Establishing Chain of Trust on an Embedded Linux Platform

  • Join the LiveStream
  • When: May 13, 2021 | 6 p.m. Central Europian Summer Time(UTC+02)

    Where: LiveStream

    Who: Alfie Eskandari Embedded Software Engineer at Independent Researcher

    Establishing Chain of Trust on an Embedded Linux Platform

    In the context of this webinar, we learn how a chain of trust can be established on an Embedded Linux Platform. We review some concepts regarding secure boot on NXP i.MX6 processor including security architecture, code signing concept and architecture, PKI tree, image signing/encryption and authentication/decryption processes. There are some security vulnerabilities discussed related to i.MX application processors and U-Boot. Eventually, we see a reference implementation and demo on an i.MX6 dual core ARM Cortex-A9 platform establishing chain of trust through authenticated boot including U-Boot and FIT image (Linux kernel, Device tree blob, Rootfs on ramdisk) and extending the chain of trust to support encrypted boot and storage encryption. We also use Ghidra reverse engineering tool to do some simple manipulations of the U-Boot and Linux kernel binary images in order to verify the functionality of authenticated/encrypted boot.

    About the Presenter:

    Alfie has been working since 2015 as embedded software engineer with the main focus on Linux system programming. He is interested in embedded Linux security and embedded systems security from hardware and as well from software perspective. Alfie received his Master of Science degree in Electronics and Communications Engineering from the Technical University of Munich in 2015 and the Bachelor of Science degree in Electronics Engineering in 2009.

    Visit Speaker Profile