前言
原文链接
(1)https://militaryembedded.com/cyber/cybersecurity/designing-and-implementing-secure-boot-for-military-grade-systems
原文前言
Military-grade systems require a high level of security to protect sensitive information and operations from unauthorized access, modification, or disruption.
军用级系统需要高水平的安全性来保护敏感信息和操作免遭未经授权的访问、修改或破坏。
One of the critical components for securing such systems is secure boot, which ensures that only trusted firmware and software can be loaded during system startup and accepted when receiving new updates.
保护此类系统的关键组件之一是安全启动,它确保在系统启动期间只能加载受信任的固件和软件,并在接收新更新时接受这些固件和软件。
Secure boot is a security feature that verifies the authenticity and integrity of firmware and software before loading them into the system memory during the boot process.
安全启动是一项安全功能,可在启动过程中将固件和软件加载到系统内存之前验证其真实性和完整性。
The mechanism ensures that only trusted firmware and software are executed and mitigates attacks that aim to modify or replace firmware or software with malicious code.
该机制确保仅执行受信任的固件和软件,并减轻旨在使用恶意代码修改或替换固件或软件的攻击。
Secure boot uses digital signatures and cryptographic hashes to verify the authenticity and integrity of firmware and software.
安全启动使用数字签名和加密哈希来验证固件和软件的真实性和完整性。
The primary purpose of a secure boot mechanism is to guard against several types of attacks, including rootkits, bootkits, and other malware that target firmware and software.
安全启动机制的主要目的是防范多种类型的攻击,包括 Rootkit、Bootkit 以及其他针对固件和软件的恶意软件。
These attacks can compromise the system’s security, potentially causing data breaches, denial of service, and other damaging consequences.
这些攻击可能会损害系统的安全性,可能导致数据泄露、拒绝服务和其他破坏性后果。
Secure boot ensures that the system starts in a secure state, making it difficult for attackers to compromise the system’s integrity or confidentiality.
安全启动可确保系统在安全状态下启动,使攻击者很难破坏系统的完整性或机密性。
Standard recommendations for secure boot(安全启动的标准建议)
The IETF SUIT [Internet Engineering Task Force Software Updates for Internet of Things] specification for secure boot has been standardized in RFC9019, and it provides a comprehensive approach to designing secure bootloaders and firmware updates.
IETF SUIT [物联网互联网工程任务组软件更新] 安全启动规范已在 RFC9019 中标准化,它提供了设计安全启动加载程序和固件更新的综合方法。
The specification defines a format for firmware images that includes metadata, digital signatures, and cryptographic hashes; this metadata includes information about the firmware, device, and manufacturer, as well as the hash (verification) and the cryptographic signature of the software, enabling the system to verify the authenticity and integrity of the firmware.
该规范定义了固件映像的格式,其中包括元数据、数字签名和加密哈希;该元数据包括有关固件、设备和制造商的信息,以及软件的哈希(验证)和加密签名,使系统能够验证固件的真实性和完整性。
One of the key recommendations from RFC9019 is the use of a secure bootloader that verifies the authenticity and integrity of the firmware image before loading it into memory.
RFC9019 的关键建议之一是使用安全引导加载程序,在将固件映像加载到内存之前验证固件映像的真实性和完整性。
The secure bootloader checks the digital signature and cryptographic hash of the firmware image, ensuring that it has not been tampered with or modified.
安全引导加载程序检查固件映像的数字签名和加密哈希,确保其未被篡改或修改。
RFC9019 also recommends the use of a trust anchor or a root of trust (RoT) to store the cryptographic material used for secure boot.
RFC9019 还建议使用信任锚或信任根 (RoT) 来存储用于安全启动的加密材料。
A trust anchor may consist of any software or hardware-based mechanism that ensures that the public key used for the verification of the firmware authenticity cannot be modified by an attacker.
信任锚可以由任何基于软件或硬件的机制组成,以确保用于验证固件真实性的公钥不能被攻击者修改。
Selecting a root of trust(选择信任根)
A RoT is a specific type of trust anchor that provides a secure environment for generating, storing, and managing cryptographic keys.
RoT 是一种特定类型的信任锚,为生成、存储和管理加密密钥提供安全环境。
The RoT ensures that these keys are not compromised or tampered with, and it is typically implemented in hardware to provide a high level of security.
RoT 确保这些密钥不被泄露或篡改,并且通常在硬件中实现以提供高级别的安全性。
The RoT is the foundation of the system’s security, and it is used to establish trust in the system’s firmware, software, and other components.
RoT 是系统安全的基础,用于建立对系统固件、软件和其他组件的信任。
In the context of secure boot, a RoT can be implemented using several different technologies, such as hardware security modules (HSM) or trusted platform modules (TPM).
在安全启动的背景下,RoT 可以使用多种不同的技术来实现,例如硬件安全模块 (HSM) 或可信平台模块 (TPM)。
Executing the cryptographic operations with the assistance of a dedicated hardware component is the most secure option, because it guarantees that the keys are never exposed to the software components, thereby reducing the attack surface for the secure boot module.
在专用硬件组件的协助下执行加密操作是最安全的选择,因为它保证密钥永远不会暴露给软件组件,从而减少安全启动模块的攻击面。
Compatibility with the embedded system is an important consideration when selecting a trust anchor or RoT. The RoT must be compatible with the hardware and firmware of the system, ensuring that it can be integrated seamlessly into the boot process.
选择信任锚或 RoT 时,与嵌入式系统的兼容性是一个重要的考虑因素。 RoT必须与系统的硬件和固件兼容,确保它可以无缝集成到启动过程中。
The RoT should also support the required cryptographic algorithms and protocols, ensuring that it can provide a high level of security for the system. Hardware-based solutions can be more expensive than the software-based counterparts.
RoT还应该支持所需的加密算法和协议,确保它能够为系统提供高水平的安全性。基于硬件的解决方案可能比基于软件的解决方案更昂贵。
While for less critical systems a software-based solution may be sufficient and more cost-effective, the cost of implementing a hardware-based solution is justified for military-grade systems that require a higher level of security.
虽然对于不太关键的系统,基于软件的解决方案可能就足够了并且更具成本效益,但对于需要更高级别安全性的军用级系统来说,实施基于硬件的解决方案的成本是合理的。
Retrofitting older systems(改造旧系统)
Retrofitting older systems with secure boot can be difficult and expensive, as it may require both hardware and software upgrades. The cost and feasibility depend on several factors.
通过安全启动改造旧系统可能很困难且昂贵,因为它可能需要硬件和软件升级。成本和可行性取决于几个因素。
One of the main challenges of retrofitting older systems with secure boot is that many legacy systems were not designed with security in mind.
通过安全启动改造旧系统的主要挑战之一是许多旧系统在设计时并未考虑到安全性。
This means that the system architecture may not support the necessary security features required for secure boot, such as a FIPS-compliant (a longstanding data-security standard) cryptographic module, or hardware-based RoT or HSM.
这意味着系统架构可能不支持安全启动所需的必要安全功能,例如符合 FIPS(长期存在的数据安全标准)的加密模块或基于硬件的 RoT 或 HSM。
In some cases it may be necessary to redesign the system boot process to include secure boot stages, which can be a time-consuming and expensive process.
在某些情况下,可能需要重新设计系统引导过程以包括安全引导阶段,这可能是一个耗时且昂贵的过程。
Another obstacle found in retrofitting older systems with secure boot is the availability of existing bootloaders. Many legacy systems use custom bootloaders that do not support secure boot; in these cases, it may be necessary to modify the bootloader(s) to support secure boot.
通过安全启动改造旧系统时发现的另一个障碍是现有引导加载程序的可用性。许多旧系统使用不支持安全启动的自定义引导加载程序;在这些情况下,可能需要修改引导加载程序以支持安全引导。
The bootloader must be able to communicate with the trust anchor or RoT and perform the necessary integrity and authenticity verifications during the boot process.
引导加载程序必须能够与信任锚或 RoT 进行通信,并在引导过程中执行必要的完整性和真实性验证。
Integrating cryptographic modules to provide the required integrity and authenticity verifications at startup is also an option to consider when retrofitting older systems. The system must be able to store and manage cryptographic keys securely, ensuring that they are not compromised or tampered with.
集成加密模块以在启动时提供所需的完整性和真实性验证也是改造旧系统时要考虑的一个选项。系统必须能够安全地存储和管理加密密钥,确保它们不被泄露或篡改。
In addition, the cryptographic modules must be able to perform the necessary cryptographic operations efficiently to minimize the impact on system performance, which – in the case of secure boot – is likely to affect startup times.
此外,加密模块必须能够有效地执行必要的加密操作,以尽量减少对系统性能的影响,在安全启动的情况下,这可能会影响启动时间。
Despite these challenges, retrofitting older systems with secure boot is often necessary to ensure the security of critical systems. In many cases, the cost and feasibility of retrofitting a system with secure boot can be reduced by using existing software-based solutions, such as secure boot software that can be installed on existing hardware or integrated in existing legacy bootloaders.
尽管存在这些挑战,但通常有必要对旧系统进行安全启动改造,以确保关键系统的安全。在许多情况下,通过使用现有的基于软件的解决方案,例如可以安装在现有硬件上或集成到现有传统引导加载程序中的安全引导软件,可以降低使用安全引导改造系统的成本和可行性。
However, for military-grade systems or systems that require a higher level of security, a hardware-based solution is often necessary, which can increase the cost and complexity of the retrofitting process. (Figure 1.)
然而,对于军用级系统或需要更高安全级别的系统,通常需要基于硬件的解决方案,这会增加改造过程的成本和复杂性。 (图1。)
[Figure 1 ǀ A data wall provides real-time worldwide information for the 175th Cyberspace Operations Group of the Maryland Air National Guard. U.S. Air Force photo by J.M. Eddins Jr.]
[图 1ǀ 数据墙为马里兰州空军国民警卫队第 175 网络空间作战大队提供实时全球信息。美国空军摄影:J.M. Eddins Jr.]
FIPS cryptography as a necessity for military-grade systems(FIPS 加密是军用级系统的必需品)
Among its recommendations, RFC9019 stresses the use of FIPS-compliant cryptography for the algorithm used by secure boot. This is particularly important for military-grade systems. FIPS – the acronym used for Federal Information Processing Standard – is a set of standards developed by the National Institute of Standards and Technology (NIST) expressly to ensure the security of sensitive government information.
在其建议中,RFC9019 强调安全启动所使用的算法应使用符合 FIPS 的加密技术。这对于军用级系统尤其重要。 FIPS(联邦信息处理标准的缩写)是由美国国家标准与技术研究所 (NIST) 制定的一套标准,专门用于确保敏感政府信息的安全。
FIPS-compliant cryptography is designed to be strong and secure, and it has been rigorously tested and validated to ensure that it meets the highest security standards.
符合 FIPS 的加密技术被设计为强大且安全,并且经过严格的测试和验证,以确保其满足最高的安全标准。
While FIPS 140-2 is currently the most widely recognized standard for cryptography, NIST has recently developed a new standard, FIPS 140-3, which updates and will eventually replace FIPS 140-2, introducing new requirements for the validation of cryptographic algorithms and modules.
虽然 FIPS 140-2 是目前最广泛认可的加密标准,但 NIST 最近开发了新标准 FIPS 140-3,该标准更新并最终取代 FIPS 140-2,引入了对加密算法和模块验证的新要求。
FIPS 140-2 and FIPS 140-3 provide frameworks for the validation of cryptographic modules, which are sets of hardware, software, and/or firmware that implements cryptographic functions, such as encryption and decryption.
FIPS 140-2 和 FIPS 140-3 提供了用于验证加密模块的框架,这些模块是实现加密功能(例如加密和解密)的硬件、软件和/或固件集。
The widely adopted FIPS 140-2 standard defines the requirements for the design and testing of cryptographic modules, specifying four levels of security based on the level of protection required for the information being secured.
广泛采用的 FIPS 140-2 标准定义了加密模块的设计和测试要求,根据保护信息所需的保护级别指定了四个安全级别。
It’s a rigorous process that involves extensive testing of the cryptographic module to ensure that it meets the security requirements specified in the standard.
这是一个严格的过程,涉及对加密模块进行广泛的测试,以确保其满足标准中指定的安全要求。
The process includes testing of the cryptographic algorithms used by the module, as well as testing of the physical and logical security mechanisms used to protect the module from tampering or attack.
该过程包括测试模块使用的加密算法,以及测试用于保护模块免遭篡改或攻击的物理和逻辑安全机制。
For military-grade systems, the use of FIPS-compliant cryptography is essential to ensure the security of sensitive information and critical software components.
对于军用级系统,使用符合 FIPS 的加密技术对于确保敏感信息和关键软件组件的安全至关重要。
Military systems are typically targeted by sophisticated attackers, and the use of strong cryptography is necessary to protect against attacks that could compromise the integrity, confidentiality, or availability of the system.
军事系统通常是老练的攻击者的目标,因此必须使用强大的加密技术来防止可能损害系统完整性、机密性或可用性的攻击。
In a broader scope, the use of FIPS-grade cryptography can also help to ensure interoperability and compatibility with other systems and components that use standard algorithms to ensure the security of sensitive information and critical systems. The importance of FIPS-certified implementations extends as well in the secure boot domain, due to its critical role in the general security of the entire system that can be mitigated by the adoption of the best-in-class cryptographic countermeasures, recommended by the standards.
在更广泛的范围内,使用 FIPS 级加密还有助于确保与使用标准算法的其他系统和组件的互操作性和兼容性,以确保敏感信息和关键系统的安全。 FIPS 认证实施的重要性也延伸到了安全启动领域,因为它在整个系统的总体安全性中发挥着关键作用,可以通过采用标准推荐的一流加密对策来减轻这种影响。
Daniele Lacamera is a free and open source software technologist, currently based in Italy. His main areas of expertise are embedded systems and TCP/IP communication.
Daniele Lacamera 是一位自由开源软件技术专家,目前居住在意大利。他的主要专业领域是嵌入式系统和 TCP/IP 通信。
He has 20-plus academic publications in the field of transport-layer optimization and is the author of the book “Embedded Systems Architecture.” Daniele joined wolfSSL as embedded software engineer in 2018, contributing to the development and the integration of wolfSSL on embedded operating systems and custom transport mechanisms. He is the main contributor to wolfBoot, the universal secure bootloader for embedded systems.
他在传输层优化领域发表了 20 多篇学术出版物,并且是《嵌入式系统架构》一书的作者。 Daniele 于 2018 年加入 WolfSSL,担任嵌入式软件工程师,致力于 WolfSSL 在嵌入式操作系统和自定义传输机制上的开发和集成。他是嵌入式系统通用安全引导加载程序 WolfBoot 的主要贡献者。