ARM Server s Firmware Security

Similar documents
Tailoring TrustZone as SMM Equivalent

Standardized Firmware for ARMv8 based Volume Servers

PreBoot Provisioning Solutions with UEFI

UEFI and IoT: Best Practices in Developing IoT Firmware Solutions

UEFI and the Security Development Lifecycle

UEFI updates, Secure firmware and Secure Services on Arm

System Firmware and Device Firmware Updates using Unified Extensible Firmware Interface (UEFI) Capsules

Enabling Advanced NVMe Features Through UEFI

UEFI in Arm Platform Architecture

UEFI What is it? Spring 2017 UEFI Seminar and Plugfest March 27-31, 2017 Presented by Dong Wei (ARM) presented by. Updated

Firmware Implementation Techniques to Achieve Windows 8 Fast Boot

ARM Trusted Firmware ARM UEFI SCT update

Strengthening the Chain of Trust. Kevin Lane HP Jeff Bobzin Insyde Software

UEFI ARM Update. UEFI PlugFest March 18-22, 2013 Andrew N. Sloss (ARM, Inc.) presented by

ARM Security Solutions and Numonyx Authenticated Flash

Implementing Secure Boot: A Refresher on Key & Database Configuration

The Next Steps in the Evolution of Embedded Processors

ARM64 Server RAS Solutions. Jonathan (Zhixiong) Zhang Cavium Inc.

General Firmware Overview of Recommendations for Window OS

Attacking and Defending the Platform

Designing Security & Trust into Connected Devices

"Last Mile" Barriers to Removing Legacy BIOS

ARM TrustZone for ARMv8-M for software engineers

UEFI ARM Update. Presented by Mitch Ishihara. UEFI Plugfest October presented by

AMD Security and Server innovation

UEFI Plugfest March

The Role UEFI Technologies Play in ARM Platform Architecture

Resilient IoT Security: The end of flat security models

Microsoft UEFI Certification Authority

Build Cloud Infrastructure with ARMv8

Firmware. OSF (open System. Gundrala Devender Goud Engineering Director/Azure/Microsoft OCP/OSF Project Lead

An Introduction to Platform Security

UEFI Forum Update. UEFI Spring Plugfest March 29-31, 2016 Presented by Dong Wei (The UEFI Forum)

Designing Security & Trust into Connected Devices

System Prep Applications A Powerful New Feature in UEFI 2.5

A Developer's Guide to Security on Cortex-M based MCUs

Using the UEFI Shell. October 2010 UEFI Taipei Plugfest Insyde Software

Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

UEFI Secure Boot and DRI. Kalyan Kumar N

M a n a g i n g C l o u d H a r d w a r e. Alfie Lew, Inspur John Leung, Intel Sai Dasari, Facebook

Lessons Learned from Implementing a Wi-Fi and BT Stack

Provisioning secure Identity for Microcontroller based IoT Devices

Trustzone Security IP for IoT

Fundamentals of HW-based Security

Mohan J. Kumar Intel Fellow Intel Corporation

OP-TEE Using TrustZone to Protect Our Own Secrets

M2351 Security Architecture. TrustZone Technology for Armv8-M Architecture

Introduction to Standards based approach to Server

Use of Mojo PowerPoint Template. Your name, Title

Engineering UEFI Firmware for Windows: Best Practices and Pitfalls to Avoid

Implementing MicroPython as a UEFI Test Framework

Manufacturing Tools in the UEFI Secure Boot Environment

Designing, developing, debugging ARM Cortex-A and Cortex-M heterogeneous multi-processor systems

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

Embedded Base Boot Requirements. Dong Wei

ServerReady and Open Standards Accelerating Delivery

New Approaches to Connected Device Security

The Next Steps in the Evolution of ARM Cortex-M

The TPM 2.0 specs are here, now what?

Designing Security & Trust into Connected Devices

Introduction to Intel Boot Loader Development Kit (Intel BLDK) Intel SSG/SSD/UEFI

Hardware Prototyping Using a Windows-Hosted UEFI environment

What s In Your e-wallet? Using ARM IP to Enable Security in Mobile Phones. Richard Phelan Media Processing Division TrustZone Security Technology

ARM instruction sets and CPUs for wide-ranging applications

Security in NVMe Enterprise SSDs

Microsoft Sample Code on GitHub and Walkthrough on Firmware Updates to Windows Update (WU)

Leveraging Windows Update to Distribute Firmware Updates Model Based Servicing (MBS)

How to protect Automotive systems with ARM Security Architecture

The Future of Security is in Open Silicon Linux Security Summit 2018

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

PL-I Assignment Broup B-Ass 5 BIOS & UEFI

Implementing Advanced USB Interrupt Transfers

Embedded System Security Mobile Hardware Platform Security

Embedded System Security Mobile Hardware Platform Security

Comparison on BIOS between UEFI and Legacy

ARM Trusted Firmware From Embedded to Enterprise. Dan Handley

Reliability, Availability, Serviceability (RAS) and Management for Non-Volatile Memory Storage

the ARMv8-M architecture

Introduction to Embedded Bootloader. Intel SSG/SSD/UEFI

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

ARM SERVER STANDARDIZATION

ARM processors driving automotive innovation

Windows To Go and USB Boot

UEFI Manageability and REST Services

Next Generation Enterprise Solutions from ARM

Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

HP Sure Start Gen3. Table of contents. Available on HP Elite products equipped with 7th generation Intel Core TM processors September 2017

Connecting Securely to the Cloud

CIS 4360 Secure Computer Systems Secured System Boot

GSE/Belux Enterprise Systems Security Meeting

Implementing Secure Software Systems on ARMv8-M Microcontrollers

High-Performance, Highly Secure Networking for Industrial and IoT Applications

Komodo: Using Verification to Disentangle Secure-Enclave Hardware from Software

Software Development Using Full System Simulation with Freescale QorIQ Communications Processors

Securing IoT with the ARM mbed ecosystem

ARM Trusted Firmware Evolution HKG15 February Andrew Thoelke Systems & Software, ARM

Spring 2018 UEFI Plugfest

Maximizing heterogeneous system performance with ARM interconnect and CCIX

A Tour Beyond BIOS Using the Intel Firmware Support Package with the EFI Developer Kit II

Statement of Volatility Dell PowerEdge R730 and R730XD

Transcription:

presented by ARM Server s Firmware Security Spring 2017 UEFI Seminar and Plugfest March 27-31, 2017 Presented by Zhixiong (Jonathan) Zhang (Cavium, Inc.) Updated 2011-06- 01 UEFI Plugfest March 2017 www.uefi.org 1

Agenda Challenges Hardware Design Differentiations Firmware Solutions Conclusion Q&A UEFI Plugfest March 2017 www.uefi.org 2

Challenges UEFI Plugfest March 2017 www.uefi.org 3

Market for ARMv8 volume servers HPC Cloud Compute UEFI Plugfest March 2017 Telco Storage www.uefi.org OCP Web Hosting 4

Future opportunities Tomorrow s edge devices face similar security challenges as today s server do. Tomorrow s edge devices are: Always on-line Open hardware design Open software design UEFI Plugfest March 2017 www.uefi.org 5

Managing firmware images in a data center Data centers have many hosts and appliances with different architectures. One network storage appliance may have dozens of hosts. One host has multiple FW images: Processor FW images: ARM TF, UEFI Microcodes for inter-processor link, PCIe, etc. UEFI Plugfest March 2017 www.uefi.org 6

Security related ARM standards Trusted Base System Architecture Presents a System-on-Chip (SoC) architecture that incorporates a trusted hardware base suitable for the implementation of systems compliant with key industry security standards and specifications, in particular those dealing with third party content protection, personal data, and second factor authentication. Trusted Board Boot Requirements Describes and defines a Trusted Boot Process for application processors based around the ARMv8-A architecture. Note: Both standards are ARM partners only. They are for client devices, but useful as reference for server. UEFI Plugfest March 2017 www.uefi.org 7

Hardware Design Differentiations UEFI Plugfest March 2017 www.uefi.org 8

On-chip secure controller SOC DDR Controllers On chip I/O Controllers Management Cores (including secure controller) Main Cores Coherent Fabric Caches Inter-chip Connect PCIe Root Complexes UEFI Plugfest March 2017 www.uefi.org 9

Security related co-processors Common storage area in SoC for all cores. Random number generator/memory. UEFI Plugfest March 2017 www.uefi.org 10

ARM TrustZone technology https://www.arm.com/products/security-on-arm/trustzone UEFI Plugfest March 2017 www.uefi.org 11

ARM TrustZone technology Secure memory Operation fails when a non-secure bus master attempts to access secure memory. Secure devices A secure interrupt controller and timer allows a non-interruptible secure task to monitor the system. A securable keyboard peripheral enables secure entry of a user password. Secure world ARMV8 architecture defines secure world vs. non-secure world. A CPU can context switches between secure world and non-world and among different exception levels. UEFI Plugfest March 2017 www.uefi.org 12

Firmware Solutions UEFI Plugfest March 2017 www.uefi.org 13

ARM Trusted Firmware UEFI Plugfest March 2017 www.uefi.org 14

Secure world service Non-secure World SW 1. Request Service Secure 2. Request Data World SW 4. Provide Result 3. Provide Data Secure device Non-secure World SW 2. Non-Secure Interrupt fired Secure World SW 1. Secure interrupt fired Secure device UEFI Plugfest March 2017 www.uefi.org 15

Secure memory Any data not needed by non-secure SW must reside in secure memory! Non-secure memory is inherently not safe. Don t leak secrets! When copying data from secure memory to non-secure memory. Don t trust input! When copying data from non-secure memory to secure memory. UEFI Plugfest March 2017 www.uefi.org 16

Secure device Which devices must be made secure devices? If direct device access from NS world is not necessary. Example: flash. If device is not needed by main cores. Example: management controller controlled devices. If device is only needed by secure world. Example: security related co-processors, secure interrupt/timer. Devices unsecure but not exposed to OS: This can be done through either ECAM enumeration disable, ACPI (Device Tree), or both. Device used by UEFI run time service. Example: RTC device. UEFI Plugfest March 2017 www.uefi.org 17

Capsule update Intel s recent works: Patchset: https://lists.01.org/pipermail/edk2-devel/2016- November/004244.html Whitepaper: https://github.com/tianocoredocs/docs/raw/master/white_papers/a_tour_beyond_bios_cap sule_update_and_recovery_in_edk_ii.pdf Windows: Whitepaper: https://msdn.microsoft.com/enus/windows/hardware/drivers/bringup/windows-uefi-firmwareupdate-platform Redhat: Fwupd project: http://fwupd.org.s3-website-eu-west- 1.amazonaws.com/ Blog: https://blog.uncooperative.org/blog/2015/09/16/an-updateon-firmware-updates/ UEFI Plugfest March 2017 www.uefi.org 18

A tale of platform firmware update User: Issue firmware update command from OS OS: Are the capsule/platform good to go? No Yes OS: Copy capsule to EFI System Partition; set a special OS bootloader as BootNext; reboot OS bootloader: Deliver user interface; call UpdateCapsule() UEFI Plugfest March 2017 www.uefi.org 19

A tale of platform firmware update UEFI DXE driver: Is the capsule valid? No Yes UEFI DXE driver: issue SMC call to enter into secure world ARM TF secure service: flash new firmware image into flash, return to non- secure world UEFI DXE driver: return to OS bootloader OS bootloader: restore BootNext; reboot UEFI Plugfest March 2017 www.uefi.org 20

Secure boot Secure boot vs. managed boot. Chain of trust following PKCS (Public Key Cryptography Standards) Starting from bootrom, each boot loader loads, decrypts, authenticates, passes controls to, the next boot loader, all the way to OS. FW of other devices such as microcodes, need to be securely loaded as well, if applicable. UEFI Plugfest March 2017 www.uefi.org 21

Secure boot ARM TF https://github.com/armsoftware/arm-trustedfirmware/blob/master/docs/auth -framework.md https://github.com/armsoftware/arm-trustedfirmware/blob/master/docs/trust ed-board-boot.md UEFI Plugfest March 2017 www.uefi.org 22

Secure boot UEFI 2.3.1 Intel whitepaper: https://github.com/tianocoredocs/docs/raw/master/white_papers/a_tour_beyond_bios_into_u EFI_Secure_Boot_White_Paper.pdf Platform Keys: Establishes a trust relationship between the platform owner and the platform firmware. Must be stored in non-volatile storage which is tamper and delete resistant. Example: EEPROM. Key Exchange Keys: Establish a trust relationship between the operating system and the platform firmware. Must be stored in non-volatile storage which is tamper resistant. Example: flash that is secure, eg. non-accessible from nonsecure world. UEFI Plugfest March 2017 www.uefi.org 23

Secure boot UEFI 2.6 Customized UEFI secure boot: http://www.uefi.org/sites/defaul t/files/resources/uefi_plugfes t_vzimmer_fall_2016.pdf https boot: https://github.com/tianocoredocs/docs/raw/master/white_ Papers/EDKIIHttpsBootGettin gstartedguide_1.2.pdf UEFI Plugfest March 2017 www.uefi.org 24

Conclusion UEFI Plugfest March 2017 www.uefi.org 25

Challenges mean opportunities As UEFI becomes centerpiece of modern day devices, from server to embedded devices, their security faces new challenges ARM SoC and UEFI FW ecosystem provide necessary building blocks for security solutions UEFI Plugfest March 2017 www.uefi.org 26

Go ahead of the curve We will bankrupt ourselves in the vain search for absolute security Dwight D. Eisenhower But in the mean time, we need to plan ahead A chain is no stronger than its weakest link. UEFI Plugfest March 2017 www.uefi.org 27

UEFI Plugfest March 2017 www.uefi.org 28

Thanks for attending the Spring 2017 UEFI Seminar and Plugfest For more information on the UEFI Forum and UEFI Specifications, visit http://www.uefi.org presented by UEFI Plugfest March 2017 www.uefi.org 29

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback