filmov
tv
Establishing chain of trust on an embedded Linux platform - Part 1 Presentation
Показать описание
Title:
Establishing chain of trust on an embedded Linux platform
Abstract:
In the context of this work, we learn how a chain of trust can be established on an embedded Linux platform. We review some security concepts regarding secure boot on NXP i.MX6 processor such as processor security architecture, code signing concept and architecture, PKI tree, code signing/encryption procedures and image authentication/decryption process.
At the end, we see a reference implementation and Demo on an i.MX6 Dual ARM Cortex-A9 platform establishing the chain of trust through authenticated boot including U-Boot and FIT image (Linux kernel, Device tree blob, Rootfs on ramdisk) and extending the chain of trust to support encrypted boot and storage encryption. We also use Ghidra reverse engineering tool to do some simple manipulations of the U-Boot and Linux kernel binary images in order to verify the functionality of authenticated/encrypted boot.
About the author:
Alfie Eskandari
I have been working since 2015 as embedded software engineer with the main focus on Linux system programming. I am interested in Embedded Linux security and Embedded systems security from Hardware/Software perspective. I received my Master of Science degree in Electronics and Communications Engineering from Technical University of Munich in 2015 and the Bachelor of Science degree in Electronics Engineering in 2009.
Establishing chain of trust on an embedded Linux platform - Part 2 Reference Implementation and Demo
#security #secureboot #authenticatedboot #encryptedboot #storageencryption #chainoftrust
Establishing chain of trust on an embedded Linux platform
Abstract:
In the context of this work, we learn how a chain of trust can be established on an embedded Linux platform. We review some security concepts regarding secure boot on NXP i.MX6 processor such as processor security architecture, code signing concept and architecture, PKI tree, code signing/encryption procedures and image authentication/decryption process.
At the end, we see a reference implementation and Demo on an i.MX6 Dual ARM Cortex-A9 platform establishing the chain of trust through authenticated boot including U-Boot and FIT image (Linux kernel, Device tree blob, Rootfs on ramdisk) and extending the chain of trust to support encrypted boot and storage encryption. We also use Ghidra reverse engineering tool to do some simple manipulations of the U-Boot and Linux kernel binary images in order to verify the functionality of authenticated/encrypted boot.
About the author:
Alfie Eskandari
I have been working since 2015 as embedded software engineer with the main focus on Linux system programming. I am interested in Embedded Linux security and Embedded systems security from Hardware/Software perspective. I received my Master of Science degree in Electronics and Communications Engineering from Technical University of Munich in 2015 and the Bachelor of Science degree in Electronics Engineering in 2009.
Establishing chain of trust on an embedded Linux platform - Part 2 Reference Implementation and Demo
#security #secureboot #authenticatedboot #encryptedboot #storageencryption #chainoftrust
1:54:29
0:50:12
0:16:41
0:02:49
0:48:57
0:12:52
0:03:57
0:08:19
0:21:50
0:09:22
0:06:14
0:03:32
0:04:17
0:01:08
0:13:59
0:15:18
0:04:43
0:03:43
0:25:01
0:01:46
0:05:18
0:00:15
0:00:11
0:00:16