Secure Boot: An Integral Security Feature for Code Storage, Operating Systems, and Data Storage
August 15, 2023
Ensuring a secure system, starts with a secure booting process.
When it comes to code or data storage, there are an array of security features companies can invest in to prevent malicious attacks and ensure data integrity and privacy. Secure boot has cemented its value within the storage space and has become an integral security feature for data, code storage, and operating systems. The feature has achieved this acclaim by ensuring a secure system state and inherently establishing a Chain of Trust (CoT) – two concepts which are increasingly valuable in today’s digital landscape.
While the feature is commonly associated with operating systems (OS), secure boot can infact be implemented on a range of storage devices (SSDs, USB drives, and SD cards) at all levels and plays an integral role in establishing said Chain of Trust from deep within the NAND flash controller firmware.
Simply put, secure boot has one main goal: to prevent attackers from Arbitrary Code Execution (ACE) as a hacker with ACE can gain unauthorized access, evade security measures, and take control of a system. For secure boot to prevent attackers from gaining ACE, it needs to verify the integrity and authenticity of the firmware/ software before executing/ booting a given device. Secure boot verifies the integrity of a device’s firmware during the boot process by checking a digital signature like in figure 1. The firmware image is digitally signed using a cryptographic key. On the device, only the public key is stored in a way that prevents unauthorized access or modification. If the firmware has been tampered with or modified, the signature will not match, and the firmware will not be executed.
Figure 1. The process of secure boot. Measured boot in contrast does not enforce a secure system state but reports the systems state to verifiers. It is often implemented in conjunction with secure boot.
Secure Boot and its Role in Establishing a Chain of Trust (CoT)
Secure boot is a key feature in establishing a Chain of Trust (CoT). The first component in said CoT equation is called the Root of Trust (RoT) and cannot be verified as there is no previous ‘link in the chain’ to verify it. For this reason, a RoT needs to be inherently trusted, in other words, be a component that cannot be compromised.
Within the NAND flash controller, the RoT includes the boot-ROM (the first software that is executed). The RoT should be as small as possible/ have limited interfaces and should only contain immutable components (mask-ROM, HW components, eFuse). When it comes to the secure boot feature on a flash controller, the RoT (boot-ROM) checks the signature of the first component i.e., the ROM extension and verifys the trustworthiness of this component. From here, the firmware can be verified by the now trusted ROM-extension, the firmware can verify the firmware extension, the extension can verify the host firmware/software stored on the flash, and so on.
This creates a CoT as depicted here in figure 2, which refers to the series of steps or processes that are used to establish and verify the integrity and authenticity of the various components of a computer system and ensure that the system is booting from a trusted source. By establishing a CoT, secure boot helps protect against various types of attacks, including malware and other forms of malicious software. It ensures that only trusted components are loaded during the boot process and helps prevent attackers from gaining control of the system or stealing sensitive data.
Figure 2. A Chain of Trust (CoT) verifies trustworthiness starting with a Root of Trust (RoT).
Why is Secure Boot Important?
Ecosystem integrity: Secure Boot helps maintain the integrity of a device. It ensures that the device is booted with known and trusted software components, preventing the execution of unauthorized or tampered code. While all secure systems must have a chain of trust, it is especially important for the first levels of said chain of trust to be protected as this ‘untrustworthiness’ accumulates over the levels.
Compliance with security standards: Many industry standards and regulations, especially in sectors like finance, healthcare, and government, require the use of secure boot mechanisms to protect sensitive data by ensuring a secure system state. By incorporating secure boot as a feature, storage systems can meet these compliance requirements and ensure that devices adhere to the necessary security standards.
The Different Levels of Secure Boot: Symmetric and Asymmetric
It is important to know that there are different levels of security associated with secure boot. The level of security depends on various factors, including the implementation of the feature, the strength of the cryptographic algorithms used, and the measures taken to prevent tampering with the system.
The most basic implementation of secure boot uses symmetric message authentication codes with a global key (same key for all devices). If an attacker extracts this key from any of the devices, they can run arbitrary firmware on all the devices. This provides a basic level of security against malicious firmware attacks and unauthorized access to the system, but definitely has its drawbacks.
For this reason, asymmetric digital signatures are preferable, where the devices only store a public key. This key cannot be used to sign the firmware, but only to verify signatures. Still, if an attacker obtains the corresponding private key (known only by the manufacturer) they would still be able to gain unauthorized access and modify firmware.
If the private key (known only by the manufacturer) were to become public, there are two ways companies can mitigate the damage and react accordingly. The simplest way is having multiple public keys in rotation, which can quickly be disabled. A more secure approach is for the manufacturer to use PKI certificates, which can be revoked if the private key is leaked. A PKI certificate contains a public key together with additional information such as a name/ product ID and manufacturer information. The certificate is digitally signed by a Certifying Authority (CA), which again has a certificate. This root of trust goes back until the root CA, which is publicly trusted.
Ensuring Secure Boot in NAND Flash Storage Devices
While OEMs are taking more measures to secure their data, many (IoT) devices still do not contain any hardware-based RoT mechanisms, such as Trusted Platform Modules (TPMs), to provide additional security. While TPMs are highly effective and robust, their PCB footprint as well as what they add to the Bill of Materials (BoM) are their drawback. A more cost-efficient workaround in achieving a similar level of security without compromising on space is by integrating a high-end NAND flash controller with a security geared e-Fuse to serve as the RoT inside the chip. All storage devices based on NAND flash technology demand a flash controller – it is an unavoidable component.
Figure 3. Between the host IF and the NAND flash IF is the NAND flash controller. This graphic shows the different elements that make up the flash controller, firmware, cryptographic HW, secure boot functionality, and GPIOs, opening a realm of possibility.
Hyperstone is an industrial grade flash controller vendor has integrated the secure boot feature into their controller technology to ensure industrial grade storage devices have this functionality already embedded in their data storage designs.
Dr. Ing- Johann-Philipp Thiers is responsible for system security and cryptographic services of Hyperstone flash controllers. For his dissertation in code-based post-quantum cryptography he received a doctorate from Ulm University, Germany. He holds a Masters of Engineering in Electrical Systems and a Bachelor in Electrical Engineering and Information Technology, both from the University of Applied Sciences HTWG Konstanz, Germany.