Hardening Secure Boot Training
Compromise of a Secure Boot typically leads to a full compromise of your device. Brought to you by the proven experts in hardware security and Secure Boot hacking, this intensive one-day workshop will help you learn common weaknesses of Secure Boot and enhance your secure development process where it really matters.
Course is available on request
Who is this training for?
This course is intended for software developers, system designers and system architects who are tasked with designing, developing or maintaining a secure boot implementation.
Aims and Objectives
More and more embedded devices have strong requirements on the integrity of the code running on the platform. Hackers are finding new ways to compromise these systems and a robust secure boot implementation that ensures the software integrity is considered essential. However, implementing a robust secure boot is a major challenge. Several attacks of widely deployed embedded devices got high profile media attention, exposing manufacturers to lost revenue, liability claims and brand damage.
This workshop covers the most common pitfalls of secure boot implementation based on our extensive security evaluation experience. We discuss common logical vulnerabilities that allow attackers to bypass secure boot and also more sophisticated attack techniques such as fault injection. These attacks are extremely effective against any code which has not been specifically hardened against FI attacks making the manufacturers take on additional cost of re-developing the code of high enough quality too meet the rising industry standards.
Fault injection attacks are becoming mainstream as better and cheaper tools are becoming rapidly available. In this workshop we demonstrate how attackers use these techniques to compromise your system and how to implement software based counter measures to defend against it, making your product more in line with the relevant industry requirements.
- Introduction to the secure boot
- Recognize attacks on secure boot:
- Logical attacks on secure boot
- Fault Injection attacks on secure boot
- Combined attacks
- Implement countermeasures on the secure boot examples
- Interactive testing of the effectiveness of countermeasures
Learn from the experts in Secure Boot evaluation
Riscure has strong expertise in hardware security and, in particular, in Secure Boot vulnerabilities. Some of the techniques we used to bypass secure boot were shared publicly. In this workshop we share our distilled expertise of many evaluation projects.
Since there are no publicly available hardened secure boot implementations, we have developed two Secure Boot implementations of different complexity levels which are used as examples in the workshop.
FiSim Interactive Simulator
For testing the effectiveness of countermeasures on the robustness of the secure boot, we have developed FiSim. The FiSim simulator takes the bootloader binary of a simulated platform, simulates glitches by running the boot loader in slightly different conditions. FiSim can indicate where the code can be glitched. FiSim comes with a simple GUI allowing the student to modify the source code and immediately get feedback on the effectiveness of the implemented countermeasure.