secureboot

Signed-off-by: Holger Dengler <dengler@linutronix.de>

1 files changed, 84 insertions, 0 deletions

diff --git a/security/secureboot/frm_secboot_basics.tex b/security/secureboot/frm_secboot_basics.tex
new file mode 100644
index 0000000..d34d1c6
--- /dev/null
+++ b/security/secureboot/frm_secboot_basics.tex
@@ -0,0 +1,84 @@
+% ----------------------------
+\subsection{Basics}
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{Motivation}
+Why do we talk about Secureboot?
+\begin{itemize}
+\item Protection
+ \begin{itemize}
+ \item Remote Access
+ \item Physical Access
+ \end{itemize}
+\item Support/Warranty
+\end{itemize}
+
+How do we get it?
+\begin{itemize}
+\item Solution: Code Integrity
+\item Implementation: Secureboot
+\end{itemize}
+\end{frame}
+
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{Data Integrity}
+ \begin{figure}[h]
+ \centering
+ \includegraphics[width=8cm]{images/data-hash-signature.png}
+ \end{figure}
+\end{frame}
+
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{Typical Boot Sequence}
+\begin{itemize}
+\item Power/Reset
+\item ROM Loader (load, execute BL)
+\item Bootloader (load, execute OS)
+\item Operating System (load, execute Application)
+\end{itemize}
+
+\begin{figure}[h]
+\centering
+\includegraphics[width=8cm]{images/bootseq_typical.png}
+\end{figure}
+\end{frame}
+
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{Secure Boot Sequence}
+\begin{itemize}
+\item Power/Reset
+\item ROM Loader (load, verify, execute BL)
+\item Bootloader (load, verify, execute OS)
+\item Operating System (load, verify, execute Application)
+\end{itemize}
+
+\begin{figure}[h]
+\centering
+\includegraphics[width=8cm]{images/bootseq_sec.png}
+\end{figure}
+\end{frame}
+
+% ----------------------------
+\begin{frame}[fragile]
+\frametitle{Secure Boot Sequence}
+\begin{itemize}
+\item Power/Reset
+\item ROM Loader
+ \begin{itemize}
+ \item Hardware Specific
+ \item e.g. High Assurance Boot v4 (i.mx6/7/8)
+ \end{itemize}
+\item Bootloader (u-boot)
+ \begin{itemize}
+ \item signed FIT Images
+ \end{itemize}
+\item Operating System (Linux)
+ \begin{itemize}
+ \item signed Modules
+ \item Filesystem Integrity
+ \end{itemize}
+\end{itemize}
+\end{frame}