RidgeRun Platform Security Manual/Platform Security/Secure Boot: Difference between revisions

RidgeRun Platform Security Manual/Platform Security/Secure Boot (view source)

Revision as of 18:21, 29 January 2025

967 bytes added , 29 January

no edit summary

Cjimenez

298

edits

❯

@@ Line 47: / Line 47: @@
 === Example: NVIDIA Jetson ===
-{{review|Add some examples from the NVIDIA Jetson as well |lleon}}
+Nvidia supports '''UEFI Secure Boot''' on its Jetson Platforms, which uses RSA to validate the authenticity and integrity of the code. Private and public keys must be generated by the developer and then attached to the system in the form of an UEFI authenticated variable.
+<br>
+After keys have been enrolled in the target system, they must be used to sign the UEFI payloads that are going to be generated when the image is created. This payloads include the L4tLauncher, kernel, kernel-dtb with private key and flash signed images. After this, when an image is loaded into the system, the UEFI is going to verify the image signature by using the associated certificate/public key at boot time, and if there is a match the system will boot normally. This process is illustrated in figure 1.
+[[File:Nvidia UEFI Secureboot.png|650px|thumb|center|Fig 1. UEFI Secure Boot in Nvidia Jetson platforms. Extracted from [https://docs.nvidia.com/jetson/archives/r35.4.1/DeveloperGuide/text/SD/Security/SecureBoot.html#uefi-secureboot link]]]
 <br>
@@ Line 55: / Line 61: @@
 As an example of a Secure Boot implementation, we can look at '''NXP's High Assurance Boot or HAB'''. As a first step of the implementation, a '''utility is used to generate private and public keys'''. The private key is used to encrypt the image that is being built, and as a result of this encryption, a unique identifier certificate is obtained and attached to the image along with the public key. The hash of the obtained public key is also burned to chip. This process is illustrated in Figure 1 and the process of obtaining the private key certificate is illustrated in Figure 2.
-[[File:HAB key generation.png|650px|thumb|center|Fig 1. HAB key generation. Extracted from [https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/imx-processors/60046/1/i.MX_6_Linux_High_Assurance_Boot_(HAB)_User%2527s_Guide.pdf link]]]
+[[File:HAB key generation.png|650px|thumb|center|Fig 2. HAB key generation. Extracted from [https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/imx-processors/60046/1/i.MX_6_Linux_High_Assurance_Boot_(HAB)_User%2527s_Guide.pdf link]]]
-[[File:HAB certificate generation.png|650px|thumb|center|Fig 2. HAB certificate generation. Extracted from [https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/imx-processors/60046/1/i.MX_6_Linux_High_Assurance_Boot_(HAB)_User%2527s_Guide.pdf link]]]
+[[File:HAB certificate generation.png|650px|thumb|center|Fig 3. HAB certificate generation. Extracted from [https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/imx-processors/60046/1/i.MX_6_Linux_High_Assurance_Boot_(HAB)_User%2527s_Guide.pdf link]]]
 When an image is loaded into the board, the public key decrypts the certificate. After this, the obtained certificate is compared with the image to ensure they match. If the match is successful, the image can be trusted, and the system will boot as normal. However, the image is deemed unsafe if a match is not obtained, and the system won't boot. A correct certificate can only be obtained if a user has access to the private key. This process is illustrated in Figure 3.
-[[File:HAB authentication.png|650px|thumb|center|Fig 2. HAB authentication process. Extracted from [https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/imx-processors/60046/1/i.MX_6_Linux_High_Assurance_Boot_(HAB)_User%2527s_Guide.pdf link]]]
+[[File:HAB authentication.png|650px|thumb|center|Fig 4. HAB authentication process. Extracted from [https://community.nxp.com/pwmxy87654/attachments/pwmxy87654/imx-processors/60046/1/i.MX_6_Linux_High_Assurance_Boot_(HAB)_User%2527s_Guide.pdf link]]]
 <noinclude>