Bureaucrats, dave_user, Administrators
8,154
edits
Changes
→Introduction
==Introduction==
Nowdays, thanks to embedded systems diffusion and explosive growth anyone is aware about security. One of the key factors is to grant that on a specific hardware devices should be executed only authorized SW. This is extremel importan extremely important in devices which can be upgraded Over The Air (OTA). As we said before, security on Embedded Device is getting important in the embedded world. In particular, one of the most important targets, discussed in this article is the sw authentication: It is particularly important to guarantee that the embedded processor '''executes '''<b>only</b> authenticated software code which which should be originally certified (i.e. u-boot, kernel,..).
In this article, it is described the process applied on DAVE Embedded Systems' devices in order to: (1) demonstrate the capability of the authentication mechanisms and (2) give an idea about the effort required for implementing the process on the in-house production. It is important to highlight that this is '''not''' just a SW procedure but also a company arrangement design because of security pass through company procedure and good practice (any alarm system doesn't work properly if you live the keys on the door...). What described in the following , starts from from the HAB Security mechanism provided on iMX6/iMX6UL processor family by NXP. This mechanism permits only that authentic/original software is executed. Than Then is described how an HAB enabled system, via bootrom properly proper configuration, guarantees that software loaded from external memroy memory devices, like NOR, NAND flash memories or SD card, will be executed only if has been authenticated.
References:
