Security Starts Right from Square Zero
July 23, 2020
The first thing that happens in the operation of an embedded system, IoT device, or any other computing platform is the boot process. If you run into trouble with respect to security at that point, you may as well just shut down there. Because any action you take from that point forward is a massive security risk.
A simple definition of a secure boot is that it’s a mechanism for ensuring the integrity of firmware and software running on a computing platform. Hence, the system (or device) must guard against malicious attacks or even unauthorized software updates that could happen prior to the operating system launching.
That definition may seem like an over-simplification, but in reality, it’s not. The secure boot manager acts like a “trust anchor.” It’s the beginning of the root of trust for the device. Hence, it’s essential (put a big emphasis on the word “essential”), that you are running legitimate code right from the get-go.
The real work comes in to play here when you attempt to implement the secure boot manager. You must ensure that the boot manager runs every time the system boots—no exceptions. You must ensure that your boot manager hasn’t been altered in any way and that the boot manager has the ability to detect whether or not you are running legitimate code. And if and when any firmware updates do come in, it’s up to the boot manager to ensure that they are legitimate and authentically signed.
Securing the Security Mechanism
A key question that must be answered: how do you ensure the security of the secure boot manager? This is a much simpler question to answer if you’re running one of the latest MCUs that has hardware encryption built in. Follow the rules for that encryption, and you should be good to go.
But if you’re still using a legacy device that may not contains all the bells and whistles when it comes to security, take caution. You can still use that secure boot manager on the legacy device, and you certainly should. But to get the maximum protection from a board level, a compete hardware solution is the recommendation.
The latest Arm-based devices all have that security built in, thanks to the company’s popular embedded TrustZone technology. And the upside there is that you have a built-in mechanism, regardless of which semiconductor supplier you’ve teamed up with.
To ensure that your security is completely up to snuff, you might want to check out something like IAR Systems’ C-Trust security tool. It’s easy to use, and makes the process as close to “idiot proof” as possible, as it automates the inclusion of a secure boot manager. In many cases, you simply click a series of check boxes and the tool handles the rest. If you’d like to alter the code and/or make modifications, that’s possible too.
To see the C-Trust tool in action, check out the video of yours truly and Shawn Prestridge, IAR Systems’ US Field Applications Engineering Lead. Shawn actually runs through a quick demo of the tool during the video, using a screen share, so you see exactly what needs to occur to design in the secure boot manager.
Note that IAR Systems is also hosting a series of five webinars, each aimed at helping embedded systems developer secure a different aspect of their IoT devices.