diff options
Diffstat (limited to 'security/secureboot/frm_secboot_basics.tex')
| -rw-r--r-- | security/secureboot/frm_secboot_basics.tex | 84 |
1 files changed, 84 insertions, 0 deletions
diff --git a/security/secureboot/frm_secboot_basics.tex b/security/secureboot/frm_secboot_basics.tex new file mode 100644 index 0000000..d34d1c6 --- /dev/null +++ b/security/secureboot/frm_secboot_basics.tex @@ -0,0 +1,84 @@ +% ---------------------------- +\subsection{Basics} +% ---------------------------- +\begin{frame}[fragile] +\frametitle{Motivation} +Why do we talk about Secureboot? +\begin{itemize} +\item Protection + \begin{itemize} + \item Remote Access + \item Physical Access + \end{itemize} +\item Support/Warranty +\end{itemize} + +How do we get it? +\begin{itemize} +\item Solution: Code Integrity +\item Implementation: Secureboot +\end{itemize} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{Data Integrity} + \begin{figure}[h] + \centering + \includegraphics[width=8cm]{images/data-hash-signature.png} + \end{figure} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{Typical Boot Sequence} +\begin{itemize} +\item Power/Reset +\item ROM Loader (load, execute BL) +\item Bootloader (load, execute OS) +\item Operating System (load, execute Application) +\end{itemize} + +\begin{figure}[h] +\centering +\includegraphics[width=8cm]{images/bootseq_typical.png} +\end{figure} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{Secure Boot Sequence} +\begin{itemize} +\item Power/Reset +\item ROM Loader (load, verify, execute BL) +\item Bootloader (load, verify, execute OS) +\item Operating System (load, verify, execute Application) +\end{itemize} + +\begin{figure}[h] +\centering +\includegraphics[width=8cm]{images/bootseq_sec.png} +\end{figure} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{Secure Boot Sequence} +\begin{itemize} +\item Power/Reset +\item ROM Loader + \begin{itemize} + \item Hardware Specific + \item e.g. High Assurance Boot v4 (i.mx6/7/8) + \end{itemize} +\item Bootloader (u-boot) + \begin{itemize} + \item signed FIT Images + \end{itemize} +\item Operating System (Linux) + \begin{itemize} + \item signed Modules + \item Filesystem Integrity + \end{itemize} +\end{itemize} +\end{frame} |