To use our site, you agree to the use of cookies and data processing according to our privacy statement.
Close
Search

Hardening Secure Boot On Embedded Devices for Hostile Environments

Slides and video from the presentation at BlueHat IL 2019

Download slides

Abstract

Secure boot is essential for secure embedded devices to prevent malicious actors from obtaining persistent runtime control, whether implemented on Internet of Things (IoT) or Electronic Control Units (ECUs) found in modern cars. Numerous public attacks on secure boot have shown, some of which by ourselves, that secure boot can be bypassed using a wide range of attack methods. Whether these attacks leverage software vulnerabilities or hardware attacks like hardware fault injection, there is a clear need across industries to harden secure boot properly.

In this talk we focus on hardening secure boot against software and hardware attacks. We leverage our decade long experience reviewing and attacking secure boot on embedded devices from different industries. We start by providing the audience with a description of the attack surface of secure boot. Then, we present our vision on secure boot design, which can be used as a starting point for a complete hardened secure boot solution. To be realistic, next to our security relevant requirements, we’ll take into account engineering costs, functional requirements and other non-security relevant requirements of secure boot. Attendees will take away a better understanding of what it takes to design secure boot securely, hopefully resulting in more secure products at reduced costs.

Download slides from the presentation here or watch the video below.