Basic Concepts of RidgeRun Platform Security Manual




NVIDIA partner logo NXP partner logo






Basic Concepts

This subsection introduces the fundamental concepts of Trusted Computing and Embedded System Security techniques. The techniques will be explained further in their respective sections, and a guide for their implementation in the platforms supported by RidgeRun will be provided.

Root of Trust

The Root of Trust is the foundation (or root) of the system's trustworthiness. It determines whether something is trustable or not. It is usually provided by hardware (using cryptographic chips) or firmware (like a bootloader) and should be tamper-resistant, meaning that it cannot be altered in any way possible.

Secure Boot

A security feature in charge of loading the operating system components, drivers, and other software. It verifies that the software components comply with security requirements and checks digital signatures and integrity. Secure Boot uses key-based digital signatures. The hashes (integrity check) are retrieved by decryption for later hash checking for integrity. The fact that it uses keys (hardware private key and bootloader public key) dictates that the bootloader is trustworthy and is loadable.

 
Fig 1. Secure Boot on Nvidia Jetson. Extracted from link

Trusted Environments

Isolated spaces from the OS. It splits the CPU and the memory into two parts: secure and non-secure worlds. The secure world is isolated from the OS, avoiding interventions and possibly tampings that can get access to secure applications. Usually, the trusted environments provide special CPU and memory instructions (through secure calls), including key verification, encryption, decryption and others. It is used in sensitive applications like payments, key management, integrity and authentication. OP-TEE is one of the most popular and is based on ARM TrustZone.

 
Fig 1. Secure world vs non-secure world. Extracted from link

Trusted Platform Module (TPM)

A hardware component that provides cryptographic functionality, such as key storage, key generation, attestation, and signing, is part of the root of trust.

Key Management Systems(Keyring)

Mechanism to manage the keys, including storage, verification, access and generation. Examples: Linux Keyring and TPM.

Measured Boot and Integrity Measurement Architecture (IMA)

The measured boot is a process that securely leverages the OS and measures its state of integrity. It uses the TPM (combination of TPM + Secure Boot) to log and verify the components.

Disk Encryption

Disk encryption is accomplished when all the data is encrypted. To access the data, the folders or the entire disk must be decrypted using an intermediate system like InitRAM. This avoids data leakages and unauthorized access to data.

Kiosk Mode

Kiosk Mode is a specialized mode in operating systems or software applications that locks a device into a single application or a limited set of features. This prevents users from accessing anything outside the intended application or service. It's typically used in public or restricted environments where full system access isn't desired. There are three types of kiosk modes which are as follows:

  • Single-App Kiosk Mode:
    • Locks the device to one application.
    • Common in mobile devices (e.g., locking a tablet to a single app).
  • Multi-App Kiosk Mode:
    • Allows a limited set of applications while restricting access to everything else.
    • Useful for business environments where employees need access to multiple secure apps.
  • Browser-Based Kiosk Mode:
    • Locks the device to a specific website or web application using a web browser.
    • Great for interactive kiosks where only web content needs to be displayed.

Platform support

You can check the platforms supported by RidgeRun and the security features supported by each platform in the Platform Support section.