Transcription
DESIGNING SECURE IOT DEVICES STARTSWITH A SECURE BOOTDONNIE GARCIA, SOLUTIONS ARCHITECT FORSECURE TRANSACTIONS, NXPDIYA SOUBRA, SENIOR PRODUCT MARKETINGMANAGER, ARMPUBLIC
PROPER REARING FOR THE IOT EDGE NODE STARTS WITH A SECURE BOOTPhishing scams perpetrated by re-purposing IoT end nodes is a real threat. A plan for thedevelopment, manufacturing and deployment stages of IoT edge nodes must be made. Thecomplexities of life cycle management create a demanding environment where developers must makeuse of available resources to create the hardware, software, policies and partnerships used to achieveproduct goals. An essential component is protecting each device power up with a secure and trustedboot. This can be achieved with the right MCU hardware capabilities and ARM mbed TLS. Thiswebinar will introduce a life cycle management model and detail the steps for how to achieve a secureboot with NXP’s ARM Cortex -M based MCUs with mbed TLS cryptography support. A special guestfrom ARM will discuss new processors and architectures with ARM TrustZone for ARMv8-M that willfree time and resources for secure designs.In this webinar, you will learn how to: Manage the life cycle of an IoT edge node from development to deploymentLeverage hardware and software offerings available with the Kinetis MCU portfolio that can helpyou protect against attacks Ease the burden of secure IoT edge node development using new processors and architecturesfrom ARM PUBLIC1
Agenda IoT Edge Node Life Cycle Management Model Secure Boot Architecture NXP Kinetis MCU solution PUBLIC2 Set Flash Block Protection Set Chip Security Levelmbed TLS Adding Relevant Source Code to KBOOT APIs Needed for Key Generation, Signatures and VerificationKBOOT Tools Boot Directive file Using ElfToSB Using BlhostPortability Kinetis K28F MCU How To:Moving to Other TargetsARMv8-M: What the future will bring New Capabilities to Make Secure Designs Ecosystem and Developer Friendly Improved Developer Productivity and Higher Energy Efficiency
1IoT Edge Node Life Cycle Management ModelPUBLIC3
Less-Trust EnvironmentsSecure EnvironmentsCloud ServiceDevelopment rityPoliciesManufacturing PhaseCloud e Assembling ProcessSignedApplicationFirmwareDeployed Phase4SignedApplicationFirmwareDevice Assembling ProcessAssemblyPoliciesPUBLICFactorySecToolUser PoliciesCloud Service
Less-Trust EnvironmentsSecure EnvironmentsCloud ServiceDevelopment rityPoliciesDeployed PhaseManufacturing PhaseCloud ServicePUBLIC5SecureBootFirmwareFactorySecToolEnd Product ownerAuditdevelopsa security tool andSecureBootsecuritytool firmware. ThisFirmwaretool is used to generatePublic Key/Privatekey pairs,Device Assembling ProcessSign application firmwareand interface securely to thecloud service rmwareDevice Assembling ProcessAssemblyPoliciesUser PoliciesCloud Service
Less-Trust EnvironmentsManufacturing PhaseDevelopment PhaseDevelopersSecure EnvironmentsCloud ServiceEnd Product ownerdevelops root of trustfirmware. This firmwareperforms secure boot andsecure bootApplicationloading. ThisAuditSoftwareis where sensitivedataSecurity(Secrets) such as productPoliciesIDs, Service IDs and UniqueIDs are generated. TheseCloud ServiceFactorySecTool are passed to thesecretscloud service provider.AuditSecureBootEXAMPLE:KBOOT withProgrammingFirmwarePoliciesfirmware authenticationDevice Assembling edApplicationFirmwareDeployed Phase6SignedApplicationFirmwareDevice Assembling ProcessAssemblyPoliciesPUBLICFactorySecToolUser PoliciesCloud Service
Less-Trust EnvironmentsSecure EnvironmentsCloud ServiceDevelopment reApplicationSoftwareAuditManufacturing PhaseSecurityPoliciesDeployed Phase7FactorySecToolCloud ServiceSecureApplication code couldbe developed by external developersorBootFactoryFirmwareSecTool by the end product owner. For both cases thereshould beFactorysecurity policiesapplication firmware.Audit in place for deforunwantedpromptsfor FirmwareFirmwarethe end device shoulddata (Enter PIN), or a list Policiesof words thatnot say. Device Assembling ProcessDevice Assembling ser PoliciesCloud Service
Less-Trust EnvironmentsSecure EnvironmentsCloud ServiceDevelopment rityPoliciesManufacturing PhaseCloud e Assembling ProcessSignedApplicationFirmwareDeployed Phase8SignedApplicationFirmwareDevice Assembling ProcessAssemblyPoliciesPUBLICFactorySecToolUser PoliciesCloud ServiceFor the case of acontrolledmanufacturing site, thenthe factory tool is usedto sign applicationsoftware.Chip securitymechanisms are usedto protect the secureboot firmware.EXAMPLE: Kinetis flashblock protection, FlashAccess control, Chipsecurity.
Less-Trust EnvironmentsSecure EnvironmentsCloud ServiceDevelopment uring PhaseCloud oolAuditProgrammingPoliciesDevice Assembling ProcessSignedApplicationFirmwareDevice Assembling ProcessDeployed PhaseAssemblyPoliciesPUBLIC9If an untrustedManufacturing site is used,then Securitythefactory tool must beToolFirmwaredeployedthere. The factorytool can interface to theFactoryCloudservice providerSecToolsecurely to get the secureboot Firmware. The secureSecureboot Firmware must beBootFirmwaresecurely placed on to theend device, then the deviceSignedcan accept signedApplicationFirmwareapplication code.User PoliciesCloud Service
Less-Trust EnvironmentsSecure EnvironmentsCloud ServiceDevelopment PhaseDevelopersCloud service provider isalerted that the device isdeployable, also the uniquedevice ID is set atApplicationthis ring PhaseCloud e Assembling ProcessSignedApplicationFirmwareDeployed Phase10SignedApplicationFirmwareDevice Assembling ProcessAssemblyPoliciesPUBLICFactorySecToolUser PoliciesCloud Service
Less-Trust EnvironmentsSecure EnvironmentsCloud ServiceDevelopment rityPoliciesManufacturing PhaseCloud eDeployed PhaseSignedApplicationFirmwareDevice Assembling ProcessAssemblyPolicies11Programming policiesensure that the propersteps are taken andcontrols are in place toprotect the programming ofthe end device.FactorySecToolAuditDevice Assembling ProcessPUBLICFactorySecToolFor either a securemanufacturing site or aless trust environment:User PoliciesCloud ServiceAssembly Policies ensurethat only approvedcomponents are used
Less-Trust EnvironmentsSecure EnvironmentsCloud ServiceDevelopment rityPoliciesManufacturing PhaseCloud e Assembling ProcessSignedApplicationFirmwareDeployed Phase12SignedApplicationFirmwareDevice Assembling ProcessAssemblyPoliciesPUBLICFactorySecToolUser PoliciesCloud ServiceUser policies provideguidelines for the end userto maintain the security ofthe device. EXAMPLE:Check for pin pad overlays,or skimmers.
Less-Trust EnvironmentsManufacturing PhaseDevelopment PhaseDevelopersSecure EnvironmentsCloud ServiceOur Focus for thiswebinarApplication– DevelopmentAuditSoftwareof secure boot, factorySecuritytools and manufacturing Policiesin a trusted environmentCloud esDevice Assembling ProcessSignedApplicationFirmwareDeployed Phase13SignedApplicationFirmwareDevice Assembling ProcessAssemblyPoliciesPUBLICFactorySecToolUser PoliciesCloud Service
2Secure Boot ArchitecturePUBLIC14
System Architecture for Secure BootPUBLIC15
Using KBOOT for Secure Boot Functions Factory KBOOT application Thisbootloader application is for use in asecure manufacturing environment. Themain security functions in addition tobootloader functions are to generate aPUB/PRIV key pair and to generate thesignature for application code using theprivate key.K28FHardwarefor KBOOTFactoryApplication Production KBOOT application Thisbootloader application is for use in adeployed device. The main securityfunctions in addition to bootloaderfunctions are to check the signature ofapplication code using the public key,and only allow execution of the applicationcode if the signature is authentic.Production KBOOT HWHOST TOOLS: Kinetis Flash Tool, blhost, elftosb, Kinetis MCU HostPUBLIC16
Using KBOOT Tools in Manufacturing PhasePUBLIC17
2.1Kinetis K28F: How to Configure HardwarePUBLIC18
Take Control of Boot Flow Non-volatile control register bits [BOOTSRC SEL] K28F reference manual section 7.3.4 Boot Sequence . Once configured this way, the RESET module state machine of the K28 150MHzdevice will ensure that internal flash will be fetched and the secure boot code willalways run.PUBLIC19
Flash Block Protection As detailed in section 33.3.3.6 of the K28 150MHz reference manual, “TheFPROT registers define which program flash regions are protected from programand erase operations. Protected flash regions cannot have their content changed;that is, these regions cannot be programmed and cannot be erased ”PUBLIC20
Flash Configuration Field The control registers for controlling boot flow, setting flash block protect and chipsecurity settings are all part of a block of non-volatile registers as detailed insection 33.3.1 Flash Configuration Field ConfigurationPUBLIC21
Warning: Use Caution Extreme care must be taken when using these fields because the chip can belocked out in flash programming if the program image does not have these fieldssetup correctly.PUBLIC22
Recovery for Security Locked Devices in MCUXpresso IDEPUBLIC23
MCUXpresso and Setting Flash Configuration Field The Flash Configuration Field is handled by the Managed Linker Scriptmechanisms of MCUXpresso IDEPUBLIC24
MCUXpresso and Setting Flash Configuration Field The Flash Configuration Field is handled by the Managed Linker Scriptmechanisms of MCUXpresso IDEPUBLIC25
MCUXpresso and Setting Flash Configuration Field The Flash Configuration Field is handled by the Managed Linker Scriptmechanisms of MCUXpresso IDEPUBLIC26
MCUXpresso and Setting Flash Configuration FieldPUBLIC27
MCUXpresso and Setting Flash Configuration Field The Flash Configuration Field is handled by the Managed Linker Scriptmechanisms of MCUXpresso IDEBoot Options (Source and clocking) 0x3DFlash Protection register 0xFEPUBLIC28
MCUXpresso and Setting Flash Configuration Field The Flash Configuration Field is handled by the Managed Linker Scriptmechanisms of MCUXpresso IDEPUBLIC29
Recovery for Security Locked DevicesPUBLIC30
2.2mbed TLSPUBLIC31
ARM mbed TLS Files and Relevant APIs Ecdsa example program path SDK 2.2 FRDM-K28F\middleware\mbedtls 2.3.0\programs\pkey\ecdsa.cPUBLIC32
mbed TLS ecdsa.c ExamplePUBLIC33
Kinetis K28F mbed TLS ecdsa BenchmarkPUBLIC34
ARM mbed TLS Files and Relevant APIs Factory Application vs Production secure boot loaderKeyGeneration/Signaturembedtls ctr drbg initmbedtls entropy initmbedtls ctr drbg seedmbedtls ecdsa genkeySignature Verificationmbedtls ecp group copymbedtls ecp copyHash of Firmwarembedtls sha256mbedtls ecdsa write signaturePUBLIC35mbedtls ecdsa read signature
2.3KBOOT ToolsPUBLIC36
KBOOT Tools: Documentation Kinetis KBOOT Documentation Getting Includesapplications users guides Specificusers guides for tools Blhost users guide for interfacing to a Kinetis devicerunning KBOOT 37Blhost commands allow manufacturing sites to extractsignature and public key informationElftoSB users guide for generating secure binaries PUBLICstarted documentsElftoSB is used to group binaries for building theproduction application
Blhost Tool: Documentation of Commands Blhost users guide Section 4.2Used to exportpubkey.bin andsignature.bin to beused in productionapplicationPUBLIC38
Blhost Tool: Commands Exporting Binaries blhostUSBPUBLIC39–u -- read-memory 0x2000040 24 pubkey.binCommandSourceAddressSizeDestination
Elftosb Tool Documentation of BD filePUBLIC40
3PortabilityPUBLIC41
Applying This Solution to Other Platforms Kinetis K28F is highly capable processor with large memory footprint, but it maynot fit for your every IoT edge node application Sizeconstraints Performance/power Notthe right I/O voltage or peripherals Boot limitationstimeMigrating within the Kinetis MCU portfolio mbedPUBLIC42TLS support allows portability
Secure Card Reader SolutionPUBLIC43
4ARM TrustZone for ARMv8-MPUBLIC44
Objective: Security for All Embedded ApplicationsIP ProtectionRoot-of-trust applications - IoTTrusted softwareTrusted hardwareCryptoSecuresystemSecurestorageValuable firmwareTrusted driversTrusted hardwareTRNG*SandboxingUntrustedTrustedCertified OS / functionality* True random number generatorPUBLIC45Certified OS / functionalityTrusted driversTrusted hardwareIndustrystandardDeveloper EcosystemfriendlyfriendlyEmbeddedfriendly
PrivilegedUnprivilegedFuture Software ArchitectureUntrustedTrustedUser interfaceUILibraryProtocolstacksDevice driversInterrupthandlersCryptographylibrarySystem &powermanagementSecure bootOS kernelSecurity APISoftware from MCUsystem rustedTrustedviewFirmwareSecure servicesSecure firmwareDataSecure dataPeripheralsMemoryCPU resourcesBuilt-in firmwareTwo worlds - one CPUReal-time transition** 2 cycles
Future Device ArchitectureIDAUARMCortex -M33Cortex-M23processorIDAUTrustZone aware busmaster(Non-Secure)Legacy acy busmasterIDAUSecure regionsNon-secure regionsInterconnect IPBus masterIDAUARM AMBA 5 AHB5 interconnectSecureaccess onlySecure BootloaderARM CoreLink -SDK ryprotectioncontrollerSRAM(Watermark levelbased sAHB5 to als
ConclusionIn today’s connected world, the protection of firmware is an essential component todelivering solutions that safeguard device manufacturers and their customers.Essential to sustaining end-to-end security is a secure and trusted boot, which canbe achieved with the right MCU hardware capabilities and ARM mbed TLS. NXP’smicrocontrollers contain the hardware features and software enablement that can beintegrated to strengthen end device security and protect value. As the drive towardslower power and higher performance efficiency for IoT edge nodes continues, futurecapabilities in embedded controllers and ARM processors will provide the basis forfuture security solutions for the IoT.PUBLIC48
INETISResources kinetisbootloader:KBOOT?&tid LIC49
White paperPUBLIC50
NXP, the NXP logo and Kinetis are trademarks of NXP B.V. All other product or service names are the property of their respective owners. ARM, Cortex and TrustZone are registered trademarksof ARM Limited (or its subsidiaries) in the EU and/or elsewhere. All rights reserved. 2017 NXP B.V.
MANAGER,ARM DESIGNING SECURE IOT DEVICES STARTS WITH A SECURE BOOT. PUBLIC 1 . Less-Trust Environments Secure Environments Application Software Secure Boot Firmware Cloud Service Security Policies Audit Application Software Securi
