Streit FJ, Fritz F, Becher A, Wildermann S, Werner S, Schmidt-Korth M, Pschyklenk M, Teich J (2020)
Publication Language: English
Publication Type: Conference contribution, Conference Contribution
Publication year: 2020
Conference Proceedings Title: IEEE Proceedings of the 13th International Symposium on Hardware Oriented Security and Trust
In modern embedded systems, the trust in comprehensive security standards all along the product life cycle has become an increasingly important access-to-market requirement. However, these security standards rely on mandatory immunity assumptions such as the integrity and authenticity of an initial system configuration typically loaded from Non-Volatile Memory (NVM). This applies especially to FPGA-based programmable system-on-chip (PSoC) architectures, since object codes as well as configuration data easily exceed the capacity of a secure boot ROM. In this context, an attacker could try to alter the content of the NVM device in order to manipulate the system. The PSoC therefore relies on the integrity of the NVM particularly at boot-time. In this paper, we propose a methodology for securely booting from an NVM in a potentially unsecure environment by exploiting the reconfigurable logic of the FPGA. Here, the FPGA serves as a secure anchor point by performing required integrity and authenticity verifications prior to the configuration and execution of any user application loaded from the NVM on the PSoC. The proposed secure boot process is based on the following assumptions and steps: 1) The boot configuration is stored on a fully encrypted Secure Digital memory card (SD card) or alternatively Flash acting as NVM. 2) At boot time, a hardware design called Trusted Memory-Interface Unit (TMIU) is loaded to verify first the authenticity of the deployed NVM and then after decryption the integrity of its content. To demonstrate the practicability of our approach, we integrated the methodology into the vendor-specific secure boot process of a Xilinx Zynq PSoC and evaluated the design objectives performance, power and resource costs.
Streit, F.-J., Fritz, F., Becher, A., Wildermann, S., Werner, S., Schmidt-Korth, M.,... Teich, J. (2020). Secure Boot from Non-Volatile Memory for Programmable SoC-Architectures. In IEEE Proceedings of the 13th International Symposium on Hardware Oriented Security and Trust. San José, USA, US.
Streit, Franz-Josef, et al. "Secure Boot from Non-Volatile Memory for Programmable SoC-Architectures." Proceedings of the International Symposium on Hardware Oriented Security and Trust (HOST), San José, USA 2020.