Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006

Similar documents
Embedded Trusted Computing on ARM-based systems

Patterns for Secure Boot and Secure Storage in Computer Systems

SecureDoc Disk Encryption Cryptographic Engine

CycurHSM An Automotive-qualified Software Stack for Hardware Security Modules

Bypassing Local Windows Authentication to Defeat Full Disk Encryption. Ian Haken

Secure Network Communications FIPS Non Proprietary Security Policy

Secure Storage. Lost Laptops

Accellion Secure File Transfer Cryptographic Module Security Policy Document Version 1.0. Accellion, Inc.

Recipe for Mobile Data Security: TPM, Bitlocker, Windows Vista and Active Directory

Hi and welcome to the Microsoft Virtual Academy and

FIPS Non- Proprietary Security Policy. McAfee SIEM Cryptographic Module, Version 1.0

FIPS Non-Proprietary Security Policy. IBM Internet Security Systems SiteProtector Cryptographic Module (Version 1.0)

Trusted Platform Module

Security Policy for FIPS Validation

FIPS Security Policy 3Com Embedded Firewall PCI Cards

Chapter 11 Security+ Guide to Network Security Fundamentals, Third Edition Basic Cryptography

Northrop Grumman M5 Network Security SCS Linux Kernel Cryptographic Services. FIPS Security Policy Version

Software-based TPM Emulator for Linux

Opal SSDs Integrated with TPMs

EXPLORING LINUX KERNEL: THE EASY WAY!

A Virtualized Linux Integrity Subsystem for Trusted Cloud Computing

SkyRecon Cryptographic Module (SCM)

Technical Brief Distributed Trusted Computing

M-Shield mobile security technology

Certifying Program Execution with Secure Processors

BitLocker Drive Encryption Hardware Enhanced Data Protection. Shon Eizenhoefer, Program Manager Microsoft Corporation

Trusted Platforms for Homeland Security

Enhancing Organizational Security Through the Use of Virtual Smart Cards

Windows Server 2008 R2 Boot Manager Security Policy For FIPS Validation

Lecture Embedded System Security Dynamic Root of Trust and Trusted Execution

Secure Containers. Jan Imagination Technologies HGI Dec, 2014 p1

Whitepaper Enhancing BitLocker Deployment and Management with SimplySecure. Addressing the Concerns of the IT Professional Rob Weber February 2015

Disk encryption... (not only) in Linux. Milan Brož

FIPS Non Proprietary Security Policy: IBM Internet Security Systems Proventia GX Series Security

Using AES 256 bit Encryption

Cisco Trust Anchor Technologies

Cut Network Security Cost in Half Using the Intel EP80579 Integrated Processor for entry-to mid-level VPN

IoT Security Concerns and Renesas Synergy Solutions

Symantec Corporation Symantec Enterprise Vault Cryptographic Module Software Version:

FIPS Non Proprietary Security Policy: Kingston Technology DataTraveler DT4000 Series USB Flash Drive

YubiKey Integration for Full Disk Encryption

Embedded Linux Platform Developer

[SMO-SFO-ICO-PE-046-GU-

Index. BIOS rootkit, 119 Broad network access, 107

27th Chaos Communication Congress Console Hacking 2010 PS3 Epic Fail. bushing, marcan, segher, sven

Pulse Secure, LLC. January 9, 2015

Secure Data Management in Trusted Computing

File System Encryption with Integrated User Management

Efficient Framework for Deploying Information in Cloud Virtual Datacenters with Cryptography Algorithms

NXP & Security Innovation Encryption for ARM MCUs

ios Security Decoded Dave Test Classroom and Lab Computing Penn State ITS Feedback -

Open Network Install Environment (ONIE) LinuxCon North America 2015

APPLICATION NOTE. Atmel AT02333: Safe and Secure Bootloader Implementation for SAM3/4. Atmel 32-bit Microcontroller. Features.

Hardware Security Modules for Protecting Embedded Systems

Supply Chain (In-) Security

Cautions When Using BitLocker Drive Encryption on PRIMERGY

OpenSSL FIPS Security Policy Version 1.2.4

Encrypted File Systems. Don Porter CSE 506

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

SPC5-CRYP-LIB. SPC5 Software Cryptography Library. Description. Features. SHA-512 Random engine based on DRBG-AES-128

CRYPTOGRAPHY AS A SERVICE

Acronym Term Description

CS252 Project An Encrypted File System using TPM

Analyzing the Security Schemes of Various Cloud Storage Services

That Point of Sale is a PoS

Ciphire Mail. Abstract

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Trustworthy Computing

Security Technical. Overview. BlackBerry Enterprise Service 10. BlackBerry Device Service Solution Version: 10.2

Security Guide. BlackBerry Enterprise Service 12. for BlackBerry. Version 12.0

vtpm: Virtualizing the Trusted Platform Module

Hierarchies. Three Persistent Hierarchies. Chapter 9

Full Drive Encryption Security Problem Definition - Encryption Engine

Overview. SSL Cryptography Overview CHAPTER 1

Security needs in embedded systems

Fixity Checks: Checksums, Message Digests and Digital Signatures Audrey Novak, ILTS Digital Preservation Committee November 2006

Establishing and Sustaining System Integrity via Root of Trust Installation

W ith an estimated 14 billion devices connected to

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

How encryption works to provide confidentiality. How hashing works to provide integrity. How digital signatures work to provide authenticity and

The embedded Linux quick start guide lab notes

Using the TPM to Solve Today s Most Urgent Cybersecurity Problems

IBM 4765 PCIe Cryptographic Coprocessor Custom Software Developer's Toolkit Guide

TCG PC Client Specific Implementation Specification for Conventional BIOS

Example of Standard API

Stratusphere. Architecture Overview

Kaseya US Sales, LLC Virtual System Administrator Cryptographic Module Software Version: 1.0

The Impact of Cryptography on Platform Security

E-CERT C ONTROL M ANAGER

How to Secure Infrastructure Clouds with Trusted Computing Technologies

IBM Crypto Server Management General Information Manual

FIPS SECURITY POLICY FOR

Security Policy for Oracle Advanced Security Option Cryptographic Module

Security Technology for Smartphones

FIPS Security Policy LogRhythm Log Manager

Message Authentication Codes

Data At Rest Protection

Transcription:

Trusted Boot Loader Steve Johnson, Panasonic Chair Security WG San Jose April 12, 2006 April 12th, 2006 1

Synopsis Background Trusted boot Security enhancements to boot loader Necessary code U-Boot Kernel authenticity Secure U-Boot Conclusions April 12th, 2006 2

Background Trusted Computing Platform Alliance / Trusted Computing Group TCPA / TCG Trusted Computing Trusted Platform Module TPM April 12th, 2006 3

TCG Develops, defines, and promotes open standards for hardware-enabled trusted computing and security technologies hardware building blocks software interfaces multiple platforms, peripherals, and devices. Primary goal is to protect user s information assets (data, passwords, keys, etc.) from compromise due to external software attack and physical theft. April 12th, 2006 4

Trust and Trusted Computing What is trust? The expectation that a device will behave in a particular manner for a specific purpose System you are forced to trust vs. one that is trustworthy What is trusted computing? Technology developed and promoted by the Trusted Computing Group (TCG) April 12th, 2006 5

Trusted Computing Machine specific public and private keys and certificate chain Cryptographic functionality Data can be signed with the machine s identification Data can be encrypted with the machine s secret key April 12th, 2006 6

TCG components Application Measure TCG Software Stack Measure Boot ROM TPM Device Driver TPM Operating System Root of Trust April 12th, 2006 7

TPM activities Boot loader measures boot through kernel and initrd Initrd has TPM unseal kernel master key If a match, TPM releases kernel master key Key used to generate keys for further stages If measurements don t match, boot is halted April 12th, 2006 8

TPM major components Communication Bus I/O Cryptographic Co-Processor Key Generation Random Number Generator HMAC Engine SHA-1 Engine Power Detection Opt-In Execution Engine Non- Volatile Memory Volatile Memory April 12th, 2006 9

Necessary TPM hardware Discrete TPM CPU TPM ROM Embedded TPM CPU TPM ROM Software TPM Normal CPU Trusted Area April 12th, 2006 10

Trusted boot loader Secure boot loader Trusted boot April 12th, 2006 11

Security levels for boot loader Security Features Ease of Management Software Hardware CRC ECC Hash Signa ture Write Protected Bootloader TPM Normal Boot O - - - - Easy, but no protection Secure Boot (by digest) O Root of Trust (Reference Value) Bad Secure Boot (by signature) O O Root of Trust (Signer s public key) Good + Easy to update OS image without modifying Bootloader Trusted Boot O Root of Trust Root of Trust (Secure Storage) Good (for connected device) + Device Authentication + Integrity Protection + Integrity Report April 12th, 2006 12

Security enhancements Simple integrity check Error checks and recovery Secure boot Ensure secure initial state Ensure only an un-tampered system is run Trusted/authenticated boot Ensure a secure initial state Ensure only an un-tampered system is run Measure and report April 12th, 2006 13

Trusted boot Each boot step is measured and stored A sequence of measured values (stored measurement log) Executable code and associated information could be measured before it is executed April 12th, 2006 14

GRUB booting Stage 1 Initialization Detect geometry of loading drive Load the first sector of Stage 1.5 Jump to start of Stage 1.5 Stage 1.5 Load the rest of Stage 1.5 Jump to the starting address Load Stage 2 Jump to start of Stage 2 April 12th, 2006 15

Stage 2 Load kernel Jump to kernel start GRUB booting April 12th, 2006 16

Trusted GRUB booting Stage 1 measures stage 1.5 after loading it Stage 1.5 measures stage 2 after loading it Stage 2 measures stage 1.5 Stage 2 measures kernel April 12th, 2006 17

Required code and components Boot loader Crypto functions Hash Asymmetric cipher (RSA) Hardware Write protected initial boot code ROM Flash memory with boot block protection TPM April 12th, 2006 18

U-Boot Open source firmware for embedded PowerPC, ARM, MIPS, x86, Command line Information commands Memory commands Flash memory commands Execution commands Download Environment variables Special Miscellaneous April 12th, 2006 19

U-Boot boot process Invoke U-Boot Starts running from ROM Relocates itself to RAM Initial setup and environment checks Locate the kernel and decompress it Check CRC of kernel Transfer control to kernel image Kernel boots April 12th, 2006 20

Only knows CRC U-Boot security Basically a sophisticated checksum CRC good for finding random errors in a transmission Little protection against malicious attacks April 12th, 2006 21

Signed kernel Hash calculated from kernel binary MD5 or SHA-1 Use private key of public/private key pair to encrypt digest Signature appended to kernel image as meta-data April 12th, 2006 22

Signed kernel Kernel image Kernel image MD5 or SHA-1 Digest/ hash Signed using private key signature signature April 12th, 2006 23

Kernel image authenticity Boot loader decompresses kernel image and meta-data Signature is extracted and decrypted using public key Hash is calculated from kernel image If signature matches hash, the kernel image is authentic April 12th, 2006 24

Signed kernel with u-boot Kernel image Kernel image MD5 or SHA-1 Digest/ hash compare signature signature decrypt using public key Digest/ hash April 12th, 2006 25

Secure U-Boot process Invoke u-boot Starts running from ROM Relocates itself to RAM Initial setup and environment checks Locate the kernel and decompress it Check CRC of kernel Authenticate kernel Transfer control to kernel image Kernel boots April 12th, 2006 26

U-Boot booting process Preliminary setup CPU Memory Relocate self to RAM Initialize ARM boot Flash Environment IP & MAC address April 12th, 2006 27

U-Boot booting Initialize ARM boot (continued) Devices Console Interrupts Ethernet Boot kernel Read image header Decompress image Transfer control to kernel April 12th, 2006 28

Required modifications Identify appropriate places in u-boot for modifications Between decompress image and transfer control to kernel Add hash code Add encryption/decryption code Add key handling April 12th, 2006 29

Hardware based protection Not striving for full TCG compliance Secure boot loader is sufficient for first step Where to store stuff? April 12th, 2006 30

U-Boot start U-Boot 1.1.4 (Mar 29 2006-10:01:55) DRAM: 32 MB Flash: 32 MB In: serial Out: serial Err: serial Hit any key to stop autoboot: 0 OMAP1510 Innovator # April 12th, 2006 31

Innovator flash... OMAP flash: using static partition definition Creating 5 MTD partitions on "omap-flash": 0x00000000-0x00020000 : "BootLoader" 0x00020000-0x00060000 : "Params" 0x00060000-0x00260000 : "Kernel" 0x00260000-0x01000000 : "Flash0 FileSys" 0x01000000-0x02000000 : "Flash1 FileSys" April 12th, 2006 32

256K total U-Boot parameters Room for key information April 12th, 2006 33

Roadmap Verify boot image Hardware based protection Protection of ROM, boot block, flash memory Complete TCG trusted boot Need TPM TPM driver TPM initialization TPM APIs (Library) Integrate boot image verification and boot loader protection April 12th, 2006 34

Conclusions Secure boot is needed Trusted boot exists for BIOS based systems with TPM Not a lot required for secure boot for embedded systems April 12th, 2006 35

U-Boot Documentation Links http://www.denx.de/wiki/dulg/manual Project home page TCG http://sourceforge.net/projects/u-boot https://www.trustedcomputinggroup.org/home TPM https://www.trustedcomputinggroup.org/groups/tpm/ April 12th, 2006 36

Links TPM device driver for Linux http://sourceforge.net/projects/tpmdd TCG Software Stack implementation http://sourceforge.net/projects/trousers TCG patch for GRUB http://trousers.sourceforge.net/grub.html April 12th, 2006 37

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information