path: root/security/secureboot/frm_secboot_basics.tex

% ----------------------------
\subsection{Basics}
% ----------------------------
\begin{frame}[fragile]
\frametitle{Motivation}
Why do we talk about Secureboot?
\begin{itemize}
\item Protection
 \begin{itemize}
 \item Remote Access
 \item Physical Access
 \end{itemize}
\item Support/Warranty
\end{itemize}

How do we get it?
\begin{itemize}
\item Solution: Code Integrity
\item Implementation: Secureboot
\end{itemize}
\end{frame}

% ----------------------------
\begin{frame}[fragile]
\frametitle{Data Integrity}
 \begin{figure}[h]
 \centering
 \includegraphics[width=8cm]{images/data-hash-signature.png}
 \end{figure}
\end{frame}

% ----------------------------
\begin{frame}[fragile]
\frametitle{Typical Boot Sequence}
\begin{itemize}
\item Power/Reset
\item ROM Loader (load, execute BL)
\item Bootloader (load, execute OS)
\item Operating System (load, execute Application)
\end{itemize}

\begin{figure}[h]
\centering
\includegraphics[width=8cm]{images/bootseq_typical.png}
\end{figure}
\end{frame}

% ----------------------------
\begin{frame}[fragile]
\frametitle{Secure Boot Sequence}
\begin{itemize}
\item Power/Reset
\item ROM Loader (load, verify, execute BL)
\item Bootloader (load, verify, execute OS)
\item Operating System (load, verify, execute Application)
\end{itemize}

\begin{figure}[h]
\centering
\includegraphics[width=8cm]{images/bootseq_sec.png}
\end{figure}
\end{frame}

% ----------------------------
\begin{frame}[fragile]
\frametitle{Secure Boot Sequence}
\begin{itemize}
\item Power/Reset
\item ROM Loader
 \begin{itemize}
 \item Hardware Specific
 \item e.g. High Assurance Boot v4 (i.mx6/7/8)
 \end{itemize}
\item Bootloader (u-boot)
 \begin{itemize}
 \item signed FIT Images
 \end{itemize}
\item Operating System (Linux)
 \begin{itemize}
 \item signed Modules
 \item Filesystem Integrity
 \end{itemize}
\end{itemize}
\end{frame}