diff options
Diffstat (limited to 'security/secureboot/frm_secboot_hab.tex')
| -rw-r--r-- | security/secureboot/frm_secboot_hab.tex | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/security/secureboot/frm_secboot_hab.tex b/security/secureboot/frm_secboot_hab.tex new file mode 100644 index 0000000..1d1c925 --- /dev/null +++ b/security/secureboot/frm_secboot_hab.tex @@ -0,0 +1,111 @@ +% ---------------------------- +\subsection{NXP High Assurance Boot (i.mx-Family)} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{i.mx Boot} +\begin{itemize} +\item High Assurance Boot (HAB) +\item v4.x in i.mx6/7/8 +\item Boot-Image Verification +\item Key-Hash in One-Time-Programmable (OTP) Memory/Fuses +\item PKI: + \begin{itemize} + \item up to 4 Storage Root Keys (SRK) + \item separate Sequence and Image Key Trees + \item Field Key-Revoke possible (only SRK 0-2) + \item ECC (only for SRK-CA) + \end{itemize} +\item Cryptographic Methods: + \begin{itemize} + \item sha256 + \item RSA-4096 + \item ECC (SRK CA only) + \end{itemize} +\end{itemize} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{HAB Boot Image} +\begin{columns}[onlytextwidth] + \begin{column}{0.5\textwidth} + \begin{itemize} + \item Image Vector Table + \item Device Configuration Data + \item Bootloader + \item opt.: Command Sequence + \end{itemize} + \end{column} + \begin{column}{0.5\textwidth} + \begin{figure}[h] + \centering + \includegraphics[width=6cm]{images/imx-hab-image.png} + \end{figure} + \end{column} +\end{columns} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{HAB Boot Sequence} +\begin{columns}[onlytextwidth] + \begin{column}{0.5\textwidth} + \begin{enumerate} + \begin{scriptsize} + \item configure HAB + \item verify SRK Table + \item process Command Sequence \\ + (unprotected part) + \begin{enumerate} + \begin{scriptsize} + \item install single SRK PubK + \item verify CSFK Certificate \\ + (w/ installed SRK) + \item install CSFK PubK + \item verify protected CSF Part \\ + (w/ installed CSFK) + \end{scriptsize} + \end{enumerate} + \item process Command Sequence \\ + (protected part) + \begin{enumerate} + \begin{scriptsize} + \item configure Crypt-Infrastructure + \item verify IMGK Certificate \\ + (w/ installed SRK) + \item install IMGK PubK + \item verify Image \\ + (w/ installed IMGK) + \item execute Image + \end{scriptsize} + \end{enumerate} + \end{scriptsize} + \end{enumerate} + \end{column} + \begin{column}{0.5\textwidth} + \begin{figure}[h] + \centering + \includegraphics[width=3cm]{images/imx-hab-csf.png} + \end{figure} + \end{column} +\end{columns} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{HAB: SRK Table Verification} + \begin{figure}[h] + \centering + \includegraphics[width=7cm]{images/imx-hab-verifysrk.png} + \end{figure} +\end{frame} + +% ---------------------------- +\begin{frame}[fragile] +\frametitle{HAB: Key Hierarchy} + \begin{figure}[h] + \centering + \includegraphics[width=8cm]{images/imx-hab-keyhierarchy.png} + \end{figure} +\end{frame} |