begins executing internal boot code
from a hardwired location within
the internal boot ROM. The ISBC
is inherently trusted. It confirms
the binding of the public key to the
device, validates the digital signature
of the ESBC, validates the ESBC
image, and confirms that the first
instruction falls within the validated
range and executes.
External Secure Boot Code (ESBC)
Phase:
5. The ESBC can be a monolithic
image, or multi-stage boot images,
which validates the digital signature
and image of the operating system
or application, thereby extending the
chain of trust.
COTS Secure FPGA
Technology
The FPGA security hub receives
input from tamper detection sensors
throughout the system and has the
ability to interface with the processor;
erase data, configuration and key
storage; and disable interfaces
to provide an appropriate tamper
response. The FPGA can use either
a standard COTS or a Commissioned
configuration to define its response
behavior. The FPGA configuration is
encrypted with various safeguards to
protect content. Both Xilinx Artix and
Lattice MACHXO2 devices are used to
serve as security hubs.
Xilinx
Xilinx Artix FPGAs provide various AT
features. Passive features are built-in
to the silicon - COTS features - and do
not require design development, while
active features can be incorporated as
needed as part of the Commissioned
FPGA design effort. available AT
features.
Lattice
Lattice MACHXO2 FPGAs incorporate
on-chip embedded flash memory to
eliminate configuration bit-stream
vulnerability. Device security bits
prevent read-back of the configuration
from the device, and a one-time-
programmable mode prevents erasure
or reprogramming of the configuration.
Conclusion
Anti-tamper plays a vital role in the
overall information assurance scheme
for embedded systems. A successful
AT campaign provides layered
safeguards for prevention, detection,
and response. A carefully considered
COTS/Commissioned
combination
leverages lower-cost, reliable COTS
elements while allowing customers
to incorporate sensitive or restricted
technologies, policies, and procedures.
Abaco uses its partner relationships
and engagements to provide synergy
between the hardware, middleware,
stacks, partitioned operating system,
and hypervisors. The use of Intel’s
Trusted Execution Technology and
Freescale’s Trust Architecture provides
industry-standard trust mechanisms,
while a Xilinx- or Lattice-based FPGA
security hub augments a robust tamper
response. Hardware build options are
available to provide the flexibility to
meet customer requirements
Table 1 Xilinx Artix AT Features
New-Tech Magazine Europe l 47