Secure Boot in Embedded Systems: Potential Impact and Weakness 

Epteck GmbH > Blog > embedded linux > Secure Boot in Embedded Systems: Potential Impact and Weakness 
secure boot in embedded systems

In the potentially growing world of embedded systems, data integrity has become a big problem. According to a survey, 94% of companies manufacturing embedded systems reported a cyberattack at least once in the last 2 years.  

Security Weaknesses in your systems can lead to many vulnerabilities. Secure boot is one of the proven techniques that can protect the embedded systems from many exploitations and vulnerabilities in case of cyberattacks.  

Secure boot refers to the phenomenon that only trusted firmware signed by some trusted authority can execute on hardware. All other non-trusted firmware will be blocked from executing on Hardware.  

In complex embedded systems, multiple firmware runs during the boot process. For Secure Boot, each boot component authenticates the next component before execution. In this way, they create a chain of trust where every component in the boot sequence validates the next component before executing it – a concept also highlighted by the Trusted Computing Group (TCG). 

How Secure Boot Works in Embedded Systems? 

Here are the steps involved in creating a chain of Trust for embedded systems secure boot. 

  1. Root of Trust: The Rom code is called Root of Trust as it is responsible for authenticating the first component in the boot-up process. The ROM code verifies the bootloader using some hashes stored in one-time programmable (OTP) memory of microprocessor. These hashes are usually extracted from the public key generated by OpenSSL. Its equivalent private key is used to sign the bootloader image.
  2. Step-by-Step Verification: Once the bootloader is verified by the ROM code, it should verify the upcoming components in boot process such as kernel, rootfs and application.
  3. Secure Storage: The typical secure boot process is complemented by encrypted secure storage to secure critical secrets in your systems such as private keys, fingerprints etc. This part is usually done by external Trusted Platforms Modules (TPM) or some sort of encrypted storage provided within system such as OPTEE. 

Secure Boot Vulnerabilities: 

Secure boot can be exploited by hackers in several ways. Let’s have a look at these vulnerabilities and ways to protect them. 

  1. Weak Cryptography Algorithms: Hackers can try to reverse engineer your secure boot process and find vulnerabilities in your cryptographic algorithms. Therefore, it is recommended to always use some standard and powerful cryptographical algorithms for signing Secure Boot components.
  2. Inject Malicious Applications: Hackers can try to inject some malicious applications into your running system that can lead to unexpected behavior in the system. Therefore, you should always use dm-verity or dm-crypt in your system alongside secure boot. These techniques maintain the hashes of rootfs in kernel and doesn’t load if someone even changes a single bit in our root file system.
  3. Production Line Attacks: Keys used for signing secure boot components should also be managed carefully. Because sometimes hackers exploit the production servers and steal the keys. In this way, they can create their own signed firmware, executable on secure hardware. Therefore, it is recommended to use hardware security modules (HSM) for signing boot components as keys never come out of HSM and hackers can never steal private keys.
  4. Hardware Attacks: Hackers sometimes try to take control of devices and try to manipulate the memory contents, clock signals and other such things to extract useful information. So, always keep the things like JTAG ports and other hardware components off in production.
  5. Remote Firmware Update attacks: After enabling Secure Boot successfully, some companies don’t pay attention to secure remote firmware update. Hackers usually interfere with the update process and replace the firmware during the OTA process. So, always keep your update process compatible with secure boot so it cannot be exploited at any stage. 

Importance of Secure Boot: 

As seen above, Secure Boot in embedded systems creates a chain of trust where every boot component authenticates and validates the incoming component in boot process. Here are some more benefits of a secure boot 

  1. Prevent Unauthorized Code Execution: Secure Boot ensures that only authenticated, signed software or firmware can run on the embedded system. This prevents unauthorized code from being executed on the system.
  2. Prevents Malware Injection: Another impact of secure boot is that it prevents malware injection in the system. Once the hacker enters the system, it tries to inject malicious code into the system. This includes changing boot components, applications, and even the system core called kernel. But with a proper secure boot implementation, the hacker can’t even change a single component in the system as every component would come with relevant signature to execute. 
  3. Secrets Protection: Besides malware injection, hackers also try to steal the private data of the users. A proper Secure Boot complemented with some secure storage like an external Trusted Platform Module (TPM) or some trusted execution environment within the system (OPTEE) can greatly protect your critical secrets from hackers. 

Conclusion: 

Hope you have understood the importance of secure boot and its sister components like OPTEE and HSM. If you need any consultation related to secure boot in your system, book the free appointment now! 

Tags:

Powered By WordPress