In today’s connected world, IoT devices reach into every phase of modern life. From household appliances to automated cars, smartwatches to smartphones in your pocket, the heap of form factors and value of the data contained in these devices has never been greater. As we are quickly moving towards devices that are connected in this digital world, Data security is more important than ever and the concern of many.
The percentage of breaches involving end-user devices has doubled year-on-year and Cybercriminals are shifting focus from PC to mobile users. Contemporary systems read their software from images on a storage memory. A hacker can, therefore, alter or replace those software images to gain full control of the system and/or access sensitive data.
Having all this in mind, embedded and IoT systems in use in diverse industries must consolidate more trustworthy security standards for the protection of sensitive data. Thus, the need to prioritize security in IoT-style embedded systems has rarely been more urgent. A perfect solution to this problem is the Secure Boot /High Assurance Boot.
Secure Boot is a process that ensures only authenticated software runs on the device and it is achieved by verifying digital signatures of the software before executing that code. To achieve Secure Boot, support from the processor/SoC is required. In precise, it assures that the bootloader and OS software is the deliberate manufacturer version and hasn’t been tampered with by any malicious party or process.
If you do not have Secure Boot/HAB enabled in your processor, someone could take your hardware and put another OS or other software program they desire on it. This could be for various malicious purposes such as to make it fail, for data accumulation, or for reverse engineering your product to replicate your design either in hardware or software. A good time to use Secure Boot is any case where you don’t want another party to load a bootloader or a different operating system on to your device.
HAB is an elective feature in the i.MX SoC family, which allows you to make sure only software images signed by you can be executed on the SoC. It incorporates boot ROM level security which cannot be changed after programming the relevant one-time electrically programmable fuses (eFuses). The boot ROM is responsible for loading the initial software image from the boot medium (normally this initial software is a bootloader such as U-Boot). HAB facilitates the boot ROM to authenticate the initial software image by using digital signatures. It also provides a mechanism to establish a chain of trust for the remaining software components (such as the kernel image) and thus to build a secure state of the system. On processors supporting the HAB feature, the encrypted boot may also be used to provide image cloning security and, depending on the usage, image confidentiality.
The Secure Boot feature using HAB in many NXP processors is based on Public Key Infrastructure. The security provision system consists of two main components:
There are three major versions of the secure components that exist on NXP processors: HAB Version 3 (HAB3), HAB Version 4 (HAB4), and AHAB version. HABv4 in iMX7 supports the boot flow as shown in the above figure.
HAB authentication is based on public-key cryptography using the RSA algorithm.
It consists of the following stages:
NOTE: The ROM and HAB cannot be changed, so they can be considered as trusted software components. This allows the use of ROM and HAB to establish a Secure Boot chain.
Once the initial bootloader is authenticated and executed, the chain of trust can be continued by authenticating each of the next loaded images before executing them – e.g. The boot ROM authenticates U-Boot, U-Boot authenticates the Linux kernel, and so on.
While Secure Boot is a worthwhile step in securing your system, implementing it on the i.MX7 doesn’t secure the entire system down – only the boot loader and if extended OS software as well. As a consequence, someone might write some Linux malware that runs on top of the OS, and if it loads successfully, it could compromise the system.
Security cannot be included as a reconsideration. It needs to be hardened into the product design.
A security solution for embedded devices must
This can only be achieved by including IoT security in the early stages of design starting with Secure Boot. With over 20 years experience in embedded software development and IoT security, Witkio is your end-to-end partner.
IoT Security: The Coming Certificapocalypse
Read more