Linux Security 1 - Secured Embedded Linux Platform Build
The security of embedded systems is important today and even more in the future.
Linux is dominant as an operating system for embedded devices. Even if there is no great ‘attack’ interest in the device itself, the embedded device can be a gateway for malware to access other systems.
In this course, you will learn the various options for secure boot and installation, as well as cryptography. You will learn how to build and start Linux in different environments such as ARM but also on RISC-V and X86_64 platforms.
You learn to use the OP-TEE environment (Open Portable Trusted Execution Environment) in practical exercises. This course is a prerequisite for the Linux hardening course.
Objectives:
• Implementing secure boot
• Verifying the authenticity of system components before they are loaded and executed.
• Ensure the authenticity and integrity of the bootloader, kernel.
• Implements the Trusted Boot
• Provides a secure environment for the secure monitor firmware.
• Run OP-TEE on secure environment that runs alongside the main operating system.
Course Format:
• Online or onsite course, 2 days, 6 hours each (excluding break time) total 12 hours.
• From 40% to 50% of training time is devoted to practical activities.
• Labs are conducted on QEMU ARM-based board.
Prerequisites:
• C Language knowledge
• Embedded Linux Build knowledge
For in-house training the agenda can be adapted to your needs. Please ask!
Day One
Linux overview
Linux history
Linux architecture and modularity
Linux system components
The various licenses used by Linux (GPL, LGPL, etc)
Boot Chain
Low-level boot
Boot on NOR
Boot on NAND
Boot on SD/MMC/eMMC
Multistage Boot
Why do we need a trusted boot chain
Security Concerns
Confidentiality and Integrity
Tampering Prevention
Compliance and Certification
Secure Boot
Secure Boot concept
The chain of trust
Complete secure boot process
Key Management
Introduction to key management
Cryptographic algorithms and key types
Key storage options: Hardware-based and software-based
Key management processes: Generation and revocation of keys
ARM-based platforms hardware features overview
Secure Monitor
Secure World
Trusted Execution Environment
Secure Boot on RISCV and X86_64
Cryptographic Accelerators
Software Solutions
Open source
Proprietary
First and Second Stage Bootloaders
U-Boot
Capabilities and features
Configuration, customization, and compilation
U-Boot SPL as First-Stage Boot Loader (SSBL)
Role of u-boot in the trusted boot chain
How U-Boot verifies the authenticity of the images it loads
Configuration options for securing the boot process
Interaction with the secure world and Trusted Execution Environment
Signing U-boot
Arm Trusted Firmware (ATF)
Overview and features
ATF Boot flow
Services
Build and deploy
Other platform specific components
Secured Linux Image
Introduction to Linux kernel
Source code
Configuration
Compilation
FIT (Flattened Image Tree) Image
What is FIT and why is it used
Advantages of using FIT image
Configuration
Building a Secure FIT Image
Kernel Configuration for a Secure Linux Platform
Configuration options for secure boot in the Linux kernel
Access Control Configuration overview
Exercise: Boot the platform with the prebuilt image
Exercise: Generate keys that are going to be used for platform encryption
Exercise: Build and boot the platform with U-boot as FSBL and SSBL
Exercise: Build and Boot the platform with ATF as FSBL and U-boot as SSBL
Exercise: Create a secured FIT Linux image
Day Two
Security Considerations when Creating a Root Filesystem
Tips for hardening and securing a rootfs
Minimizing the rootfs
Strong authentication
Keep software updated
Using initramfs
Read-only root filesystem
Introduction to read
only root filesystem
Purpose and benefits
Overview of the different solutions available
SquashFS
Explanation of what SquashFS is and how it works
Pros and cons of using SquashFS
Steps to create a SquashFS image
Mount SquashFS image as a read-only root filesystem
CramFS: Small memory footprint
OverlayFS-based read-only root filesystem
UnionFS-based read-only root filesystem
Considerations when choosing a read-only root filesystem solution
Evaluation based on use case, security, performance, and compatibility
Encrypting Update Images
Securely update Linux platform using Mender
Data encryption
Why data should be encrypted?
Data encryption implications
Full disk encryption
Overview and risk
Encryption at a disk partition level or the whole disk
How to use dm-crypt
Other solutions
LUKS
TrueCrypt
VeraCrypt
File-based encryption
How it works
Using fscrypt
Using eCryptFS
Advantages and disadvantages of each approach
Open Portable Trusted Execution Environment (OP-TEE)
Introduction to OP-TEE
Key Features
Hardware, software, and firmware requirements
Architecture of OP-TEE
Components, modules, and communication channels
Use Cases
Secure storage
Secure communication
Secure execution of applications
OP-TEE build and deployment
Setting up the environment
Configuration of OP-TEE
Compilation of OP-TEE
Comparison to other TEE solutions
Trusted Applications (TA) on OP-TEE
The role of a TA in a secure system
Writing a Trusted Application
Loading and executing a Trusted Application within the OP-TEE runtime
Debugging and testing Trusted Applications
Communication between Trusted Applications and normal world applications
Best practices for creating secure Trusted Applications
Exercise: Create a read-only file system using SquashFS
Exercise: Encrypt a partition
Exercise: Encrypt some files and directories
Exercise: Build and install OP-TEE
Exercise: Write a TA application that communicates with a normal world application
Nohau Training Partner
This course is provided by a Nohau Training Partner, a trusted provider of hands-on training for professionals in embedded systems, software development, and engineering.
