NXP AHAB containerization) are out of the scope of this article, so we’ll assume a common approach is being used. This can be processor dependent, wherein some silicon vendors provide a ROM-based API for authenticating signed binaries. Now, once this signed U-Boot has started execution, we’ll need U-Boot to properly check that any following stages are signed correctly before proceeding to boot into them. Once completed, we can focus on creating a complete chain of trust for the following boot stages. We’re going to jump ahead and assume this has been completed. On NXP processors, this is called High Assurance Boot (HAB). U-Boot) is signed and being authenticated by your processor’s ROM through whatever mechanism is provided. These are not strictly necessary to gain an initial understanding.įirst and foremost, you’ll want to make sure your first bootloader (i.e. If you are new to investigating and understanding these issues, feel free to skim over some of the more verbose example blocks and patchset information. To help prevent these sorts of attacks, we suggest considering three main categories of attack surface reduction: environmental tampering protection, software authentication, and command line access limitation. We have commonly seen field-deployed embedded systems with secure boot setups which fail to mitigate against the direct execution of unauthenticated software from U-Boot. Making sure this bootloader is properly secured so that someone cannot bypass your chain of trust and boot unauthenticated software is very important. Many embedded systems implementing software authentication ( secure boot and chain of trust) use U-Boot as their bootloader. Software Authentication and Signing via FIT.
0 Comments
Leave a Reply. |