To achieve secure boot, processor/SoC support is required.
If data confidentiality and/or anti-counterfeit functionality is needed, then software/user data needs to be encrypted.
Bootloader authentication
Bootloader authentication is processor specific. However the high level mechanism is usually the same, it involves:
- Creating a public/private key pair
- Signing the bootloader using vendor-specific code signing tools
- Flashing the public key (or hash of public key) onto One-Time programmable (OTP) fuse on the processor
The processor ROM code on power-up loads the bootloader along with the signature/certificate appended to it. It then verifies the software by performing the following steps:
- Verify the public key used in the signature/certificate with the one stored in OTP fuse
- Extract the hash of bootloader from the signature using the verified public key
- Compare the extracted hash with the computed hash of the bootloader. If it matches it proceeds with the boot process, thus authenticating the bootloader.
Protecting the key used for encryption
On a desktop or cell phone, the key used to encrypt the filesystem is derived from a user password entered interactively. Embedded devices typically do not have this luxury. Hence we need to store and protect the key on the device.
On i.MX, each processor has a unique master key (pre-programmed by NXP) that can only be accessed by the Cryptographic Accelerator and Assurance Module (CAAM) module. A CAAM kernel driver can be written to encrypt filesystem encryption key with the unique processor master key. The encrypted key blob can then be stored in the boot partition. This is done as a part of the manufacturing step. During the boot process a script is run from initramfs to decrypt the key blob using CAAM kernel driver and the plain key is then used to decrypt the root filesystem.
No comments:
Post a Comment