Secure Boot

OBJECTIVES

The objective was to secure the boot process by adding verification of the boot images at each stage. Hence providing boot access only to the verified image.

CHALLENGES

Signing the images with PKI keys at  build stage

Re-partitioning the NOR flash to accommodate the keys and securing the Root of trust at the NOR flash

Verifying the signatures at each stage of the boot process

Identifying fall back mechanisms in case of image verification failure

ACCOMPLISHMENTS

Benison team was able to bring the secure boot verification up and enable the upgrade of the signed images over network as well fresh install.

TECHNOLOGIES

Public Key Infrastructure, Board bring-up, OpenSSL. Linux device driver, Coreboot, UBoot,