Scribd
Upload
71 views11 pages

SecureBoot Technicaldetail

Describes the secure boot operation, implementation and design

Uploaded by

sumeetdas.gemini
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
71 views11 pages

SecureBoot Technicaldetail

Describes the secure boot operation, implementation and design

Uploaded by

sumeetdas.gemini
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 11

SECURE BOOT

By Sumeet Das
INTRODUCTION

Secure boot is designed to protect a system against malicious code by ensuring


only authenticated software runs on the device.

Before Secure Boot, the computer's BIOS (Basic Input/output System) would hand
off control of the PC to any bootloader that was located in the right location on
the hard drive. There was no way for the BIOS to validate or authenticate the
software, so anything could boot the PC - Windows, other operating systems
like Linux, and even malware.
Hence there was a need to develop a mechanism to make sure that a device
boots using only software that is trusted by Original Equipment Manufacturer.
WHAT IS SECURE BOOT ?

Secure boot is a process where your OS boot images and code are
authenticated against the trusted hardware before they are allowed to
be used in the boot process.
The hardware is set up beforehand in such a way that it only
authenticates code generated using security credentials you trust.
Secure boot is applicable for any single-use device, something that’s not
intended to be a general-purpose computing
GENERAL IMPLEMENTATION

• Create boot images


• Generate set of secure keys
• Sign the image against self signed cert
• Append the keys to the boot image
• Processor will authenticate first stage boot loader
• Key in boot image should match key stored in secure
storage
• Secure commands check the cryptographic hash of
the image
• If the above process succeeds, processor will execute
boot image
CASE STUDY: SECURE BOOT ON XILINX
MPSOC
Xilinx uses RSA authentication where
Signing is done using secret key
Verification is done using public key
Signing:
• PPK and SPK are stored in the Authentication Certificate (AC).
• SPK is signed using PSK to get SPK signature; also stored as part of the AC.
• Partition is signed using SSK to get Partition signature, populated in the
AC.
• The AC is appended to each partition that is opted for authentication.
• PPK is hashed and stored in eFUSE.
Verification:
• Verify PPK: This step establishes the authenticity of primary
key, which is used to authenticate secondary key.
1. PPK is read from AC in boot image
2. Generate PPK hash
3. Hashed PPK is compared with the PPK hash retrieved
from eFUSE
4. If same, then primary key is trusted, else secure boot fail
• Verify secondary keys: This step establishes the authenticity of
secondary key, which is used to authenticate the partitions.
1. SPK is read from AC in boot image
2. Generate SPK hashed
3. Get the SPK hash, by verifying the SPK signature stored
in AC, using PPK
4. Compare hashes from step (b) and step (c)
5. If same, then secondary key is trusted, else secure boot
fail.
• Verify partitions: This step establishes the authenticity of
partition which is being booted.
1. Partition is read from the boot image.
2. Generate hash of the partition.
3. Get the partition hash, by verifying the Partition
signature stored in AC, using SPK.
4. Compare the hashes from step (b) and step (c)
5. If same, then partition is trusted, else secure boot fail
KEY GENERATION
Using Bootgen Using OpenSSL Third Party Companies

Its an open-source implementation Some of the players include


of SSL and TLS protocols. • AWS
It can be used to create RSA • Entrust
private keys, public keys and • Keyfactor
certificates. • GeoTrust
• digicert
https://www.openssl.org/
PROGRAMMING KEYS AND SIGNING
Programming Keys
The keys are programmed through bare metal programming. Xilinx provides
XILSecure Library that allows programming of keys, revocation of keys, key read
lock mechanism etc. The keys are programmed in to One- time programmable
efuse region of the chip. Care must be taken to ensure that the right key is
programmed as the same key will be used for signing process. A single error in
the key programming will make the chip unused for any future use. Secure boot
is designed to protect a system against malicious code by ensuring only
authenticated software runs on the device.

Signing Image:
The starting point for a trusted platform is the creation (by the developer) of a
bug free and malware-free code base.
Once the developer “trusts” the code, the developer digitally signs the code so
that accidental or deliberate modifications to the code base will be detected
during the secure boot cycle.
IMAGE SIGNING PROCESS
PRODUCTION USE ENVIRONMENT

Signed binary (Fails to Signed binary


256 MB execute) Power Cycle ( Executes)
QSPI NOR
Flash

Fallback
BareMetal code to BareMetal code to
burn efuse burn efuse
THANK YOU

You might also like