[U-Boot] secure embedded linux system
hello,,I am from India.I am electronics hobbyist.currently I am using beaglebone black in my project.and I am afraid of security of linux systemits quite easy to copy or modify data from linux system if it has physical access.lets say ,I have BBB , and I boot it from external device(like external mmc ). and mount internal emmc then modify shadow file. and then boot from internal Emmc. now I will get root access , and I can modify anything on the system. sir, I want to secure embedded linux system(BBB). Kindly help on this..how can I secure data on beaglebone black..?? without entering password during boot process..(in case of encrypted rootfs)
thanks in advance.. Best Regards,,Mahendracontact number:+91-9033544852
Dear Mahendra Dobariya,
In message BAY176-W171CCC856593BA0F7380DC90240@phx.gbl you wrote:
hello,,I am from India.I am electronics hobbyist.currently I am using beaglebone black in my project.and I am afraid of security of linux systemits quite easy to copy or modify data from linux system if it has physical access.lets say ,I have BBB , and I boot it from external device(like external mmc ). and mount internal emmc then modify shadow file. and then boot from internal Emmc. now I will get root access , and I can modify anything on the system.
If you cannot prevent physical access, you cannot prevent one from taking full control over your hardware. If needed, I'll attach a JTAG debugger and run my own version of U-Boot that circumvents all security measures you installed in yours.
Best regards,
Wolfgang Denk
thanks for replying..I think , if I encrypt entire rootfs , and embedded decryption key in uboot (at the time of compiling uboot)..it can be protected ...what is your suggestion..?I have never work with uboot..so that I need help to embedded decryption key to uboot to load encrypted rootfs..best regards.Mahendra
To: mahendra_mahendra@hotmail.com CC: u-boot@lists.denx.de From: wd@denx.de Subject: Re: [U-Boot] secure embedded linux system Date: Fri, 30 May 2014 11:40:43 +0200
Dear Mahendra Dobariya,
In message BAY176-W171CCC856593BA0F7380DC90240@phx.gbl you wrote:
hello,,I am from India.I am electronics hobbyist.currently I am using beaglebone black in my project.and I am afraid of security of linux systemits quite easy to copy or modify data from linux system if it has physical access.lets say ,I have BBB , and I boot it from external device(like external mmc ). and mount internal emmc then modify shadow file. and then boot from internal Emmc. now I will get root access , and I can modify anything on the system.
If you cannot prevent physical access, you cannot prevent one from taking full control over your hardware. If needed, I'll attach a JTAG debugger and run my own version of U-Boot that circumvents all security measures you installed in yours.
Best regards,
Wolfgang Denk
-- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de There are three things I always forget. Names, faces - the third I can't remember. - Italo Svevo
Dear Mahendra,
In message BAY176-W29A41E1225FE7E1D2479B890270@phx.gbl you wrote:
thanks for replying..I think , if I encrypt entire rootfs , and embedded decryption key in uboot (at the time of compiling uboot)..it can be protected ...what is your suggestion..?I have never work with uboot..so that I need help to embedded decryption key to uboot to load encrypted rootfs..best
As I can read your U-Boot image on that hardware, I can also read your key, and then probably use it.
Security is not so easy to implement. If an attacker can get physical access, you must make sure he cannot access your keys anyway. Usually this gets addresses in hardware - like TPM chips (where you cannot read the keys), or processors that support protected / encrypted boot modes. If your SOC does not have any such options, and neither does your board, then you lose.
Viele Grüße,
Wolfgang Denk
thanks for fast replying..I am using beaglebone black..I kindly request you to give some more detail if it is possible to secure BBB..its TI AM335X chip..please tell me if it is possible with this chip Regards..
To: mahendra_mahendra@hotmail.com CC: u-boot@lists.denx.de From: wd@denx.de Subject: Re: [U-Boot] secure embedded linux system Date: Fri, 30 May 2014 14:10:44 +0200
Dear Mahendra,
In message BAY176-W29A41E1225FE7E1D2479B890270@phx.gbl you wrote:
thanks for replying..I think , if I encrypt entire rootfs , and embedded decryption key in uboot (at the time of compiling uboot)..it can be protected ...what is your suggestion..?I have never work with uboot..so that I need help to embedded decryption key to uboot to load encrypted rootfs..best
As I can read your U-Boot image on that hardware, I can also read your key, and then probably use it.
Security is not so easy to implement. If an attacker can get physical access, you must make sure he cannot access your keys anyway. Usually this gets addresses in hardware - like TPM chips (where you cannot read the keys), or processors that support protected / encrypted boot modes. If your SOC does not have any such options, and neither does your board, then you lose.
Viele Grüße,
Wolfgang Denk
-- DENX Software Engineering GmbH, MD: Wolfgang Denk & Detlev Zundel HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany Phone: (+49)-8142-66989-10 Fax: (+49)-8142-66989-80 Email: wd@denx.de Every program has at least one bug and can be shortened by at least one instruction - from which, by induction, one can deduce that every program can be reduced to one instruction which doesn't work.
Dear Mahendra Dobariya,
In message BAY176-W7F95A954E276C2E362BE290270@phx.gbl you wrote:
thanks for fast replying..I am using beaglebone black..I kindly request you= to give some more detail if it is possible to secure BBB..its TI AM335X ch= ip..please tell me if it is possible with this chip
AFAICT there is no HS version of the AM335X processor.
Best regards,
Wolfgang Denk
Hi,
On 31 May 2014 02:48, Wolfgang Denk wd@denx.de wrote:
Dear Mahendra Dobariya,
In message BAY176-W7F95A954E276C2E362BE290270@phx.gbl you wrote:
thanks for fast replying..I am using beaglebone black..I kindly request you= to give some more detail if it is possible to secure BBB..its TI AM335X ch= ip..please tell me if it is possible with this chip
AFAICT there is no HS version of the AM335X processor.
I just sent out a new series (available in u-boot-x86.git branch 'bone') which adds some step-by-step documentation for the Beaglebone Black. It also collects all the fixes in one place.
Regards, Simon
Dear Simon,
In message CAPnjgZ2g_7Nu8rBWn3D=xQ7qMaWowJmOUkd1PyCahKoPz99GNQ@mail.gmail.com you wrote:
AFAICT there is no HS version of the AM335X processor.
I just sent out a new series (available in u-boot-x86.git branch 'bone') which adds some step-by-step documentation for the Beaglebone Black. It also collects all the fixes in one place.
Please correct me if I'm wrong - but while this can protect against software attacks, it cannot protect your system when someone has physical access, say with a JTAG debugger, correct?
Best regards,
Wolfgang Denk
Hi Wolfgang,
On 3 June 2014 10:07, Wolfgang Denk wd@denx.de wrote:
Dear Simon,
In message CAPnjgZ2g_7Nu8rBWn3D=xQ7qMaWowJmOUkd1PyCahKoPz99GNQ@mail.gmail.com you wrote:
AFAICT there is no HS version of the AM335X processor.
I just sent out a new series (available in u-boot-x86.git branch 'bone') which adds some step-by-step documentation for the Beaglebone Black. It also collects all the fixes in one place.
Please correct me if I'm wrong - but while this can protect against software attacks, it cannot protect your system when someone has physical access, say with a JTAG debugger, correct?
That's correct - they could in that case just change the software in memory after it has loaded, perhaps involving some timing skill.
Regards, Simon
Dear Simon,
In message CAPnjgZ359pN2di57u2GQv5thOjayTMyXpkfz02HamqxvmdAMbw@mail.gmail.com you wrote:
Please correct me if I'm wrong - but while this can protect against software attacks, it cannot protect your system when someone has physical access, say with a JTAG debugger, correct?
That's correct - they could in that case just change the software in memory after it has loaded, perhaps involving some timing skill.
Or, even simpler, just halt the system and load aand run a version of U-Boot without any security restictions^H^H^H^H^H^H^Hfeatures.
Best regards,
Wolfgang Denk
participants (3)
-
Mahendra Dobariya -
Simon Glass -
Wolfgang Denk