Tombosco
Posts: 3
Joined: Wed Nov 22, 2017 12:23 pm
Contact: Website

Secure Boot with RaspberryPi and Trust Zones

Wed Dec 13, 2017 7:18 am

Hi there,
I have a specific question regarding the security possibilities on the Raspberrypi-Platform.
Is there a way to implement some kind of "secure boot"? Or working with OTP (one time programable) registers.
Our do you have recommendations how it could be implemented in an other way?
We plan to use a PI-Modul with a eMMC and not with SD-Card.
We would like to implement some how an "anti-cloning" usecase.
Do yo have any suggestions for this thematic?
I know, that ARM has so called "trust zones"... It' like a simple OS between the unsecure and secure world.
But is it possible to do a secure boot from a signed u-boot -> signed kernel -> signed Application?

Has anyone experiences?

Thanks for your help.
cheers,
Tom
www.emptyfridge.ch
https://www.facebook.com/Empty-Fridge-114148552637/
Melodic power punk from Lucerne Switzerland!

rln
Posts: 175
Joined: Wed Apr 09, 2014 1:43 pm
Location: Sweden
Contact: Website

Re: Secure Boot with RaspberryPi and Trust Zones

Wed Dec 13, 2017 1:19 pm

Unfortunately there is no good secure boot or copy protection for Raspberry Pi. Using a CM likely won't help since it can easily be hooked up to a PC via USB. Obfuscation is probably the only available protection mechanism.
Author of the robust Nard distro http://www.nard.se

Tombosco
Posts: 3
Joined: Wed Nov 22, 2017 12:23 pm
Contact: Website

Re: Secure Boot with RaspberryPi and Trust Zones

Thu Dec 14, 2017 11:48 am

Hi,

OK, yes I know that with the USB possibility. But, let's say we want to make it as secure as possible...
What would be your suggestion? (of course, "don't use Raspberry..." ;-))
Do you have experience with trust zone?

cheers
www.emptyfridge.ch
https://www.facebook.com/Empty-Fridge-114148552637/
Melodic power punk from Lucerne Switzerland!

rln
Posts: 175
Joined: Wed Apr 09, 2014 1:43 pm
Location: Sweden
Contact: Website

Re: Secure Boot with RaspberryPi and Trust Zones

Thu Dec 14, 2017 12:26 pm

As far as I know noone has ever gotten TrustZone to work on Raspberry. Likely the Pi Foundation is the only one with knowledge and resources to get that working. The "rest" of us has to resort to either a good-enough obfuscation solution where piracy is sufficiently difficult or a web-based cloud service.

For my own project (which needs to work offline) I'm hiding part of my secret business logic inside the Linux kernel (binary module). Usually that's a big no-no, but doing so makes it a lot harder to copy. The big issue though is staying compliant with Linus license policy.
Author of the robust Nard distro http://www.nard.se

fruitoftheloom
Posts: 20948
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: Secure Boot with RaspberryPi and Trust Zones

Thu Dec 14, 2017 3:28 pm

Tombosco wrote:
Wed Dec 13, 2017 7:18 am
Hi there,
I have a specific question regarding the security possibilities on the Raspberrypi-Platform.
Is there a way to implement some kind of "secure boot"? Or working with OTP (one time programable) registers.
Our do you have recommendations how it could be implemented in an other way?
We plan to use a PI-Modul with a eMMC and not with SD-Card.
We would like to implement some how an "anti-cloning" usecase.
Do yo have any suggestions for this thematic?
I know, that ARM has so called "trust zones"... It' like a simple OS between the unsecure and secure world.
But is it possible to do a secure boot from a signed u-boot -> signed kernel -> signed Application?

Has anyone experiences?

Thanks for your help.
cheers,
Tom

http://linuxgizmos.com/trustzone-tee-te ... erry-pi-3/

https://www.op-tee.org/docs/rpi3/
Retired disgracefully.....

n0w4y
Posts: 5
Joined: Mon Apr 11, 2016 3:55 am

Re: Secure Boot with RaspberryPi and Trust Zones

Thu Feb 01, 2018 5:50 pm

TrustZone implementation on RPi is good for education but offers no security.

The Pi lacks the hardware capabilities that enable TrustZone to
enforce any security separation. Memory on the Pi is a big, flat space.

For secure boot, the Pi has no immutable boot code. Bolting on a TPM or external secure element
is a waste of hardware. Solutions like this are as useless as a bolt-on SE on any system where
there is no OTP lockable, immutable boot code.

If you want secure boot and TrustZone capabilities then use another SoC. The Pi silicon
just can't do it.

metalmajor
Posts: 34
Joined: Fri Oct 20, 2017 9:40 pm

Re: Secure Boot with RaspberryPi and Trust Zones

Wed Sep 26, 2018 8:16 pm

Hi,

I noticed this discussion and want to ask, due to the last post here, is something like "zymbit" then worth it?

rln
Posts: 175
Joined: Wed Apr 09, 2014 1:43 pm
Location: Sweden
Contact: Website

Re: Secure Boot with RaspberryPi and Trust Zones

Thu Sep 27, 2018 9:18 am

Most likely not. Zymbit might be able to raise the bar a bit, but if they advertise a $1000 reward I'm sure their design would be hacked in a few days.
Author of the robust Nard distro http://www.nard.se

Return to “Advanced users”