Security: Provide a full-stack demo for secure boot

zephyrproject-rtos / zephyr

Primary Git Repository for the Zephyr Project. Zephyr is a new generation, scalable, optimized, secure RTOS for multiple hardware architectures.

https://docs.zephyrproject.org

Apache License 2.0

10.85k stars 6.6k forks source link

Security: Provide a full-stack demo for secure boot #22485

Open ceolin opened 4 years ago

ceolin commented 4 years ago

Create a full-stack demo showing capabilities of MCUboot + Zephyr. The idea is create a didactic sample to highlight security capabilities of these technologies in a realist use case.

[ ] Secure boot with signed image against a public key in ROM
[ ] Upgrades
[ ] Bootloader with revertible upgrades
[ ] Encrypted firmware images

carlescufi commented 4 years ago

CC @hakonfam @SebastianBoe

SebastianBoe commented 4 years ago

Since how to do this is documented in the MCUBoot project, perhaps the demo should also be there?

I couldn't create this sample, it would require someone with knowledge of MCUBoot, e.g. @nvlsianpu , or a developer from MCUBoot.

nvlsianpu commented 4 years ago

@ceolin I don't understand how should the result looks like? A sample which builds automatically mcuboot, application, does signing and what else.

SebastianBoe commented 4 years ago

I'm not sure either, I assumed that the demo would just document how to do it, so you still need a human to follow the steps for building and signing at each step.

SebastianBoe commented 4 years ago

A demo does not add functionality, it demonstrates existing functionality.

And automatic building of both MCUBoot and the app is not supported (upstream).

hakonfam commented 4 years ago

One thing which is missing to have what most people associate with "secure boot" is locking the flash area which contains MCUBoot. Currently, all zephyr applications which use MCUBoot must set the CONFIG_MPU_ALLOW_FLASH_WRITE option, which allows writes to any location in memory. As MCUBoot does not protect itself, it is left open for modifications, and the secure boot can be avoided once an attacker is able to execute code in application space.

nvlsianpu commented 4 years ago

^^ This is something @ioannisg declare working on.

ceolin commented 1 year ago

@microbuilder

microbuilder commented 1 year ago

It would be good to include encrypted firmware in this workflow to make sure this actually works with the build system today, or document how to generate the encryption key and use it with the image(s).

zephyrbot commented 9 months ago

Hi @ceolin, @d3zd3z,

This issue, marked as an Enhancement, was opened a while ago and did not get any traction. It was just assigned to you based on the labels. If you don't consider yourself the right person to address this issue, please re-assing it to the right person.

Please take a moment to review if the issue is still relevant to the project. If it is, please provide feedback and direction on how to move forward. If it is not, has already been addressed, is a duplicate, or is no longer relevant, please close it with a short comment explaining the reason.

Thanks!