As an end user of many connect electronic devices, I often find myself questioning just how secure are these devices and the communication between them. Luckily, I know that there are many smart engineers out there ready to tackle that problem, including my colleague, Donnie Garcia, Solutions Architect for Security and IoT at NXP. He is first to admit that there is no simple answer, turnkey solution or magic spell to fix all of the end-to-end security flaws already built into our embedded world. But, while the overall task of securing the IoT can be daunting, there are very specific steps that are achievable and ready to implement now. Secure boot is one such task.
A secure boot design protects against a wide range of attack scenarios. Whether it be focused attacks or remote attacks against firmware updates, or even a future scenario that we are not yet aware. The act of authenticating application code before allowing it to run is an essential component of end-to-end security. In fact, I have heard secure boot be referred to as the “cornerstone of an electronic device’s trustworthiness.” But how is secure boot implemented? Whose responsibility is it?
One can protect against attacks to the hardware of a device by designing with a microcontroller, such as a Kinetis MCU, that starts executing software from an internal memory that can not be modified. To tackle the secure boot design however, the embedded system developer must then also address the following topics:
- Creating a security model
- Planning for key management
- Choosing cryptographic algorithms
- Implementing lifecycle management
- Configuring the target processor
- Using development and manufacturing tools
- Generating security policies.
Donnie and the rest of the NXP IoT and Security Solutions team have been building up resources including webinars, whitepapers and hands-on courses around the broadly deployed Kinetis MCU product line to address these topics. Watch these webinars: How to protect your firmware against malicious attacks using the latest Kinetis development board and Designing Secure IoT Devices Starts with a Secure Boot. Check out the hands-on lab guide - Payment Solutions – Secure Boot Lab Guide. You can also go deep with the whitepaper – Prevent edge node attacks by securing your firmware.
I would love to hear from you if your end products implement a secure boot today. Will your next product development integrate a secure boot?
Let me know what security topics would you like to learn more about.
