Safeguard Critical Systems with X-ES' Turn-Key Secure Boot Implementation Package for NXP Processor-Based Hardware

October 04, 2017

Safeguard Critical Systems with X-ES' Turn-Key Secure Boot Implementation Package for NXP Processor-Based Hardware

As system security has increasingly become a focal point for the embedded computing industry, Extreme Engineering Solutions (X-ES) has responded by providing our customers with a turn-key secure...


XPedite5970 3U VPX Single Board Computer from X-ES supports secure boot

XPedite5970 3U VPX Single Board Computer from X-ES supports secure boot

As system security has increasingly become a focal point for the embedded computing industry, Extreme Engineering Solutions (X-ES) has responded by providing our customers with a turn-key secure boot software package for use on NXP QorIQ and LayerScape processor-based hardware from X-ES.

The secure boot software is delivered pre-customized by X-ES for the target processor board, expediting development by providing a simplified, developer-friendly implementation package. Once configured, secure boot is the process through which the processor validates whether the system’s image is trusted and safe for booting.

NXP Trust Architecture Provides Security Assurance

Secure boot, a subset of the NXP Trust Architecture, is the initial point for a trusted system’s assurance that it is booting and executing only authentic code. Secure boot can be utilized alongside the other components of the Trust Architecture to provide a comprehensive, secure software computing solution. The Trust Architecture additionally includes memory access control/strong partitioning, persistent storage, security state monitoring, master secrets, security violation detection, and secure debug. All of the Trust Architecture features are supported on each of X-ES’ NXP QorIQ P-Series, T-Series, and LayerScape processor-based hardware.

Secure Boot Prevents Inauthentic Code from Executing

Secure boot provides a hardware check on software validity to determine if the bootable image is to be trusted. The ability of secure boot to make this distinction enables it to prevent the CPU from running untrusted code, detect and reject modified security configuration values and device secrets, allow trusted code to use a device-specific, one-time programmable master key (OTPMK) when the processor is in a secure state, and prevents extraction of sensitive values from the device.

In order for secure boot to properly verify if the code is authentic and therefore trustworthy, the developer must first digitally sign the code. This is achieved by generating an RSA public and private key pair to enable the secure boot sequence hash check distinction between authentic, trusted code and inauthentic code. X-ES significantly simplifies this process for the customer by providing the NXP Code Signing Tool as well as including a revised U-Boot bootloader which adds the ability to validate images that are signed for X-ES processor boards. Developers are not dependent on NXP or X-ES for code-signing, and are able to accomplish this themselves with the X-ES provided software toolkit.

Another significant advantage to using the X-ES-modified secure boot software is that the developer does not require a high level of familiarity with the hardware in order to begin development, since device-specific secure boot customizations have already been completed.

Multiple Configurations to Meet Specific Security Requirements

The secure boot package from X-ES supports the customer’s choice of either a monolithic image including bootloader, OS, and applications which is signed as a single package, or chain of trust where the internal secure boot code (ISBC) validates the bootloader, the bootloader validates the OS, and the OS validates the applications all in sequence before permitting the system software to execute code. While the monolithic image only uses a single digital signature, the chain of trust is capable of supporting unique RSA public and private key pairs for each phase of the validation.

Harden system and boot security even further by using chain of trust with confidentiality, which supports booting into an encrypted image. In this boot process, the ISBC (Internal Secure Boot Code) validates the X-ES U-Boot code, which is then followed by a boot script that runs to decapsulate/decrypt OS images, which then allows the boot script to pass control to the OS. Monolithic can support encrypted data but cannot boot into an encrypted image.

Secure Boot Supported on X-ES’ Industry-Leading Embedded Hardware

X-ES provides industry-leading, ruggedized embedded computing boards supporting NXP QorIQ P-Series, T-Series, and LayerScape processors, each designed with trusted subsystems to provide security assurance in a variety of applications.

Presently available in nine COTS, industry-standard form factors, X-ES NXP processor-based boards support pairing secure boot with the customer’s choice of OS, including Linux, Wind River VxWorks, or Green Hills INTEGRITY. Backed by secure boot, these processor boards are capable of high-performance computing in trusted environments, providing unparalleled reliability and affirmation that only trusted OEM code is being executed.

 

Categories
Security