When: May 13, 2021 | 6 p.m. Central Europian Summer Time(UTC+02)
Who: Alfie Eskandari Embedded Software Engineer at Independent Researcher
Establishing Chain of Trust on an Embedded Linux PlatformIn the context of this webinar, we learn how a chain of trust can be established on an Embedded Linux Platform. We review some concepts regarding secure boot on NXP i.MX6 processor including security architecture, code signing concept and architecture, PKI tree, image signing/encryption and authentication/decryption processes. There are some security vulnerabilities discussed related to i.MX application processors and U-Boot. Eventually, we see a reference implementation and demo on an i.MX6 dual core ARM Cortex-A9 platform establishing chain of trust through authenticated boot including U-Boot and FIT image (Linux kernel, Device tree blob, Rootfs on ramdisk) and extending the chain of trust to support encrypted boot and storage encryption. We also use Ghidra reverse engineering tool to do some simple manipulations of the U-Boot and Linux kernel binary images in order to verify the functionality of authenticated/encrypted boot.
About the Presenter:
Visit Speaker Profile