Improving Embedded Operating System Security Part 5: Securing Code and Data
Secure the Boot and Execution
Embedded systems are vulnerable at boot time. For example, it’s common for hobbyists to re-flash consumer products’ firmware to change the way it operates. However, malicious attacks on device boot up and operation are undesirable for mission critical systems. In addition, devices often allow updates via web interfaces or other remote access creating a serious security threat if abused. Securing the boot image is an important step to securing your device. Trusted boot images are cryptographically signed with an identifier that the hardware recognizes as the only acceptable signature for execution. An example of this is a Trusted Platform Module (TPM), which provides hardware support for encryption, key storage and random number generation. Moreover, a TPM can provide a trusted key value for the device hardware and software. A device without its TPM wouldn’t start or if the software and hardware configuration didn’t match expected values. Any tampering with code or hardware prevents device operation. For example TPM support is common in many PC motherboards (although likely not used much in consumer use.)