Secure Boot from Non-Volatile Memory for Programmable SoC-Architectures

Streit FJ, Fritz F, Becher A, Wildermann S, Werner S, Schmidt-Korth M, Pschyklenk M, Teich J (2020)

Publication Language: English

Publication Type: Conference contribution, Conference Contribution

Publication year: 2020

Conference Proceedings Title: IEEE Proceedings of the 13th International Symposium on Hardware Oriented Security and Trust

Event location: San José, USA US

DOI: 10.1109/HOST45689.2020.9300126

Abstract

In modern embedded systems, the trust in comprehensive security standards all along the product life cycle has become an increasingly important access-to-market requirement. However, these security standards rely on mandatory immunity assumptions such as the integrity and authenticity of an initial system configuration typically loaded from Non-Volatile Memory (NVM). This applies especially to FPGA-based programmable system-on-chip (PSoC) architectures, since object codes as well as configuration data easily exceed the capacity of a secure boot ROM. In this context, an attacker could try to alter the content of the NVM device in order to manipulate the system. The PSoC therefore relies on the integrity of the NVM particularly at boot-time. In this paper, we propose a methodology for securely booting from an NVM in a potentially unsecure environment by exploiting the reconfigurable logic of the FPGA. Here, the FPGA serves as a secure anchor point by performing required integrity and authenticity verifications prior to the configuration and execution of any user application loaded from the NVM on the PSoC. The proposed secure boot process is based on the following assumptions and steps: 1) The boot configuration is stored on a fully encrypted Secure Digital memory card (SD card) or alternatively Flash acting as NVM. 2) At boot time, a hardware design called Trusted Memory-Interface Unit (TMIU) is loaded to verify first the authenticity of the deployed NVM and then after decryption the integrity of its content. To demonstrate the practicability of our approach, we integrated the methodology into the vendor-specific secure boot process of a Xilinx Zynq PSoC and evaluated the design objectives performance, power and resource costs.

Authors with CRIS profile

Franz-Josef Streit Lehrstuhl für Informatik 12 (Hardware-Software-Co-Design) Florian Fritz Sonderforschungsbereich/Transregio 89 Invasives Rechnen Andreas Becher Lehrstuhl für Informatik 12 (Hardware-Software-Co-Design) Stefan Wildermann Lehrstuhl für Informatik 12 (Hardware-Software-Co-Design) Jürgen Teich Lehrstuhl für Informatik 12 (Hardware-Software-Co-Design)

Related research project(s)

Security Concepts for PSoCs (SecPSoCs) Aug. 1, 2018 - July 31, 2020

Involved external institutions

Schaeffler Technologies AG & Co. KG DE Germany (DE)

How to cite

APA:

Streit, F.-J., Fritz, F., Becher, A., Wildermann, S., Werner, S., Schmidt-Korth, M.,... Teich, J. (2020). Secure Boot from Non-Volatile Memory for Programmable SoC-Architectures. In IEEE Proceedings of the 13th International Symposium on Hardware Oriented Security and Trust. San José, USA, US.

MLA:

Streit, Franz-Josef, et al. "Secure Boot from Non-Volatile Memory for Programmable SoC-Architectures." Proceedings of the International Symposium on Hardware Oriented Security and Trust (HOST), San José, USA 2020.

BibTeX: Download