HABv4: Authenticated image running XIP from serial flash

spiderman · ‎02-24-2023

Suppose I am using a processor with HAB (High Assurance Boot) v4. It is i.MX RT1062, but the same can be considered for other processors with HAB as well.

Let's say I execute in place (XIP) from serial flash a signed (but not encrypted) bootable image. Therefore the HAB code in ROM should check the signature before running the application.

However, is there some mechanism preventing that someone implements spoofing on the serial bus from the flash, and thus injecting a "jump" to some malware firmware on some other area of the flash? Or even substitute instructions from inside my bootable image area?

jingpan · ‎03-03-2023

Hi @spiderman ,

There are three security boot level, HAB boot, HAB encrypted boot and OTFAD encrypted boot.

If it is only HAB boot, it can't prevent this kind of attack. HAB boot only verify the image is authentic. But after that, the right of control is pass to application. To prevent this attack, you can run in internal SRAM instead of XIP. HAB encrypted boot doesn't support XIP because the image is encrypted.

OTFAD is a hardware which can decrypt on-the-fly. So, the data on the SPI bus is encrypted. It can prevent such attack when XIP.

Regards,

Jing

在原帖中查看解决方案

jingpan · ‎03-03-2023