To trust the software running on a hardware platform is one of the most fundamental principles of security. Many attacks on connected devices and systems are based on the attacker’s ability to replace or modify the software running on the attacked platform. Thus, it is important to ensure that the software running on a device is from the legitimate and intended source.
To ensure authenticity, software needs to be signed by the software provider who owns it, and has verified the software’s execution on the target device. This verification starts when the system is brought up from a cold boot. A secure boot process consists of several stages, called bootloader stages, where software is verified and installed at each stage.
A Secure Boot scheme adds cryptographic checks to each stage of the boot process. This process aims to prevent any unauthorized software from running by assuring the integrity of all boot images when each boot loader is called by the previous one. This process eliminates the possibility of unintended images being used on the platform by simple replacement or modification of the code image stored in module flash by either direct access or remote software upgrade. The figure illustrates one possible secure boot sequence.
The Samsung ARTIK platform provides a Secure Boot functionality to mitigate threats to the booting process. To ensure resilience against mass-compromises, an asymmetric key signature algorithm is used for signing and verification. Images are signed through a highly secure code signing system, where signing keys are stored and operated within Federal Information Processing Standards (FIPS) 140-2 certified Hardware Security Modules (HSM) based on strict access control policies. Samsung provides access to signing services to its customers for performing the signing at their own convenience, while relying on the operational and physical security provided by Samsung.
Verified boot, an optional feature provided by U-Boot, extends the security to the kernal and ramdisk. Refer to the Verified Boot article for details.