Working at MPC Data

http://tstableford.co.uk/downloads/workingatmpc.pptx

Introduction

2

• Working in a team is different to at university• Based in Trowbridge near Bath• Tea and Coffee is free and infinite (well

nearly)• Company events a few times a year• Flexible work hours• 22 days holiday

© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.

Projects

3

• Linux – Radio gateway system• Linux – BSP support for a defence

contractor• More on the next slides

© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.

UI Reskin For An Industrial Control System

4© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.

Secure Boot

5

• Boot only authorized code on i.MX6• Chain of trust to kernel

© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.

Problem Breakdown

6

1. Create a working base2. Burn the keys to the board, sign and verify U-Boot in non-secure mode3. Go to closed configuration

• Burn the closed configuration fuse• Boot U-Boot

4. Sign the kernel• Sign the kernel image• Modify U-Boot to authenticate the kernel• Make sure the kernel boots

5. Lock down other code execution methods• Disable U-Boot commands• Secure JTAG• Burn the fuse to stop keys being overwritten

© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.

Signed U-Boot

7© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.

Secure Boot Process

8© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.

Copy U-Boot IVT to Internal RAM

Valid IVT?

Load U-Boot into SDRAM

Yes

Attempt secure serialboot

No

Process CSF(Authenticate U-Boot)

Fail

Load Kernel to SDRAM

Authenticate Kernel Boot

HaltSuccess

Fail

Success

Summary

9

• Chain of trust to kernel• More lock-down for a full chain of trust

© 2013 BSQUARE Corporation. All rights reserved. BSQUARE is a registered trademark of BSQUARE Corporation. All other names, product names and trade names are trademarks or registered trademarks of their respective holders.

Thank You

Tim Stableford

01225 710663 | tims@bsquare.com