SlideShare a Scribd company logo

Measured boot for embedded devices

D
Dmitry Baryshkov

A presentation on using Measured Boot, TPM and IMA/EVM on Linux

Presentations & Public Speaking
1 of 15
Download to read offline
Dmitry Eremin-Solenikov Ivan Nikolaenko Measured Boot for embedded devices Open Source Software Engineer DI SW December, 2019
Restricted © 2019 Mentor Graphics Corporation Approaching authentic execution environment  Usually device manufacturer would like to be sure that deployed device executes authentic code: — Because it might be a medical device, — Or a safety-critcal device — Or just to insure generic platform integrity  We need to authenticate image contents! D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,2
Restricted © 2019 Mentor Graphics Corporation Traditional approaches  No authentication at all. – Oops  Verify image signature before flashing it. – Any intruder can still modify image contents after flashing  Or just verify whole image each boot. – So slooow.  We have to authenticate image contents in runtime! D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,3
Restricted © 2019 Mentor Graphics Corporation Measured boot  Measured boot is a technique of securely calculating a log of all boot components  Measured boot is typically thought as related to x86 platform only  However nothing stops us from employing the same technique for embedded devices  TPM chip is a hardware component that assists Measured Boot process D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,4
Restricted © 2019 Mentor Graphics Corporation Measured Boot for embedded devices D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,5 Boot time  Digest all boot components  Optionally use calculated boot state to unencrypt next stage Runtime  Digest selected set of files as they are accessed – E.g. digest all root-owned executable files – Or digest all root-owned files – Or anything you can come up with  Use digested information to unlock encryption keys  Use digested information to remotely verify device state
Restricted © 2019 Mentor Graphics Corporation Measuring boot components  TPM provides at least 24 PCRs (platform configuration register) to store boot log information  These registers are reset only at board reset time  The only way to change them is to Extend: – PCR[i] = Hash ( PCR[i] || ExtendArgument )  The code to access TPM is less than 500 lines of code  Modify your bootloader to Extend PCRs with the digests of next boot image D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,6
Restricted © 2019 Mentor Graphics Corporation Measuring inside Linux  Linux provides IMA (Integrity Measurement Architecture) and EVM (Extended Verification Module) subsystems  IMA maintains a runtime list of files measurements – Policy controlled – Can be anchored in TPM to provide aggregate integrity value  Steps to enable: – Enable in kernel – Mount filesystems with iversions option – Provide a signed policy – Load a policy at boot time D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,7
Restricted © 2019 Mentor Graphics Corporation Measuring inside Linux: protecting from tampering  Linux EVM subsystem protects against filsystem tampering  It can use either HMAC or digital signature to verify security attributes: – security.ima (IMA's stored “good” hash for the file) – security.selinux (the selinux label/context on the file) – security.SMACK64 (Smack's label on the file) – security.capability (Capability's label on executables)  Steps to enable: – Enable in kernel – Load certificate or HMAC key – Enable in securityfs D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,8
Restricted © 2019 Mentor Graphics Corporation Using measured state: local attestation  Use aggregated state to seal next state keys – Seal EVM HMAC key with bootloader data ● Attacker can not get HMAC key by tampering with bootloaders – Seal rootfs encryption key with bootloader and kernel data ● One can not access rootfs if any of boot components are changed! Your Initials, Presentation Title, Month Year9
Restricted © 2019 Mentor Graphics Corporation Using measured state: remote attestation  Remote attestation is a method by which a host authenticates it's hardware and software configuration to a remote host (server)  Use TPM capability to cryptographically sign measurements log and provide such log to remote server Your Initials, Presentation Title, Month Year10
Restricted © 2019 Mentor Graphics Corporation Deploying in embedded device  Patch your bootloader  Using MEL/Yocto/OE use one of 3 layers: – meta-secure-core (complex solution) – meta-measured (a bit outdated) – meta-security (optimal after receiving all our patches)  Use initramfs to load IMA policy and EVM certificate Your Initials, Presentation Title, Month Year11
Restricted © 2019 Mentor Graphics Corporation Deploying in embedded device #2  Choose a solution for remote attestation – OpenAttestation is an SDK for developing custom complex solutions – We recommend using strongSwan’s TNC (trusted network connect) capability to maintain a DB of devices – We ourselves ended up with a set of scripts to provisioning keys, gathering data and verifying the log Your Initials, Presentation Title, Month Year12
Restricted © 2019 Mentor Graphics Corporation What can we do without TPM TPM chips are cheap, but what if hardware is already finalized? Enable IMA/EVM! – Verifying all executable files to be signed by you – EPERM for all other binaries Your Initials, Presentation Title, Month Year13
Restricted © 2019 Mentor Graphics Corporation QUESTIONS?
Restricted © 2019 Mentor Graphics Corporation www.mentor.com

Recommended

Public Key Distribution
Public Key Distribution Public Key Distribution
Public Key Distribution Mostafijur Rahman
 
Block replication on HDFS
Block replication on HDFSBlock replication on HDFS
Block replication on HDFSKoos van Strien
 
SWGDE Best Practices for Computer Forensics
SWGDE Best Practices for Computer ForensicsSWGDE Best Practices for Computer Forensics
SWGDE Best Practices for Computer ForensicsDavid Sweigert
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Leveling Up My Linux Kernel Contributions : Troubleshooting the kernel panic
Leveling Up My Linux Kernel Contributions : Troubleshooting the kernel panicLeveling Up My Linux Kernel Contributions : Troubleshooting the kernel panic
Leveling Up My Linux Kernel Contributions : Troubleshooting the kernel panicJuhee Kang
 
Motherboard
MotherboardMotherboard
MotherboardBen Attia Fodha Hajer
 
Steganography(Presentation)
Steganography(Presentation)Steganography(Presentation)
Steganography(Presentation)Firdous Ahmad Khan
 
Steve Litras [Cribl] | The Power of Infinite Choice | InfluxDays Virtual Expe...
Steve Litras [Cribl] | The Power of Infinite Choice | InfluxDays Virtual Expe...Steve Litras [Cribl] | The Power of Infinite Choice | InfluxDays Virtual Expe...
Steve Litras [Cribl] | The Power of Infinite Choice | InfluxDays Virtual Expe...InfluxData
 

Recommended

Public Key Distribution
Public Key Distribution Public Key Distribution
Public Key Distribution Mostafijur Rahman
 
Block replication on HDFS
Block replication on HDFSBlock replication on HDFS
Block replication on HDFSKoos van Strien
 
SWGDE Best Practices for Computer Forensics
SWGDE Best Practices for Computer ForensicsSWGDE Best Practices for Computer Forensics
SWGDE Best Practices for Computer ForensicsDavid Sweigert
 
Pgp pretty good privacy
Pgp pretty good privacyPgp pretty good privacy
Pgp pretty good privacyPawan Arya
 
Leveling Up My Linux Kernel Contributions : Troubleshooting the kernel panic
Leveling Up My Linux Kernel Contributions : Troubleshooting the kernel panicLeveling Up My Linux Kernel Contributions : Troubleshooting the kernel panic
Leveling Up My Linux Kernel Contributions : Troubleshooting the kernel panicJuhee Kang
 
Motherboard
MotherboardMotherboard
MotherboardBen Attia Fodha Hajer
 
Steganography(Presentation)
Steganography(Presentation)Steganography(Presentation)
Steganography(Presentation)Firdous Ahmad Khan
 
Steve Litras [Cribl] | The Power of Infinite Choice | InfluxDays Virtual Expe...
Steve Litras [Cribl] | The Power of Infinite Choice | InfluxDays Virtual Expe...Steve Litras [Cribl] | The Power of Infinite Choice | InfluxDays Virtual Expe...
Steve Litras [Cribl] | The Power of Infinite Choice | InfluxDays Virtual Expe...InfluxData
 
Cryptanalysis 101
Cryptanalysis 101Cryptanalysis 101
Cryptanalysis 101rahat ali
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Udev for Device Management in Linux
Udev for Device Management in Linux Udev for Device Management in Linux
Udev for Device Management in Linux Deepak Soundararajan
 
Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Suraj Dhalwar
 
Access control matrix
Access control matrixAccess control matrix
Access control matrixAravindharamanan S
 
Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN
 
Pgp
PgpPgp
PgpReham Maher El-Safarini
 
Cs8792 cns - unit i
Cs8792 cns - unit iCs8792 cns - unit i
Cs8792 cns - unit iArthyR3
 
Memory safety in rust
Memory safety in rustMemory safety in rust
Memory safety in rustJawahar
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptographysubhradeep mitra
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Venkatesh Jambulingam
 
Grundlagen Virtualisierung
Grundlagen VirtualisierungGrundlagen Virtualisierung
Grundlagen Virtualisierunginovex GmbH
 
Steganography and watermarking
Steganography and watermarkingSteganography and watermarking
Steganography and watermarkingsudip nandi
 
S/MIME
S/MIMES/MIME
S/MIMEmaria azam
 
Email security
Email securityEmail security
Email securityAhmed EL-KOSAIRY
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Cryptography Basics Pki
Cryptography Basics PkiCryptography Basics Pki
Cryptography Basics PkiSylvain Maret
 
Bootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-releaseBootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-releaseEric Koeppen
 
Chapter 9 Client and application Security
Chapter 9 Client and application SecurityChapter 9 Client and application Security
Chapter 9 Client and application SecurityDr. Ahmed Al Zaidy
 

More Related Content

What's hot

Cryptanalysis 101
Cryptanalysis 101Cryptanalysis 101
Cryptanalysis 101rahat ali
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Udev for Device Management in Linux
Udev for Device Management in Linux Udev for Device Management in Linux
Udev for Device Management in Linux Deepak Soundararajan
 
Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Suraj Dhalwar
 
Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN
 
Cs8792 cns - unit i
Cs8792 cns - unit iCs8792 cns - unit i
Cs8792 cns - unit iArthyR3
 
Memory safety in rust
Memory safety in rustMemory safety in rust
Memory safety in rustJawahar
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptographysubhradeep mitra
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Grundlagen Virtualisierung
Grundlagen VirtualisierungGrundlagen Virtualisierung
Grundlagen Virtualisierunginovex GmbH
 
Steganography and watermarking
Steganography and watermarkingSteganography and watermarking
Steganography and watermarkingsudip nandi
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMACKrishna Gehlot
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Securityvishnukp34
 
Cryptography Basics Pki
Cryptography Basics PkiCryptography Basics Pki
Cryptography Basics PkiSylvain Maret
 

What's hot (20)

Cryptanalysis 101
Cryptanalysis 101Cryptanalysis 101
Cryptanalysis 101
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
 
Udev for Device Management in Linux
Udev for Device Management in Linux Udev for Device Management in Linux
Udev for Device Management in Linux
 
Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)Set Secure Electronic Transaction (SET)
Set Secure Electronic Transaction (SET)
 
Access control matrix
Access control matrixAccess control matrix
Access control matrix
 
Project ACRN hypervisor introduction
Project ACRN hypervisor introduction Project ACRN hypervisor introduction
Project ACRN hypervisor introduction
 
Pgp
PgpPgp
Pgp
 
Cs8792 cns - unit i
Cs8792 cns - unit iCs8792 cns - unit i
Cs8792 cns - unit i
 
Memory safety in rust
Memory safety in rustMemory safety in rust
Memory safety in rust
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITY
 
Different types of Symmetric key Cryptography
Different types of Symmetric key CryptographyDifferent types of Symmetric key Cryptography
Different types of Symmetric key Cryptography
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
Public key Infrastructure (PKI)
Public key Infrastructure (PKI)Public key Infrastructure (PKI)
Public key Infrastructure (PKI)
 
Grundlagen Virtualisierung
Grundlagen VirtualisierungGrundlagen Virtualisierung
Grundlagen Virtualisierung
 
Steganography and watermarking
Steganography and watermarkingSteganography and watermarking
Steganography and watermarking
 
S/MIME
S/MIMES/MIME
S/MIME
 
Email security
Email securityEmail security
Email security
 
Message Authentication Code & HMAC
Message Authentication Code & HMACMessage Authentication Code & HMAC
Message Authentication Code & HMAC
 
CS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network SecurityCS8792 - Cryptography and Network Security
CS8792 - Cryptography and Network Security
 
Cryptography Basics Pki
Cryptography Basics PkiCryptography Basics Pki
Cryptography Basics Pki
 

Similar to Measured boot for embedded devices

Bootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-releaseBootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-releaseEric Koeppen
 
Chapter 9 Client and application Security
Chapter 9 Client and application SecurityChapter 9 Client and application Security
Chapter 9 Client and application SecurityDr. Ahmed Al Zaidy
 
IPLOOK MME PRODUCT INFORMATION
IPLOOK MME PRODUCT INFORMATIONIPLOOK MME PRODUCT INFORMATION
IPLOOK MME PRODUCT INFORMATIONIPLOOK Networks
 
Android Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOXAndroid Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOXSamsung Biz Mobile
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VRISC-V International
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionLinaro
 
IPLOOK SMS product information
IPLOOK SMS product information IPLOOK SMS product information
IPLOOK SMS product information IPLOOK Networks
 
Comguard expanding-portfolio
Comguard expanding-portfolioComguard expanding-portfolio
Comguard expanding-portfolioxband
 
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...IRJET Journal
 
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti
 
ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...
ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...
ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...Dieter Rudolf
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overviewSajid Marwat
 
Introduction to Trusted Computing
Introduction to Trusted ComputingIntroduction to Trusted Computing
Introduction to Trusted ComputingMaksim Djackov
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Qualcomm Developer Network
 
DYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGESDYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGESijsptm
 
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Synopsys Software Integrity Group
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1bora.gungoren
 
Managing securityforautomotivesoc
Managing securityforautomotivesocManaging securityforautomotivesoc
Managing securityforautomotivesocPankaj Singh
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersITExamAnswers.net
 

Similar to Measured boot for embedded devices (20)

Bootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-releaseBootkits step by-step-slides-final-v1-release
Bootkits step by-step-slides-final-v1-release
 
Chapter 9 Client and application Security
Chapter 9 Client and application SecurityChapter 9 Client and application Security
Chapter 9 Client and application Security
 
IPLOOK MME PRODUCT INFORMATION
IPLOOK MME PRODUCT INFORMATIONIPLOOK MME PRODUCT INFORMATION
IPLOOK MME PRODUCT INFORMATION
 
Android Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOXAndroid Security Maximized by Samsung KNOX
Android Security Maximized by Samsung KNOX
 
Standardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-VStandardizing the tee with global platform and RISC-V
Standardizing the tee with global platform and RISC-V
 
HKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: IntroductionHKG18-212 - Trusted Firmware M: Introduction
HKG18-212 - Trusted Firmware M: Introduction
 
IPLOOK SMS product information
IPLOOK SMS product information IPLOOK SMS product information
IPLOOK SMS product information
 
Comguard expanding-portfolio
Comguard expanding-portfolioComguard expanding-portfolio
Comguard expanding-portfolio
 
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
IRJET- An Efficient Hardware-Oriented Runtime Approach for Stack-Based Softwa...
 
Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020Ivanti uem security_webinar_cybersecurity_month_oct2020
Ivanti uem security_webinar_cybersecurity_month_oct2020
 
ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...
ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...
ChipGlobe - Dieter Rudolf - Secure IoT communication - for Infineon IoT Secur...
 
Trusted computing introduction and technical overview
Trusted computing introduction and technical overviewTrusted computing introduction and technical overview
Trusted computing introduction and technical overview
 
Introduction to Trusted Computing
Introduction to Trusted ComputingIntroduction to Trusted Computing
Introduction to Trusted Computing
 
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
Developing for Industrial IoT with Linux OS on DragonBoard™ 410c: Session 4
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
DYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGESDYNAMIC ROOT OF TRUST AND CHALLENGES
DYNAMIC ROOT OF TRUST AND CHALLENGES
 
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
Webinar–Improving Fuzz Testing of Infotainment Systems and Telematics Units U...
 
Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1Portakal Teknoloji Otc Lyon Part 1
Portakal Teknoloji Otc Lyon Part 1
 
Managing securityforautomotivesoc
Managing securityforautomotivesocManaging securityforautomotivesoc
Managing securityforautomotivesoc
 
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam AnswersIT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
IT Essentials (Version 7.0) - ITE Chapter 13 Exam Answers
 

Recently uploaded

Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...NETWAYS
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptssuser319dad
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxmavinoikein
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@vikas rana
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Salam Al-Karadaghi
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSebastiano Panichella
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...NETWAYS
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfhenrik385807
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxFamilyWorshipCenterD
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...NETWAYS
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringSebastiano Panichella
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)Basil Achie
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfakankshagupta7348026
 

Recently uploaded (20)

Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Rohini Delhi 💯Call Us 🔝8264348440🔝
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
OSCamp Kubernetes 2024 | A Tester's Guide to CI_CD as an Automated Quality Co...
 
Philippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.pptPhilippine History cavite Mutiny Report.ppt
Philippine History cavite Mutiny Report.ppt
 
Work Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptxWork Remotely with Confluence ACE 2.pptx
Work Remotely with Confluence ACE 2.pptx
 
call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@call girls in delhi malviya nagar @9811711561@
call girls in delhi malviya nagar @9811711561@
 
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
Exploring protein-protein interactions by Weak Affinity Chromatography (WAC) ...
 
SBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation TrackSBFT Tool Competition 2024 -- Python Test Case Generation Track
SBFT Tool Competition 2024 -- Python Test Case Generation Track
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
OSCamp Kubernetes 2024 | Zero-Touch OS-Infrastruktur für Container und Kubern...
 
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdfOpen Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
Open Source Strategy in Logistics 2015_Henrik Hankedvz-d-nl-log-conference.pdf
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptxGenesis part 2 Isaiah Scudder 04-24-2024.pptx
Genesis part 2 Isaiah Scudder 04-24-2024.pptx
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
Open Source Camp Kubernetes 2024 | Monitoring Kubernetes With Icinga by Eric ...
 
The 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software EngineeringThe 3rd Intl. Workshop on NL-based Software Engineering
The 3rd Intl. Workshop on NL-based Software Engineering
 
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
NATIONAL ANTHEMS OF AFRICA (National Anthems of Africa)
 
Motivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdfMotivation and Theory Maslow and Murray pdf
Motivation and Theory Maslow and Murray pdf
 

Measured boot for embedded devices

  • 1. Dmitry Eremin-Solenikov Ivan Nikolaenko Measured Boot for embedded devices Open Source Software Engineer DI SW December, 2019
  • 2. Restricted © 2019 Mentor Graphics Corporation Approaching authentic execution environment  Usually device manufacturer would like to be sure that deployed device executes authentic code: — Because it might be a medical device, — Or a safety-critcal device — Or just to insure generic platform integrity  We need to authenticate image contents! D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,2
  • 3. Restricted © 2019 Mentor Graphics Corporation Traditional approaches  No authentication at all. – Oops  Verify image signature before flashing it. – Any intruder can still modify image contents after flashing  Or just verify whole image each boot. – So slooow.  We have to authenticate image contents in runtime! D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,3
  • 4. Restricted © 2019 Mentor Graphics Corporation Measured boot  Measured boot is a technique of securely calculating a log of all boot components  Measured boot is typically thought as related to x86 platform only  However nothing stops us from employing the same technique for embedded devices  TPM chip is a hardware component that assists Measured Boot process D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,4
  • 5. Restricted © 2019 Mentor Graphics Corporation Measured Boot for embedded devices D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,5 Boot time  Digest all boot components  Optionally use calculated boot state to unencrypt next stage Runtime  Digest selected set of files as they are accessed – E.g. digest all root-owned executable files – Or digest all root-owned files – Or anything you can come up with  Use digested information to unlock encryption keys  Use digested information to remotely verify device state
  • 6. Restricted © 2019 Mentor Graphics Corporation Measuring boot components  TPM provides at least 24 PCRs (platform configuration register) to store boot log information  These registers are reset only at board reset time  The only way to change them is to Extend: – PCR[i] = Hash ( PCR[i] || ExtendArgument )  The code to access TPM is less than 500 lines of code  Modify your bootloader to Extend PCRs with the digests of next boot image D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,6
  • 7. Restricted © 2019 Mentor Graphics Corporation Measuring inside Linux  Linux provides IMA (Integrity Measurement Architecture) and EVM (Extended Verification Module) subsystems  IMA maintains a runtime list of files measurements – Policy controlled – Can be anchored in TPM to provide aggregate integrity value  Steps to enable: – Enable in kernel – Mount filesystems with iversions option – Provide a signed policy – Load a policy at boot time D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,7
  • 8. Restricted © 2019 Mentor Graphics Corporation Measuring inside Linux: protecting from tampering  Linux EVM subsystem protects against filsystem tampering  It can use either HMAC or digital signature to verify security attributes: – security.ima (IMA's stored “good” hash for the file) – security.selinux (the selinux label/context on the file) – security.SMACK64 (Smack's label on the file) – security.capability (Capability's label on executables)  Steps to enable: – Enable in kernel – Load certificate or HMAC key – Enable in securityfs D. Eremin-Solenikov, I. Nikolaenko, Measured Boot for embedded devices,8
  • 9. Restricted © 2019 Mentor Graphics Corporation Using measured state: local attestation  Use aggregated state to seal next state keys – Seal EVM HMAC key with bootloader data ● Attacker can not get HMAC key by tampering with bootloaders – Seal rootfs encryption key with bootloader and kernel data ● One can not access rootfs if any of boot components are changed! Your Initials, Presentation Title, Month Year9
  • 10. Restricted © 2019 Mentor Graphics Corporation Using measured state: remote attestation  Remote attestation is a method by which a host authenticates it's hardware and software configuration to a remote host (server)  Use TPM capability to cryptographically sign measurements log and provide such log to remote server Your Initials, Presentation Title, Month Year10
  • 11. Restricted © 2019 Mentor Graphics Corporation Deploying in embedded device  Patch your bootloader  Using MEL/Yocto/OE use one of 3 layers: – meta-secure-core (complex solution) – meta-measured (a bit outdated) – meta-security (optimal after receiving all our patches)  Use initramfs to load IMA policy and EVM certificate Your Initials, Presentation Title, Month Year11
  • 12. Restricted © 2019 Mentor Graphics Corporation Deploying in embedded device #2  Choose a solution for remote attestation – OpenAttestation is an SDK for developing custom complex solutions – We recommend using strongSwan’s TNC (trusted network connect) capability to maintain a DB of devices – We ourselves ended up with a set of scripts to provisioning keys, gathering data and verifying the log Your Initials, Presentation Title, Month Year12
  • 13. Restricted © 2019 Mentor Graphics Corporation What can we do without TPM TPM chips are cheap, but what if hardware is already finalized? Enable IMA/EVM! – Verifying all executable files to be signed by you – EPERM for all other binaries Your Initials, Presentation Title, Month Year13
  • 14. Restricted © 2019 Mentor Graphics Corporation QUESTIONS?
  • 15. Restricted © 2019 Mentor Graphics Corporation www.mentor.com