RidgeRun Platform Security Manual/Platform Security/Secure Boot: Difference between revisions

RidgeRun Platform Security Manual/Platform Security/Secure Boot (view source)

346 bytes added , 22 January

no edit summary

298

edits

❯

@@ Line 22: / Line 22: @@
 As this verification relies that on cryptographic keys that are going to be burned onto the system, it is very important to correctly configure Secure Boot with the correct desired keys and ensure that these keys are stored safely. Is the configuration is done with an incorrect key, this can lead to failures when trying to use the system as the expected key is different from the key provided by the image being tested. On the other hand, is Secure Boot was correctly configured but the keys were not stored securely, malicious parties can gain access to the keys which can lead to the creation of malicious software that is signed with the keys expected by the system. In this case the secure boot process won't fail and the system could be tampered with, so it is very important to ensure that only authorized developers have access to the keys burned on the system.
+<br>
+As an example of a Secure Boot implementation we can look at NXP's High Assurance Boot or HAB.
+[[File:HAB key generation.png|650px|thumb|center|Fig 1. HAB key generation. Extracted from [https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/imx-processors/60046/1/i.MX_6_Linux_High_Assurance_Boot_(HAB)_User%2527s_Guide.pdf link]]]
 <noinclude>