Boot to Cloud Security Considerations with IoT.pdf

1、Boot to Cloud Security Considerations with IoTKevin TownsendZephyr Developer SummitPrague,28 June 2023About MeTech Lead at Linaro,focusing on Arm,RTOS,and IoT Security15 years of full time open source developmentZephyr maintainer for Aarch32,TF-M,zscilibGithub:microbuilderAgendaSecure BootDevice Pro

2、visioningStorage-Free Key DerivationSecuring Data in TransitSecuring Data at RestExample:Confidential AIChecklistCore Components in a Secure IoT SystemSecure BootCore Components in a Secure IoT SystemSecure BootAs the root of trust this is the most critical component in a secure system!Shouldnt be a

3、n afterthought!Test early and test oftenIn the case of Zephyr,this is often MCUBoot,though not alwaysSecure means immutableShould only run valid signed,and ideally versioned imagesMay include rollback protection(MCU_DOWNGRADE_PROTECTION w/MCUBoot)Image contents and signature must be verified every r

4、esetShould support image encryption for safer firmware deliveryMay include limited HW recovery option(serial recovery on GPIO pin on MCUBoot)Secure boot requires protecting the bootloader flash region from overwrites!Must disable SoC device-recovery and debug interfaces on the MCU!MCUBoot:mcumgrMCUB

5、oot CLI management toolMulti transport:Serial,BLE,UDPExtensible command set:Set datetimeUpdate file systemGet thread/device statsReset deviceShell access The optional commands are a double-edged sword and need to be evaluated against your deployment scenario!MCUBoot:imgtoolGenerates correctly-format

6、ted keys$imgtool keygen-k sign_p256.pem-t ecdsa-p256Signs imagesCan be used to verify signaturesGet C-friendly public/private key data:$imgtool getpriv-k sign_p256.pem$imgtool getpub-k sign_p256.pem Always generate and safely store your own private signing key!Point the build system to it via BOOT_S