Scribd
Upload
69 views37 pages

Trusted Boot Loader

The document discusses trusted boot loaders and security enhancements that can be made to boot loaders like U-Boot. It describes adding features like signature verification to authenticate kernel images and integrating with the Trusted Platform Module for trusted boot. Requirements and challenges are covered as well as the boot process and potential integration points in U-Boot.

Uploaded by

migel0
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
69 views37 pages

Trusted Boot Loader

The document discusses trusted boot loaders and security enhancements that can be made to boot loaders like U-Boot. It describes adding features like signature verification to authenticate kernel images and integrating with the Trusted Platform Module for trusted boot. Requirements and challenges are covered as well as the boot process and potential integration points in U-Boot.

Uploaded by

migel0
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 37

Trusted Boot Loader

Steve Johnson, Panasonic


Chair Security WG
San Jose
April 12th, 2006

April 12, 2006

Synopsis

Background
Trusted boot
Security enhancements to boot loader
Necessary code
U-Boot
Kernel authenticity
Secure U-Boot
Conclusions

April 12th, 2006

Background
Trusted Computing Platform Alliance /
Trusted Computing Group TCPA / TCG
Trusted Computing
Trusted Platform Module TPM

April 12th, 2006

TCG
Develops, defines, and promotes open standards
for hardware-enabled trusted computing and
security technologies
hardware building blocks
software interfaces
multiple platforms, peripherals, and devices.

Primary goal is to protect users information assets


(data, passwords, keys, etc.) from compromise due
to external software attack and physical theft.
April 12th, 2006

Trust and Trusted Computing


What is trust?
The expectation that a device will behave in a
particular manner for a specific purpose
System you are forced to trust vs. one that is
trustworthy

What is trusted computing?


Technology developed and promoted by the
Trusted Computing Group (TCG)
April 12th, 2006

Trusted Computing
Machine specific public and private keys
and certificate chain
Cryptographic functionality
Data can be signed with the machines
identification
Data can be encrypted with the machines
secret key
April 12th, 2006

TCG components
Application
TCG Software Stack
Measure

TPM Device Driver


Operating System
Measure

Boot ROM

TPM

Root of Trust
April 12th, 2006

TPM activities
Boot loader measures boot through kernel
and initrd
Initrd has TPM unseal kernel master key
If a match, TPM releases kernel master key
Key used to generate keys for further stages
If measurements dont match, boot is halted

April 12th, 2006

Communication Bus

TPM major components


Cryptographic
Co-Processor

HMAC
Engine

SHA-1
Engine

Opt-In

NonVolatile
Memory

I/O
Key
Generation

April 12th, 2006

Random
Number
Generator

Power
Detection

Execution
Engine

Volatile
Memory

Necessary TPM hardware


Discrete TPM

CPU

TPM
ROM
TPM

Embedded TPM

CPU

Software TPM

Normal
CPU
Trusted Area

April 12th, 2006

ROM

10

Trusted boot
Trusted boot loader
Secure boot loader

April 12th, 2006

11

Security levels for boot loader


Security Features
Software

Normal Boot

Hardware

CRC
ECC

Hash

Signa
ture

Secure Boot
(by digest)

Secure Boot
(by signature)

Trusted Boot

April 12th, 2006

Ease of Management

Write Protected
Bootloader

TPM

Easy, but no protection

Root of Trust
(Reference Value)

Bad

Root of Trust
(Signers public key)

Good
+ Easy to update OS image
without modifying Bootloader

Root of Trust

Root of Trust
(Secure Storage)

Good (for connected device)


+ Device Authentication
+ Integrity Protection
+ Integrity Report

12

Security enhancements
Simple integrity check
Error checks and recovery

Secure boot
Ensure secure initial state
Ensure only an un-tampered system is run

Trusted/authenticated boot
Ensure a secure initial state
Ensure only an un-tampered system is run
Measure and report
April 12th, 2006

13

Trusted boot
Each boot step is measured and stored
A sequence of measured values (stored
measurement log)
Executable code and associated information
could be measured before it is executed

April 12th, 2006

14

GRUB booting
Stage 1

Initialization
Detect geometry of loading drive
Load the first sector of Stage 1.5
Jump to start of Stage 1.5

Stage 1.5

Load the rest of Stage 1.5


Jump to the starting address
Load Stage 2
Jump to start of Stage 2

April 12th, 2006

15

GRUB booting
Stage 2
Load kernel
Jump to kernel start

April 12th, 2006

16

Trusted GRUB booting

Stage 1 measures stage 1.5 after loading it


Stage 1.5 measures stage 2 after loading it
Stage 2 measures stage 1.5
Stage 2 measures kernel

April 12th, 2006

17

Required code and components


Boot loader
Crypto functions
Hash
Asymmetric cipher (RSA)

Hardware
Write protected initial boot code ROM
Flash memory with boot block protection
TPM
April 12th, 2006

18

U-Boot
Open source firmware for embedded
PowerPC, ARM, MIPS, x86,

Command line

Information commands
Memory commands
Flash memory commands
Execution commands
Download
Environment variables
Special
Miscellaneous

April 12th, 2006

19

U-Boot boot process

Invoke U-Boot
Starts running from ROM
Relocates itself to RAM
Initial setup and environment checks
Locate the kernel and decompress it
Check CRC of kernel
Transfer control to kernel image
Kernel boots

April 12th, 2006

20

U-Boot security
Only knows CRC
Basically a sophisticated checksum
CRC good for finding random errors in a
transmission
Little protection against malicious attacks

April 12th, 2006

21

Signed kernel
Hash calculated from kernel binary
MD5 or SHA-1
Use private key of public/private key pair to
encrypt digest

Signature appended to kernel image as


meta-data

April 12th, 2006

22

Signed kernel

Kernel image
Kernel image
MD5 or
SHA-1

Digest/
hash

signature
Signed using
private key
signature

April 12th, 2006

23

Kernel image authenticity


Boot loader decompresses kernel image and
meta-data
Signature is extracted and decrypted using
public key
Hash is calculated from kernel image
If signature matches hash, the kernel image
is authentic
April 12th, 2006

24

Signed kernel with u-boot

Kernel image

Kernel image
MD5 or
SHA-1

Digest/
hash

compare

signature

Digest/
hash

signature
decrypt using
public key

April 12th, 2006

25

Secure U-Boot process

Invoke u-boot
Starts running from ROM
Relocates itself to RAM
Initial setup and environment checks
Locate the kernel and decompress it
Check CRC of kernel
Authenticate kernel
Transfer control to kernel image
Kernel boots

April 12th, 2006

26

U-Boot booting process


Preliminary setup
CPU
Memory

Relocate self to RAM


Initialize ARM boot
Flash
Environment
IP & MAC address
April 12th, 2006

27

U-Boot booting
Initialize ARM boot (continued)

Devices
Console
Interrupts
Ethernet

Boot kernel
Read image header
Decompress image
Transfer control to kernel
April 12th, 2006

28

Required modifications
Identify appropriate places in u-boot for
modifications
Between decompress image and transfer control
to kernel

Add hash code


Add encryption/decryption code
Add key handling
April 12th, 2006

29

Hardware based protection


Not striving for full TCG compliance
Secure boot loader is sufficient for first
step
Where to store stuff?

April 12th, 2006

30

U-Boot start
U-Boot 1.1.4 (Mar 29 2006 - 10:01:55)
DRAM: 32 MB
Flash: 32 MB
In:
serial
Out:
serial
Err:
serial
Hit any key to stop autoboot:
OMAP1510 Innovator #

April 12th, 2006

31

Innovator flash
.
.
.
OMAP flash: using static partition definition
Creating 5 MTD partitions on "omap-flash":
0x00000000-0x00020000 : "BootLoader"
0x00020000-0x00060000 : "Params"
0x00060000-0x00260000 : "Kernel"
0x00260000-0x01000000 : "Flash0 FileSys"
0x01000000-0x02000000 : "Flash1 FileSys"

April 12th, 2006

32

U-Boot parameters
256K total
Room for key information

April 12th, 2006

33

Roadmap
Verify boot image
Hardware based protection
Protection of ROM, boot block, flash memory

Complete TCG trusted boot

Need TPM
TPM driver
TPM initialization
TPM APIs (Library)
Integrate boot image verification and boot loader
protection

April 12th, 2006

34

Conclusions
Secure boot is needed
Trusted boot exists for BIOS based systems
with TPM
Not a lot required for secure boot for
embedded systems

April 12th, 2006

35

Links
U-Boot
Documentation
http://www.denx.de/wiki/DULG/Manual

Project home page


http://sourceforge.net/projects/u-boot

TCG
https://www.trustedcomputinggroup.org/home

TPM
https://www.trustedcomputinggroup.org/groups/tpm/
April 12th, 2006

36

Links
TPM device driver for Linux
http://sourceforge.net/projects/tpmdd

TCG Software Stack implementation


http://sourceforge.net/projects/trousers

TCG patch for GRUB


http://trousers.sourceforge.net/grub.html

April 12th, 2006

37

You might also like