SlideShare uma empresa Scribd logo

Bootloaders, Trusted Firmware, and Secure Code

96Boards
96Boards

Secure Firmware with David Brown of Linaro! David Brown is a Senior Engineer at Linaro who has been working on ARM Linux since about 2007, as well as general Linux and other kernels for many years before that. He also enjoys learning and working with new programming languages. With decades of experience, David is the perfect person to tackle the complex and technical topic that is “Secure Firmware”. In this week’s episode of OpenHours, we will get a general overview of trusted firmware, discuss the differences between Cortex A and M, and review both setups! A setup: boot, TF-A, OP-TEE and Linux M setup: mcuboot, TF-M, and work in progress

Tecnologia
1 de 12
Baixar para ler offline
Bootloaders and Trusted Firmware David Brown 2019 April 24
Overview ● Signature introduction ● Two worlds: Cortex A and Cortex M ● Trusting your code: The root of trust ● Secure vs Non-secure ● Bootloaders, trusted firmware, and secure code, oh my
A Digital Signature Image SHA256 Image Hash 32 bytes EC Private Key ECDSA Sign Signature 32 bytes
Verify a Signature Image SHA256 Image Hash 32 bytes EC Public Key ECDSA Verify Signature 32 bytes Good?
Cortex A vs Cortex M Cortex A: ● “Big” CPUs ● Typically have: ○ GBs of RAM ○ GBs of storage: SSD/MMC/NAND ○ GHz CPU ○ Multiple cores common ● Think Raspberry Pi, Phones, 96Boards, Android, Linux, etc Cortex M: ● “Small” CPUs ● Typically have: ○ KBs of RAM ○ MBs of ROM ○ 10-100s of MHz ○ Usually 1 core, some 2 ● Think IoT: light bulbs, water meters ● Key here is to reduce cost and power consumption
Root of trust ● How do we trust the code that is running? ● Chain of trust from first executed code on the system
Chain of Trust Internal boot code Bootloader Trusted Firmware Non-secure Operating System Trusted OS Application Secure Non-Secure Optional
Internal boot code Bootloader Trusted Firmware Non-secure Operating System Trusted OS Application Secure Non-secure
Secure, Non-secure Interaction ● Strong memory protection ● Memory protection even of DMA ● Well defined and restricted communication ● Limits code that needs to be trusted
Bootloaders, Cortex-A ● Code resides in file or partition in a large device ● Each stage responsible for verifying the next state ○ BL1: Rom loader in SoC ○ BL2: Trusted firmware ○ BL3-1: Trusted OS/Platform ○ BL3-3: Non-trusted: U-Boot/UEFI ○ : Non-secure OS: Linux ○ : Apps
Bootloaders: Cortex-M ● Lives in a single flash space ● May execute right out of flash ● Fixed partitions and rigid upgrades ● Boot order: ○ Possible on-SoC init ROM ○ MCUboot: Validates 2 images ○ TF-M: Secure application ○ Application
Thank you Join Linaro to accelerate deployment of your Arm- based solutions through collaboration contact@linaro.org

Recomendados

LAS16 100 K1 - Keynote George Grey
LAS16 100 K1 - Keynote George GreyLAS16 100 K1 - Keynote George Grey
LAS16 100 K1 - Keynote George Grey96Boards
 
LAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLinaro
 
BLE Talk
BLE TalkBLE Talk
BLE Talkprogrammarchy
 
Cat info mgt
Cat info mgtCat info mgt
Cat info mgtIsle of Man College
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to productionMender.io
 
Computer specifications.ppsx
Computer specifications.ppsxComputer specifications.ppsx
Computer specifications.ppsxmnm Lastopop
 
2 system-unit.ppt-compatibility-mode
2 system-unit.ppt-compatibility-mode2 system-unit.ppt-compatibility-mode
2 system-unit.ppt-compatibility-modeEL Institute
 
An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...
An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...
An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...Tanya Vernitsky
 

Recomendados

LAS16 100 K1 - Keynote George Grey
LAS16 100 K1 - Keynote George GreyLAS16 100 K1 - Keynote George Grey
LAS16 100 K1 - Keynote George Grey96Boards
 
LAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLAS16-100K1: Welcome Keynote
LAS16-100K1: Welcome KeynoteLinaro
 
BLE Talk
BLE TalkBLE Talk
BLE Talkprogrammarchy
 
Cat info mgt
Cat info mgtCat info mgt
Cat info mgtIsle of Man College
 
Iot development from prototype to production
Iot development from prototype to productionIot development from prototype to production
Iot development from prototype to productionMender.io
 
Computer specifications.ppsx
Computer specifications.ppsxComputer specifications.ppsx
Computer specifications.ppsxmnm Lastopop
 
2 system-unit.ppt-compatibility-mode
2 system-unit.ppt-compatibility-mode2 system-unit.ppt-compatibility-mode
2 system-unit.ppt-compatibility-modeEL Institute
 
An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...
An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...
An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...Tanya Vernitsky
 
An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...
An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...
An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...Bitmovin Inc
 
09. Memory, Storage (RAM, Cache, HDD, ODD, SSD, Flashdrives)
09. Memory, Storage (RAM, Cache, HDD, ODD, SSD, Flashdrives)09. Memory, Storage (RAM, Cache, HDD, ODD, SSD, Flashdrives)
09. Memory, Storage (RAM, Cache, HDD, ODD, SSD, Flashdrives)Akhila Dakshina
 
LAS16 109 - The status quo and the future of 96Boards
LAS16 109 - The status quo and the future of 96BoardsLAS16 109 - The status quo and the future of 96Boards
LAS16 109 - The status quo and the future of 96Boards96Boards
 
LAS16-109: LAS16-109: The status quo and the future of 96Boards
LAS16-109: LAS16-109: The status quo and the future of 96BoardsLAS16-109: LAS16-109: The status quo and the future of 96Boards
LAS16-109: LAS16-109: The status quo and the future of 96BoardsLinaro
 
HKG15: Opening Keynote - George Grey, Linaro CEO
HKG15: Opening Keynote - George Grey, Linaro CEOHKG15: Opening Keynote - George Grey, Linaro CEO
HKG15: Opening Keynote - George Grey, Linaro CEOLinaro
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to ProductionMender.io
 
Feasibility of Security in Micro-Controllers
Feasibility of Security in Micro-ControllersFeasibility of Security in Micro-Controllers
Feasibility of Security in Micro-Controllersardiri
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
Light Weight Cryptography for IOT.pptx
Light Weight Cryptography for IOT.pptxLight Weight Cryptography for IOT.pptx
Light Weight Cryptography for IOT.pptxDineshBoobalan
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightAndy Gelme
 
DevSecCon Boston 2018: Busted computing by Conor Walsh
DevSecCon Boston 2018: Busted computing by Conor WalshDevSecCon Boston 2018: Busted computing by Conor Walsh
DevSecCon Boston 2018: Busted computing by Conor WalshDevSecCon
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootLinaro
 
Hardware hacking
Hardware hackingHardware hacking
Hardware hackingTavish Naruka
 
9 semiconductor memory
9 semiconductor memory9 semiconductor memory
9 semiconductor memoryUsha Mehta
 
Compaq
CompaqCompaq
CompaqAndys Cortees
 
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015CSO_Presentations
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineeringDaniel Stenberg
 
Mob modcon 2015-android rom cooking tutorial
Mob modcon 2015-android rom cooking tutorialMob modcon 2015-android rom cooking tutorial
Mob modcon 2015-android rom cooking tutorialRon Munitz
 
Linxu conj2016 96boards
Linxu conj2016 96boardsLinxu conj2016 96boards
Linxu conj2016 96boardsLF Events
 
Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)Nate Lawson
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Mais conteúdo relacionado

Semelhante a Bootloaders, Trusted Firmware, and Secure Code

An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...
An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...
An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...Bitmovin Inc
 
09. Memory, Storage (RAM, Cache, HDD, ODD, SSD, Flashdrives)
09. Memory, Storage (RAM, Cache, HDD, ODD, SSD, Flashdrives)09. Memory, Storage (RAM, Cache, HDD, ODD, SSD, Flashdrives)
09. Memory, Storage (RAM, Cache, HDD, ODD, SSD, Flashdrives)Akhila Dakshina
 
LAS16 109 - The status quo and the future of 96Boards
LAS16 109 - The status quo and the future of 96BoardsLAS16 109 - The status quo and the future of 96Boards
LAS16 109 - The status quo and the future of 96Boards96Boards
 
LAS16-109: LAS16-109: The status quo and the future of 96Boards
LAS16-109: LAS16-109: The status quo and the future of 96BoardsLAS16-109: LAS16-109: The status quo and the future of 96Boards
LAS16-109: LAS16-109: The status quo and the future of 96BoardsLinaro
 
HKG15: Opening Keynote - George Grey, Linaro CEO
HKG15: Opening Keynote - George Grey, Linaro CEOHKG15: Opening Keynote - George Grey, Linaro CEO
HKG15: Opening Keynote - George Grey, Linaro CEOLinaro
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to ProductionMender.io
 
Feasibility of Security in Micro-Controllers
Feasibility of Security in Micro-ControllersFeasibility of Security in Micro-Controllers
Feasibility of Security in Micro-Controllersardiri
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEELinaro
 
Light Weight Cryptography for IOT.pptx
Light Weight Cryptography for IOT.pptxLight Weight Cryptography for IOT.pptx
Light Weight Cryptography for IOT.pptxDineshBoobalan
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightAndy Gelme
 
DevSecCon Boston 2018: Busted computing by Conor Walsh
DevSecCon Boston 2018: Busted computing by Conor WalshDevSecCon Boston 2018: Busted computing by Conor Walsh
DevSecCon Boston 2018: Busted computing by Conor WalshDevSecCon
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootLinaro
 
9 semiconductor memory
9 semiconductor memory9 semiconductor memory
9 semiconductor memoryUsha Mehta
 
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015CSO_Presentations
 
Mob modcon 2015-android rom cooking tutorial
Mob modcon 2015-android rom cooking tutorialMob modcon 2015-android rom cooking tutorial
Mob modcon 2015-android rom cooking tutorialRon Munitz
 
Linxu conj2016 96boards
Linxu conj2016 96boardsLinxu conj2016 96boards
Linxu conj2016 96boardsLF Events
 
Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)Nate Lawson
 

Semelhante a Bootloaders, Trusted Firmware, and Secure Code (20)

An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...
An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...
An Introduction to AV1 - The Next-Gen Royalty-Free Codec From the Alliance fo...
 
09. Memory, Storage (RAM, Cache, HDD, ODD, SSD, Flashdrives)
09. Memory, Storage (RAM, Cache, HDD, ODD, SSD, Flashdrives)09. Memory, Storage (RAM, Cache, HDD, ODD, SSD, Flashdrives)
09. Memory, Storage (RAM, Cache, HDD, ODD, SSD, Flashdrives)
 
LAS16 109 - The status quo and the future of 96Boards
LAS16 109 - The status quo and the future of 96BoardsLAS16 109 - The status quo and the future of 96Boards
LAS16 109 - The status quo and the future of 96Boards
 
LAS16-109: LAS16-109: The status quo and the future of 96Boards
LAS16-109: LAS16-109: The status quo and the future of 96BoardsLAS16-109: LAS16-109: The status quo and the future of 96Boards
LAS16-109: LAS16-109: The status quo and the future of 96Boards
 
HKG15: Opening Keynote - George Grey, Linaro CEO
HKG15: Opening Keynote - George Grey, Linaro CEOHKG15: Opening Keynote - George Grey, Linaro CEO
HKG15: Opening Keynote - George Grey, Linaro CEO
 
IoT Development from Prototype to Production
IoT Development from Prototype to ProductionIoT Development from Prototype to Production
IoT Development from Prototype to Production
 
Feasibility of Security in Micro-Controllers
Feasibility of Security in Micro-ControllersFeasibility of Security in Micro-Controllers
Feasibility of Security in Micro-Controllers
 
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEEBKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
BKK16-110 A Gentle Introduction to Trusted Execution and OP-TEE
 
Light Weight Cryptography for IOT.pptx
Light Weight Cryptography for IOT.pptxLight Weight Cryptography for IOT.pptx
Light Weight Cryptography for IOT.pptx
 
Internet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! nightInternet Of Things: Hands on: YOW! night
Internet Of Things: Hands on: YOW! night
 
DevSecCon Boston 2018: Busted computing by Conor Walsh
DevSecCon Boston 2018: Busted computing by Conor WalshDevSecCon Boston 2018: Busted computing by Conor Walsh
DevSecCon Boston 2018: Busted computing by Conor Walsh
 
HKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted bootHKG18-223 - Trusted FirmwareM: Trusted boot
HKG18-223 - Trusted FirmwareM: Trusted boot
 
Hardware hacking
Hardware hackingHardware hacking
Hardware hacking
 
9 semiconductor memory
9 semiconductor memory9 semiconductor memory
9 semiconductor memory
 
Compaq
CompaqCompaq
Compaq
 
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
Peter Gutmann Presentation - CSO Perspectives Roadshow Auckland 9th Mar 2015
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Mob modcon 2015-android rom cooking tutorial
Mob modcon 2015-android rom cooking tutorialMob modcon 2015-android rom cooking tutorial
Mob modcon 2015-android rom cooking tutorial
 
Linxu conj2016 96boards
Linxu conj2016 96boardsLinxu conj2016 96boards
Linxu conj2016 96boards
 
Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)Designing and Attacking DRM (RSA 2008)
Designing and Attacking DRM (RSA 2008)
 

Último

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 

Último (20)

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

Bootloaders, Trusted Firmware, and Secure Code

  • 2. Overview ● Signature introduction ● Two worlds: Cortex A and Cortex M ● Trusting your code: The root of trust ● Secure vs Non-secure ● Bootloaders, trusted firmware, and secure code, oh my
  • 3. A Digital Signature Image SHA256 Image Hash 32 bytes EC Private Key ECDSA Sign Signature 32 bytes
  • 4. Verify a Signature Image SHA256 Image Hash 32 bytes EC Public Key ECDSA Verify Signature 32 bytes Good?
  • 5. Cortex A vs Cortex M Cortex A: ● “Big” CPUs ● Typically have: ○ GBs of RAM ○ GBs of storage: SSD/MMC/NAND ○ GHz CPU ○ Multiple cores common ● Think Raspberry Pi, Phones, 96Boards, Android, Linux, etc Cortex M: ● “Small” CPUs ● Typically have: ○ KBs of RAM ○ MBs of ROM ○ 10-100s of MHz ○ Usually 1 core, some 2 ● Think IoT: light bulbs, water meters ● Key here is to reduce cost and power consumption
  • 6. Root of trust ● How do we trust the code that is running? ● Chain of trust from first executed code on the system
  • 7. Chain of Trust Internal boot code Bootloader Trusted Firmware Non-secure Operating System Trusted OS Application Secure Non-Secure Optional
  • 8. Internal boot code Bootloader Trusted Firmware Non-secure Operating System Trusted OS Application Secure Non-secure
  • 9. Secure, Non-secure Interaction ● Strong memory protection ● Memory protection even of DMA ● Well defined and restricted communication ● Limits code that needs to be trusted
  • 10. Bootloaders, Cortex-A ● Code resides in file or partition in a large device ● Each stage responsible for verifying the next state ○ BL1: Rom loader in SoC ○ BL2: Trusted firmware ○ BL3-1: Trusted OS/Platform ○ BL3-3: Non-trusted: U-Boot/UEFI ○ : Non-secure OS: Linux ○ : Apps
  • 11. Bootloaders: Cortex-M ● Lives in a single flash space ● May execute right out of flash ● Fixed partitions and rigid upgrades ● Boot order: ○ Possible on-SoC init ROM ○ MCUboot: Validates 2 images ○ TF-M: Secure application ○ Application
  • 12. Thank you Join Linaro to accelerate deployment of your Arm- based solutions through collaboration contact@linaro.org