Discretix Secure Boot (DxSB)
Discretix' Secure Boot provides an effective protection mechanism against software attacks, authenticating the software image during device boot, and detecting any illegal updates that occurred while the device was powered-down.
Offline software modifications attacks aimed at illegal software updates, are the most common form of attack on devices. Offline attacks are harder to prevent, particularly because the device is powered-off. Offline protection can however be provided by identifying any modification that has occurred once power is restored.
Secure Boot routine – verify software image integrity at boot time, detecting off-line software image tampering and unauthorized software image updates
Software version revocation – once the software image is legally updated, an attacker is prevented from rolling-back to a previous potentially exploitable software image
Vendor Key Revocation – enable revocation of the private key of compromised software image
Software/Hardware options – choice of software-only solution, or a combined software-hardware solution for increased performance
Platform-Independent – Portable and reusable ANSI-C secure boot code, applicable to numerous embedded markets
Multiple software vendors – supports chaining of keys, enabling attestation of multiple software vendors
Field-proven – installed in numerous devices on the market
The DxSB prevents offline attacks modifying the software image on flash. During system boot, DxSB verifies that the software image has not been tampered with or modified, guaranteeing a known and trusted starting point. The DxSB routine runs from on-chip ROM, guaranteeing that it cannot be bypassed. The authentication of the software image is carried out by comparing the SHA256 digest of each designated software component in memory with the expected value provided by the device maker. A modification can be detected even if a single bit in memory has been altered. The list of expected SHA256 digest values is signed with the device maker's private key. DxSB uses the available device maker's public key in order to verify that the list was not forged by an attacker.
Using a PC-based tool, the device maker aggregates the software components to a coherent image for boot authentication. The PC tool prepares the list of SHA256 digest values, signing them with the device maker’s private key.
The device maker may periodically release a new version of software, often to address critical and/or exploitable bug. DxSB supports software version revocation by including a version counter, that is able to authenticate the version currently being booted.
In case the private key used to sign the software image has been compromised, DxSB supports vendor key revocation. The moduke can be instructed to move to a second (or third, or forth) private-public key pair. While the device maker puts the primary software image on the device – the DxSB routine supports additional software images – added by other vendors, and be chained together and authenticated during boot.
Click to enlarge
- Host processor running at 200MHz
- Hardware SHA256 running at 100Hz
- 10MByte image size
- 1024-bit RSA signature
For more information, please fill in the brief form below :
Contact us for more information