
Maksim Djackov
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Qualcomm Developer Network
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
Amy McMullin
 
DYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGESDYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGES
ijsptm
 
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Synopsys Software Integrity Group
 
9781305094352pptch04-16Security concerns of different types of devices0405184...
9781305094352pptch04-16Security concerns of different types of devices0405184...9781305094352pptch04-16Security concerns of different types of devices0405184...
9781305094352pptch04-16Security concerns of different types of devices0405184...
haymanottaddess2015m
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
bora.gungoren
 
Managing securityforautomotivesoc
Managing securityforautomotivesocManaging securityforautomotivesoc
Managing securityforautomotivesoc
Pankaj Singh
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
ITExamAnswers.net
 
Ad

Recently uploaded (18)

stackconf 2025 | Building high-performance apps & controlling costs with CNCF...
stackconf 2025 | Building high-performance apps & controlling costs with CNCF...stackconf 2025 | Building high-performance apps & controlling costs with CNCF...
stackconf 2025 | Building high-performance apps & controlling costs with CNCF...
NETWAYS
 
NL-based Software Engineering (NLBSE) '25
NL-based Software Engineering (NLBSE) '25NL-based Software Engineering (NLBSE) '25
NL-based Software Engineering (NLBSE) '25
Sebastiano Panichella
 
All_India_Situation_Presentation. by Dr Jesmina Khatun
All_India_Situation_Presentation. by Dr Jesmina KhatunAll_India_Situation_Presentation. by Dr Jesmina Khatun
All_India_Situation_Presentation. by Dr Jesmina Khatun
DRJESMINAKHATUN
 
stackconf 2025 | Building a Hyperconverged Proxmox VE Cluster with Ceph by Jo...
stackconf 2025 | Building a Hyperconverged Proxmox VE Cluster with Ceph by Jo...stackconf 2025 | Building a Hyperconverged Proxmox VE Cluster with Ceph by Jo...
stackconf 2025 | Building a Hyperconverged Proxmox VE Cluster with Ceph by Jo...
NETWAYS
 
We Are The World-USA for Africa : Written By Lionel Richie And Michael Jackso...
We Are The World-USA for Africa : Written By Lionel Richie And Michael Jackso...We Are The World-USA for Africa : Written By Lionel Richie And Michael Jackso...
We Are The World-USA for Africa : Written By Lionel Richie And Michael Jackso...
hershtara1
 
Modernization of Parliaments: The Way Forward
Modernization of Parliaments: The Way ForwardModernization of Parliaments: The Way Forward
Modernization of Parliaments: The Way Forward
Dr. Fotios Fitsilis
 
stackconf 2025 | Operator All the (stateful) Things by Jannik Clausen.pdf
stackconf 2025 | Operator All the (stateful) Things by Jannik Clausen.pdfstackconf 2025 | Operator All the (stateful) Things by Jannik Clausen.pdf
stackconf 2025 | Operator All the (stateful) Things by Jannik Clausen.pdf
NETWAYS
 
ICST/SBFT Tool Competition 2025 - UAV Testing Track
ICST/SBFT Tool Competition 2025 - UAV Testing TrackICST/SBFT Tool Competition 2025 - UAV Testing Track
ICST/SBFT Tool Competition 2025 - UAV Testing Track
Sebastiano Panichella
 
A Brief Introduction About John Smith
A Brief Introduction About John SmithA Brief Introduction About John Smith
A Brief Introduction About John Smith
John Smith
 
Mastering Public Speaking: Key Skills for Confident Communication
Mastering Public Speaking: Key Skills for Confident CommunicationMastering Public Speaking: Key Skills for Confident Communication
Mastering Public Speaking: Key Skills for Confident Communication
karthikeyans20012004
 
stackconf 2025 | 2025: I Don’t Know K8S and at This Point, I’m Too Afraid To ...
stackconf 2025 | 2025: I Don’t Know K8S and at This Point, I’m Too Afraid To ...stackconf 2025 | 2025: I Don’t Know K8S and at This Point, I’m Too Afraid To ...
stackconf 2025 | 2025: I Don’t Know K8S and at This Point, I’m Too Afraid To ...
NETWAYS
 
criminal law kajsgdasn cakjsbciaYSVC aschaios
criminal law kajsgdasn cakjsbciaYSVC aschaioscriminal law kajsgdasn cakjsbciaYSVC aschaios
criminal law kajsgdasn cakjsbciaYSVC aschaios
eleazaranghel023
 
Hurricane Milton powerpoint Andrea Giuliano Nacuzi.pdf
Hurricane Milton powerpoint Andrea Giuliano Nacuzi.pdfHurricane Milton powerpoint Andrea Giuliano Nacuzi.pdf
Hurricane Milton powerpoint Andrea Giuliano Nacuzi.pdf
wolfryx99
 
Guiding the Behavior of Young Children.ppt
Guiding the Behavior of Young Children.pptGuiding the Behavior of Young Children.ppt
Guiding the Behavior of Young Children.ppt
FelixOlalekanBabalol
 
Cross-Cultural-Communication-and-Adaptation.pdf
Cross-Cultural-Communication-and-Adaptation.pdfCross-Cultural-Communication-and-Adaptation.pdf
Cross-Cultural-Communication-and-Adaptation.pdf
rash64487
 
Navigating the Digital Asset Landscape-From Blockchain Foundations to Future ...
Navigating the Digital Asset Landscape-From Blockchain Foundations to Future ...Navigating the Digital Asset Landscape-From Blockchain Foundations to Future ...
Navigating the Digital Asset Landscape-From Blockchain Foundations to Future ...
BobPesakovic
 
The Mettle of Honor 05.11.2025.pptx
The Mettle of Honor 05.11.2025.pptxThe Mettle of Honor 05.11.2025.pptx
The Mettle of Honor 05.11.2025.pptx
FamilyWorshipCenterD
 
The history of Human Rights powerpoint Andrea Giuliano Nacuzi.pdf
The history of Human Rights powerpoint Andrea Giuliano Nacuzi.pdfThe history of Human Rights powerpoint Andrea Giuliano Nacuzi.pdf
The history of Human Rights powerpoint Andrea Giuliano Nacuzi.pdf
wolfryx99
 
stackconf 2025 | Building high-performance apps & controlling costs with CNCF...
stackconf 2025 | Building high-performance apps & controlling costs with CNCF...stackconf 2025 | Building high-performance apps & controlling costs with CNCF...
stackconf 2025 | Building high-performance apps & controlling costs with CNCF...
NETWAYS
 
NL-based Software Engineering (NLBSE) '25
NL-based Software Engineering (NLBSE) '25NL-based Software Engineering (NLBSE) '25
NL-based Software Engineering (NLBSE) '25
Sebastiano Panichella
 
All_India_Situation_Presentation. by Dr Jesmina Khatun
All_India_Situation_Presentation. by Dr Jesmina KhatunAll_India_Situation_Presentation. by Dr Jesmina Khatun
All_India_Situation_Presentation. by Dr Jesmina Khatun
DRJESMINAKHATUN
 
stackconf 2025 | Building a Hyperconverged Proxmox VE Cluster with Ceph by Jo...
stackconf 2025 | Building a Hyperconverged Proxmox VE Cluster with Ceph by Jo...stackconf 2025 | Building a Hyperconverged Proxmox VE Cluster with Ceph by Jo...
stackconf 2025 | Building a Hyperconverged Proxmox VE Cluster with Ceph by Jo...
NETWAYS
 
We Are The World-USA for Africa : Written By Lionel Richie And Michael Jackso...
We Are The World-USA for Africa : Written By Lionel Richie And Michael Jackso...We Are The World-USA for Africa : Written By Lionel Richie And Michael Jackso...
We Are The World-USA for Africa : Written By Lionel Richie And Michael Jackso...
hershtara1
 
Modernization of Parliaments: The Way Forward
Modernization of Parliaments: The Way ForwardModernization of Parliaments: The Way Forward
Modernization of Parliaments: The Way Forward
Dr. Fotios Fitsilis
 
stackconf 2025 | Operator All the (stateful) Things by Jannik Clausen.pdf
stackconf 2025 | Operator All the (stateful) Things by Jannik Clausen.pdfstackconf 2025 | Operator All the (stateful) Things by Jannik Clausen.pdf
stackconf 2025 | Operator All the (stateful) Things by Jannik Clausen.pdf
NETWAYS
 
ICST/SBFT Tool Competition 2025 - UAV Testing Track
ICST/SBFT Tool Competition 2025 - UAV Testing TrackICST/SBFT Tool Competition 2025 - UAV Testing Track
ICST/SBFT Tool Competition 2025 - UAV Testing Track
Sebastiano Panichella
 
A Brief Introduction About John Smith
A Brief Introduction About John SmithA Brief Introduction About John Smith
A Brief Introduction About John Smith
John Smith
 
Mastering Public Speaking: Key Skills for Confident Communication
Mastering Public Speaking: Key Skills for Confident CommunicationMastering Public Speaking: Key Skills for Confident Communication
Mastering Public Speaking: Key Skills for Confident Communication
karthikeyans20012004
 
stackconf 2025 | 2025: I Don’t Know K8S and at This Point, I’m Too Afraid To ...
stackconf 2025 | 2025: I Don’t Know K8S and at This Point, I’m Too Afraid To ...stackconf 2025 | 2025: I Don’t Know K8S and at This Point, I’m Too Afraid To ...
stackconf 2025 | 2025: I Don’t Know K8S and at This Point, I’m Too Afraid To ...
NETWAYS
 
criminal law kajsgdasn cakjsbciaYSVC aschaios
criminal law kajsgdasn cakjsbciaYSVC aschaioscriminal law kajsgdasn cakjsbciaYSVC aschaios
criminal law kajsgdasn cakjsbciaYSVC aschaios
eleazaranghel023
 
Hurricane Milton powerpoint Andrea Giuliano Nacuzi.pdf
Hurricane Milton powerpoint Andrea Giuliano Nacuzi.pdfHurricane Milton powerpoint Andrea Giuliano Nacuzi.pdf
Hurricane Milton powerpoint Andrea Giuliano Nacuzi.pdf
wolfryx99
 
Guiding the Behavior of Young Children.ppt
Guiding the Behavior of Young Children.pptGuiding the Behavior of Young Children.ppt
Guiding the Behavior of Young Children.ppt
FelixOlalekanBabalol
 
Cross-Cultural-Communication-and-Adaptation.pdf
Cross-Cultural-Communication-and-Adaptation.pdfCross-Cultural-Communication-and-Adaptation.pdf
Cross-Cultural-Communication-and-Adaptation.pdf
rash64487
 
Navigating the Digital Asset Landscape-From Blockchain Foundations to Future ...
Navigating the Digital Asset Landscape-From Blockchain Foundations to Future ...Navigating the Digital Asset Landscape-From Blockchain Foundations to Future ...
Navigating the Digital Asset Landscape-From Blockchain Foundations to Future ...
BobPesakovic
 
The Mettle of Honor 05.11.2025.pptx
The Mettle of Honor 05.11.2025.pptxThe Mettle of Honor 05.11.2025.pptx
The Mettle of Honor 05.11.2025.pptx
FamilyWorshipCenterD
 
The history of Human Rights powerpoint Andrea Giuliano Nacuzi.pdf
The history of Human Rights powerpoint Andrea Giuliano Nacuzi.pdfThe history of Human Rights powerpoint Andrea Giuliano Nacuzi.pdf
The history of Human Rights powerpoint Andrea Giuliano Nacuzi.pdf
wolfryx99
 
Ad

Measured boot for embedded devices

  • 1. Dmitry Eremin-Solenikov Ivan Nikolaenko Measured Boot for embedded devices Open Source Software Engineer DI SW December, 2019
  • 2. Restricted © 2019 Mentor Graphics Corporation Approaching authentic execution environment  Usually device manufacturer would like to be sure that deployed device executes authentic code: — Because it might be a medical device, — Or a safety-critcal device — Or just to insure generic platform integrity  We need to authenticate image contents! D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,2
  • 3. Restricted © 2019 Mentor Graphics Corporation Traditional approaches  No authentication at all. – Oops  Verify image signature before flashing it. – Any intruder can still modify image contents after flashing  Or just verify whole image each boot. – So slooow.  We have to authenticate image contents in runtime! D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,3
  • 4. Restricted © 2019 Mentor Graphics Corporation Measured boot  Measured boot is a technique of securely calculating a log of all boot components  Measured boot is typically thought as related to x86 platform only  However nothing stops us from employing the same technique for embedded devices  TPM chip is a hardware component that assists Measured Boot process D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,4
  • 5. Restricted © 2019 Mentor Graphics Corporation Measured Boot for embedded devices D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,5 Boot time  Digest all boot components  Optionally use calculated boot state to unencrypt next stage Runtime  Digest selected set of files as they are accessed – E.g. digest all root-owned executable files – Or digest all root-owned files – Or anything you can come up with  Use digested information to unlock encryption keys  Use digested information to remotely verify device state
  • 6. Restricted © 2019 Mentor Graphics Corporation Measuring boot components  TPM provides at least 24 PCRs (platform configuration register) to store boot log information  These registers are reset only at board reset time  The only way to change them is to Extend: – PCR[i] = Hash ( PCR[i] || ExtendArgument )  The code to access TPM is less than 500 lines of code  Modify your bootloader to Extend PCRs with the digests of next boot image D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,6
  • 7. Restricted © 2019 Mentor Graphics Corporation Measuring inside Linux  Linux provides IMA (Integrity Measurement Architecture) and EVM (Extended Verification Module) subsystems  IMA maintains a runtime list of files measurements – Policy controlled – Can be anchored in TPM to provide aggregate integrity value  Steps to enable: – Enable in kernel – Mount filesystems with iversions option – Provide a signed policy – Load a policy at boot time D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,7
  • 8. Restricted © 2019 Mentor Graphics Corporation Measuring inside Linux: protecting from tampering  Linux EVM subsystem protects against filsystem tampering  It can use either HMAC or digital signature to verify security attributes: – security.ima (IMA's stored “good” hash for the file) – security.selinux (the selinux label/context on the file) – security.SMACK64 (Smack's label on the file) – security.capability (Capability's label on executables)  Steps to enable: – Enable in kernel – Load certificate or HMAC key – Enable in securityfs D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,8
  • 9. Restricted © 2019 Mentor Graphics Corporation Using measured state: local attestation  Use aggregated state to seal next state keys – Seal EVM HMAC key with bootloader data ● Attacker can not get HMAC key by tampering with bootloaders – Seal rootfs encryption key with bootloader and kernel data ● One can not access rootfs if any of boot components are changed! Your Initials, Presentation Title, Month Year9
  • 10. Restricted © 2019 Mentor Graphics Corporation Using measured state: remote attestation  Remote attestation is a method by which a host authenticates it's hardware and software configuration to a remote host (server)  Use TPM capability to cryptographically sign measurements log and provide such log to remote server Your Initials, Presentation Title, Month Year10
  • 11. Restricted © 2019 Mentor Graphics Corporation Deploying in embedded device  Patch your bootloader  Using MEL/Yocto/OE use one of 3 layers: – meta-secure-core (complex solution) – meta-measured (a bit outdated) – meta-security (optimal after receiving all our patches)  Use initramfs to load IMA policy and EVM certificate Your Initials, Presentation Title, Month Year11
  • 12. Restricted © 2019 Mentor Graphics Corporation Deploying in embedded device #2  Choose a solution for remote attestation – OpenAttestation is an SDK for developing custom complex solutions – We recommend using strongSwan’s TNC (trusted network connect) capability to maintain a DB of devices – We ourselves ended up with a set of scripts to provisioning keys, gathering data and verifying the log Your Initials, Presentation Title, Month Year12
  • 13. Restricted © 2019 Mentor Graphics Corporation What can we do without TPM TPM chips are cheap, but what if hardware is already finalized? Enable IMA/EVM! – Verifying all executable files to be signed by you – EPERM for all other binaries Your Initials, Presentation Title, Month Year13
  • 14. Restricted © 2019 Mentor Graphics Corporation QUESTIONS?
  • 15. Restricted © 2019 Mentor Graphics Corporation www.mentor.com
  翻译: