FAQs
English (US) 日本語 | Japanese 中文 | Chinese (Simplified)

Is my HAB approach entirely secure?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Is my HAB approach entirely secure?

‎10-21-2014 10:04 PM
3,878 Views
themylogin
Contributor I

We need to encrypt SD card in our i.MX6 board so no one can read it and steal our software. I am surprised there is no tutorial on the web how to do it (only how to sign u-boot & kernel — but what's the point if user-space code can still be substituted?) so here is my approach.

  • Board is Hummingboard, so I use SolidRun/u-boot-imx6 · GitHub (u-boot 2013, not 2009 that is covered in all tutorials, that consists of SPL and u-boot itself) and SolidRun/linux-imx6-3.14 · GitHub
  • The first-stage bootloader that is authenticated by chip itself is SPL — so it is signed as in tutorial.
  • void __noreturn jump_to_image_no_args(struct spl_image_info *spl_image) is overrided in arch/arm/cpu/armv7/mx6/hab.c (as it is originally declared weak) to authenticate executed u-boot image
  • kernel and initrd images are authenticated by u-boot in arch/arm/lib/bootm.c static void boot_jump_linux(bootm_headers_t *images, int flag).
  • rootfs is encrypted by luks. Key is supplied by following keyscript: cat /sys/fsl_otp/HW_OCOTP_SRK? | sed ':a;N;$!ba;s/\n//g'.
  • No user can log in to our board via tty or ssh as all accounts are either non-login shell or password-protected, there are no other ways for user to execute code via running Linux

So no SPL code can be executed except ours, that authenticates u-boot and does not steal SRK fuses values. No u-boot code can be executed except ours, that authenticates kernel and initrd and does not steal SRK fuses values. Kernel and initrd also do not steal SRK fuses values except for internal usage and when kernel is running no other user-space code can be executed as well so SRK fuses values (which should be used to decrypt rootfs) can't be read by user.

Is my approach correct or are there any security holes left in it that can allow user to extract our rootfs contents?

Labels (2)
Labels
Tags (4)
Reply
6 Replies

‎09-29-2015 04:07 AM
1,846 Views
duellm
Contributor I

Using /sys/fsl_otp/HW_OCOTP_SRK? as a secret is insecure because it is just a hash value that can be computed from your signatures public key.

Reply

‎03-15-2017 05:57 AM
1,846 Views
satyadamarla
Contributor III

hello Guys,

Where exactly do you think the key for encrypted rootfs should be? Initramfs or eMMC, etc. What is the best practise followed?

Thanks,

Satya

0 Kudos
Reply

‎03-20-2017 09:44 PM
1,846 Views
Yuri
NXP Employee
NXP Employee

Hello,

  perhaps, the following helps.

Passwordless Encrypted Root in Debian  

Regards,

Yuri.

0 Kudos
Reply

‎03-27-2017 05:30 AM
1,846 Views
satyadamarla
Contributor III

Hello Yurin,

Thanks for the above link. The above works and I have tested it long time ago but I am looking for a solution like 

  1. Saving a key in RPMB (Reply Protected Memory Block) of eMMC. Using this key to en/decrypt the key  and place it in the initramfs (OR)
  2. Using the unique Device Secret Key of iMX6 processor and using it to for creating a blob of the rootfs key. Using this key to decrypt the rootfs later.

Do you think the concept of encrypted boot (DEK Blob) can be used for decrypting the key that can decrypt the rootfs?

Greets,

Satya

0 Kudos
Reply

‎03-27-2017 11:52 PM
1,846 Views
Yuri
NXP Employee
NXP Employee

Hello,

I  think "the concept of encrypted boot (DEK Blob) can be used for decrypting the key

that can decrypt the rootfs". You can use the rootfs key as part of U-boot (in fixed location).

Regards,

Yuri.

Reply

‎10-23-2014 01:13 AM
1,846 Views
Yuri
NXP Employee
NXP Employee

   Under the HAB technology the SRK fuses contain the hash of the SRK public key and the fuses

can be read. This restriction may be overcome if BSP uses GUI, does not support terminal program,
JTAG is disabled.  

  As for encryption boot under i.MX6 : in order to generate a Data Encryption Key (DEK) blob for
encrypted boot, the OTPMK must be used, so blobs must be generated on the i.MX6.

  Next, this requires the device be in the Closed configuration, so the Mfg Tool U-boot and OS Kernel
images must be signed - in order to use the OTP Master Key.  Today we do not have recommendations
and tools for customers how to perform it, sorry.


Have a great day,
Yuri

-----------------------------------------------------------------------------------------------------------------------
Note: If this post answers your question, please click the Correct Answer button. Thank you!
-----------------------------------------------------------------------------------------------------------------------

Reply