Trusted Boot Loader
Trusted Boot Loader
Synopsis
Background
Trusted boot
Security enhancements to boot loader
Necessary code
U-Boot
Kernel authenticity
Secure U-Boot
Conclusions
Background
Trusted Computing Platform Alliance /
Trusted Computing Group TCPA / TCG
Trusted Computing
Trusted Platform Module TPM
TCG
Develops, defines, and promotes open standards
for hardware-enabled trusted computing and
security technologies
hardware building blocks
software interfaces
multiple platforms, peripherals, and devices.
Trusted Computing
Machine specific public and private keys
and certificate chain
Cryptographic functionality
Data can be signed with the machines
identification
Data can be encrypted with the machines
secret key
April 12th, 2006
TCG components
Application
TCG Software Stack
Measure
Boot ROM
TPM
Root of Trust
April 12th, 2006
TPM activities
Boot loader measures boot through kernel
and initrd
Initrd has TPM unseal kernel master key
If a match, TPM releases kernel master key
Key used to generate keys for further stages
If measurements dont match, boot is halted
Communication Bus
HMAC
Engine
SHA-1
Engine
Opt-In
NonVolatile
Memory
I/O
Key
Generation
Random
Number
Generator
Power
Detection
Execution
Engine
Volatile
Memory
CPU
TPM
ROM
TPM
Embedded TPM
CPU
Software TPM
Normal
CPU
Trusted Area
ROM
10
Trusted boot
Trusted boot loader
Secure boot loader
11
Normal Boot
Hardware
CRC
ECC
Hash
Signa
ture
Secure Boot
(by digest)
Secure Boot
(by signature)
Trusted Boot
Ease of Management
Write Protected
Bootloader
TPM
Root of Trust
(Reference Value)
Bad
Root of Trust
(Signers public key)
Good
+ Easy to update OS image
without modifying Bootloader
Root of Trust
Root of Trust
(Secure Storage)
12
Security enhancements
Simple integrity check
Error checks and recovery
Secure boot
Ensure secure initial state
Ensure only an un-tampered system is run
Trusted/authenticated boot
Ensure a secure initial state
Ensure only an un-tampered system is run
Measure and report
April 12th, 2006
13
Trusted boot
Each boot step is measured and stored
A sequence of measured values (stored
measurement log)
Executable code and associated information
could be measured before it is executed
14
GRUB booting
Stage 1
Initialization
Detect geometry of loading drive
Load the first sector of Stage 1.5
Jump to start of Stage 1.5
Stage 1.5
15
GRUB booting
Stage 2
Load kernel
Jump to kernel start
16
17
Hardware
Write protected initial boot code ROM
Flash memory with boot block protection
TPM
April 12th, 2006
18
U-Boot
Open source firmware for embedded
PowerPC, ARM, MIPS, x86,
Command line
Information commands
Memory commands
Flash memory commands
Execution commands
Download
Environment variables
Special
Miscellaneous
19
Invoke U-Boot
Starts running from ROM
Relocates itself to RAM
Initial setup and environment checks
Locate the kernel and decompress it
Check CRC of kernel
Transfer control to kernel image
Kernel boots
20
U-Boot security
Only knows CRC
Basically a sophisticated checksum
CRC good for finding random errors in a
transmission
Little protection against malicious attacks
21
Signed kernel
Hash calculated from kernel binary
MD5 or SHA-1
Use private key of public/private key pair to
encrypt digest
22
Signed kernel
Kernel image
Kernel image
MD5 or
SHA-1
Digest/
hash
signature
Signed using
private key
signature
23
24
Kernel image
Kernel image
MD5 or
SHA-1
Digest/
hash
compare
signature
Digest/
hash
signature
decrypt using
public key
25
Invoke u-boot
Starts running from ROM
Relocates itself to RAM
Initial setup and environment checks
Locate the kernel and decompress it
Check CRC of kernel
Authenticate kernel
Transfer control to kernel image
Kernel boots
26
27
U-Boot booting
Initialize ARM boot (continued)
Devices
Console
Interrupts
Ethernet
Boot kernel
Read image header
Decompress image
Transfer control to kernel
April 12th, 2006
28
Required modifications
Identify appropriate places in u-boot for
modifications
Between decompress image and transfer control
to kernel
29
30
U-Boot start
U-Boot 1.1.4 (Mar 29 2006 - 10:01:55)
DRAM: 32 MB
Flash: 32 MB
In:
serial
Out:
serial
Err:
serial
Hit any key to stop autoboot:
OMAP1510 Innovator #
31
Innovator flash
.
.
.
OMAP flash: using static partition definition
Creating 5 MTD partitions on "omap-flash":
0x00000000-0x00020000 : "BootLoader"
0x00020000-0x00060000 : "Params"
0x00060000-0x00260000 : "Kernel"
0x00260000-0x01000000 : "Flash0 FileSys"
0x01000000-0x02000000 : "Flash1 FileSys"
32
U-Boot parameters
256K total
Room for key information
33
Roadmap
Verify boot image
Hardware based protection
Protection of ROM, boot block, flash memory
Need TPM
TPM driver
TPM initialization
TPM APIs (Library)
Integrate boot image verification and boot loader
protection
34
Conclusions
Secure boot is needed
Trusted boot exists for BIOS based systems
with TPM
Not a lot required for secure boot for
embedded systems
35
Links
U-Boot
Documentation
http://www.denx.de/wiki/DULG/Manual
TCG
https://www.trustedcomputinggroup.org/home
TPM
https://www.trustedcomputinggroup.org/groups/tpm/
April 12th, 2006
36
Links
TPM device driver for Linux
http://sourceforge.net/projects/tpmdd
37