Developing a connected embedded device based on a Linux® distribution is never going to be easy. That’s a good thing in many ways, not least because it supports the premium pricing that sophisticated embedded products command.
It’s also why we have never made the claim that the FoundriesFactory™ platform makes embedded development easy. But what it can do is make the entire process of embedded product development and lifetime maintenance easier than it would otherwise be – and this includes the process of implementing secure boot.
In fact, the FoundriesFactory platform offers a streamlined development process, and is backed by the support and guidance of the Foundries.io customer success engineering team.
So why can implementing secure boot be a daunting prospect for development engineers?
Securing an unbroken chain of trust
Secure boot is an essential element of an embedded device’s security: it ensures that when a device boots, its kernel image and firmware are trusted and unmodified. This protects the device from the risk that a cyber-attacker could load compromised firmware that would cause the device to malfunction or would give the attacker access to the device or its network.
The secure boot process is complex, starting with a hardware-based root-of-trust. This root-of-trust may be established by a system-on-chip (SoC) which supports the Arm Platform Security Architecture (PSA). Some applications might use external hardware such as a hardware security module (HSM) or Trusted Platform Module (TPM). The root-of-trust contains a set of trusted cryptographic keys and bootloader code which is considered immutable and trustworthy. The process then has to maintain an unbroken chain of trust through the bootloader, to the kernel image up to userspace.
The development team implementing this process in an embedded Linux system might face a number of difficulties:
- Hardware modification – different SoCs have different configurations which mean that a secure boot process developed for one will not map exactly on to another.
- Design trade-offs – secure boot uses resources such as CPU cycles, memory, storage capacity and interfaces that are often in short supply. If securing the boot process substantially lengthens its duration, for instance, the OEM might face tough choices about hardware selection.
- Maintaining the chain of trust – across the bootloader, kernel, firmware, filesystem and other software, the device runs on a wide variety of open-source and proprietary software components. Implementing authentication, verification and attestation processes across these diverse elements can be time-consuming and can call for a broad range of knowledge and expertise in the development team.
- Key management – secure boot relies on cryptographic keys to verify the integrity and authenticity of boot components. Managing these keys securely across the supply chain, during manufacturing, and throughout the product lifecycle is critically important, and requires meticulous attention to detail as well as clear lines of responsibility in the development team.
- Firmware updating – it is not enough to enable secure boot in production units at the factory. The process needs to allow for remote firmware updates while maintaining the integrity and authenticity of boot code. A secure update mechanism is therefore essential.
Ready-made development flow and system components for secure boot
When development is based on the FoundriesFactory platform secure boot implementation is easier. Enhancing security is at the heart of the FoundriesFactory development flow: all the resources and processes which support security in other parts of the flow, such as key generation and management, or cryptography, are also available for deployment in the secure boot process.
Design integration is another advantage of the secure boot framework in the FoundriesFactory platform: a secure boot process developed on any supported SoC’s development board or evaluation kit can easily be ported to a customer board or third-party system-on-module (SoM) based on that SoC.
The FoundriesFactory platform also supports security processes, including secure boot, throughout the device’s entire lifecycle: not only in development, but also in production. The FoundriesFactory over-the-air update process based on The Update Framework (TUF) software is a ready-made solution that makes developing, delivering and deploying software updates smooth and secure.
And it is not only that the platform has secure boot built into it from the start: users also have access to expert advice and support from the Customer Success Engineering team, as well as access to dedicated documentation which reflects the streamlined implementation in the FoundriesFactory platform – the documentation is far simpler and shorter than that supplied by SoC manufacturers.
For all these reasons, implementation of secure boot is easier and faster when performed inside the FoundriesFactory platform. So, your development flow is more productive, and your device can end up being more secure. What’s not to like?