Embed Size (px)
Citation preview
Working at MPC Data
http://tstableford.co.uk/downloads/workingatmpc.pptx
Introduction
2
• Working in a team is different to at university• Based in Trowbridge near Bath• Tea and Coffee is free and infinite (well
nearly)• Company events a few times a year• Flexible work hours• 22 days holiday
© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.
Projects
3
• Linux – Radio gateway system• Linux – BSP support for a defence
contractor• More on the next slides
© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.
UI Reskin For An Industrial Control System
4© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.
Secure Boot
5
• Boot only authorized code on i.MX6• Chain of trust to kernel
© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.
Problem Breakdown
6
1. Create a working base2. Burn the keys to the board, sign and verify U-Boot in non-secure mode3. Go to closed configuration
• Burn the closed configuration fuse• Boot U-Boot
4. Sign the kernel• Sign the kernel image• Modify U-Boot to authenticate the kernel• Make sure the kernel boots
5. Lock down other code execution methods• Disable U-Boot commands• Secure JTAG• Burn the fuse to stop keys being overwritten
© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.
Signed U-Boot
7© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.
Secure Boot Process
8© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.
Copy U-Boot IVT to Internal RAM
Valid IVT?
Load U-Boot into SDRAM
Yes
Attempt secure serialboot
No
Process CSF(Authenticate U-Boot)
Fail
Load Kernel to SDRAM
Authenticate Kernel Boot
HaltSuccess
Fail
Success
Summary
9
• Chain of trust to kernel• More lock-down for a full chain of trust
© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.
