X-CUBE-SBSFUExpansion software for STM32CubeSecure boot & secure firmware update

In the News 2

http://fortune.com/2016/03/29/hack-printers-internet-of-things/http://fortune.com/2016/03/29/hack-printers-internet-of-things/http://hackaday.com/2016/07/26/root-on-the-philips-hue-iot-bridge/http://hackaday.com/2016/07/26/root-on-the-philips-hue-iot-bridge/http://arstechnica.com/security/2016/01/how-to-search-the-internet-of-things-for-photos-of-sleeping-babies/http://arstechnica.com/security/2016/01/how-to-search-the-internet-of-things-for-photos-of-sleeping-babies/http://www.techrepublic.com/article/iot-and-liability-who-pays-when-things-go-wrong/http://www.techrepublic.com/article/iot-and-liability-who-pays-when-things-go-wrong/http://www.itpro.co.uk/security/27013/osram-smart-lighting-flaw-lets-hackers-breach-home-wi-fihttp://www.itpro.co.uk/security/27013/osram-smart-lighting-flaw-lets-hackers-breach-home-wi-fihttp://www.channelnomics.eu/channelnomics-eu/analysis/2466253/why-the-next-big-data-breach-could-come-from-the-heatinghttp://www.channelnomics.eu/channelnomics-eu/analysis/2466253/why-the-next-big-data-breach-could-come-from-the-heating

Today’s Connected World 3

65%

Operating system based solutions

20 Billion

Our concern for tomorrow 4

48 Billion

Embedded solutions

65%

What will embedded solutions protect ? 5

• Their ServicesWhat the end customer pays

• Their NetworksAvoid DoSProvide quality/reliability

• Their BrandWhat we sell every day !

Node Gateway Cloud

Secure BootR

oot of TrustCategories of attacks 6

• Logical attack From outside the box

• Board-level attack From inside the box

• Chip-level attack From inside the chip

Today 95 % IOT attacks

Cloningattacks

Logical• Local or remote• Open ports• SW Bugs• Debug I/Fs• Etc.

Cost and expertise of attack materials

Board-level• Memory probing• « Mod-chips »• Fault injection• Side-channels• Etc.

Chip-level• Probing• Laser• FIB• Reverse Eng.• Etc.

Secure Boot / Root of Trust Target• Immutable Secure Boot code

• Executed first at reset

• Verify the platform integrity• Clock settings• Register configurations• Memory Protection, ….

• Launch Root of Trust services• Authentication of code• Uses cryptographic keys and

encryption functions

7

Secure Boot

Code

Reset

Trusted

First stageLoader

Code Cert.

Second StageApplication

Code Cert.

Authenticates

Authenticates

Root of Trust General Process stored in the device• Performed at each RESET, using a Key

• It is a predictable process

8

Trusted

Code Authentication

Stored Certificate

MAC Function

Calculated Certificate

Compare

OK

NOK

Reload

Run Code

SBRoTReset

Appli Stage X

+

File

Code Image

Current Market approach• Not a single standardized Secure Boot / Root of Trust model

9

SBRoT 1

Reset

Stage Xapplication

SBRoT 2

Reset

Stage Xapplication

SBRoT n

Reset

Stage Xapplication

Industrial

LPWAN

NB IOT

SBRoT x

Reset

Stage Xapplication

SBRoT y

Reset

Stage Xapplication

SBRoT z

Reset

Stage Xapplication

Cloud

Metering

…

How to support such approach• Embedded ROMed code

• ST proposal• Allow Industries to develop their own Secure Boot / Root of Trust method• Propose a way to securely load it into the STM32• Propose a way to isolate and securely execute it within STM32

10

SB / RoT approach feasibility remarks

One code on all STM32 May not be market acceptable

Multiple code on STM32 Diversify productsIncrease development, qualification, certification, cost

Secure Firmware Update 11

Communication Device

Sensor

MCU

Server

Firmware

Firmware

Symmetric Key

Developer

Data File

Firmware

MCUServer Communication Encrypted File

Data FileData File

Cloud • Server sends FW update

• Device receives, stores newFW update and executes it

Data File

Secure Firmware Update

• Complete process performed in a secure way

• Prevent Unauthorized updates

• Access to secret code and key

• Access to confidential on-device data

• Developed in several software modules

12

SBSFU software package overview• Secure Boot (SB) module

• Execution with Root of trust service

• Application authentication and Integrity check before execution

• Secure Firmware Update (SFU) module• Detect new FW version to install

• From local download service• Pre-downloaded OTA via User application from previous execution…

• Manage FW version (check unauthorized updates or unauthorizedinstallation)

• Secure FW update:• FW Authentication and Integrity check• FW decryption• FW installation

• In case of any error occurring during new image installation,possibility to rollback to the previous valid version…

• Execute new installed FW (once Authenticated and integritychecked)

13

• Secure Engine (SE) module• Code isolated from main Firmware Secure

execution

• Dedicated to executing cryptographicalgorithms

• Manage secure key storage

Secure Firmware Update Process• Performed when a new firmware update is available by the using a

public key stored in the device

• Each new firmware update is authenticated before being installed

14

Code Authentication

Keyed-Hash Value

MAC

Calculated Value

Compare

OK

NOK

Reject

Install CodeClear TextDecryption

+

Data FileEncrypted File

Data File

Clear Text

Foundation of Trust

Security Layering• MCU Security Features

• Used to establish a robust platform on which trusted processes and associated cryptographic functions can be performed

• Cryptographic Functions• Preserve confidentiality, verify integrity, authenticity

• Secure Boot (SB) and Secure Firmware Update (SFU)

• Establishing a Root-of-Trust• Building a system that can evolve to counter new

threats, add new functionality, fix bugs in a controlled and secure way once the device is in the field

15

Application• Features / Services • Communication (TLS)

MCU Security FeaturesRDP WRP MPUPCROPFirewall

Cryptographic functions• Confidentiality, Integrity, Availability

Security Services• Secure Boot, Secure Firmware Update

Security

• Proprietary code Read Out Protection (PcROP)

• Readout Protection (RDP)• Level 0: no readout protection• Level 1: memory readout protection• Level 2: chip readout protection

• Specific configurable area• 1 each per Flash memory bank

• Write protection (WRP)• 1 each per Flash memory / SRAM

sector

Flash memory code and registers (+ SRAM2 in L4) cannot be dumped through JTAG/SWD or by the CPU itself booted from other memories than internal Flash

Flash memory code is only executable, cannot be read and dumped by the CPU

Flash memory code is protected from unwanted write/erase operations

16

STM32 Static Protections

SecuritySTM32 Dynamic Protections

• Firewall• Code or data protection in Flash memory

or SRAM

• MPU• Memory isolation• Hard-fault or core lock-up in case of

violation

• Backup domain and Anti-Tamper• Independent voltage• RTC, Backup SRAM• Tamper detection pin

Single call-gate interfaceTrusted execution regionIdeal to protect sensitive function and IPfrom the rest of the application

Detection of tamper eventReset of all backup registerTime stamp event

Read, Write, eXecute attribute per region Prevent stack overflows System protection against unintended modification

17

SBSFU-based product architecture overview 18

Security Mindset / Security • First, know what you want

• What do you want to protect ?• What do you want to protect it against ?

• Then look at how to protect it

• Examine the protection we justadded

• Is it fully protecting?• Is it adding some weakness• Does it requires additional elements to

protect

19

Look at allthe elementsof the system

Incrementalprocess

michael millerCross-Out

Protecting The Chain Of Trust 20

RDP–L2

• Disable external access• Protect boot options• Lock Option bytes

• WRP• PCROP

• Protect the codeenabling the MPU/Firewall

• Protect the codeconsidered trusted

• Protect part of theFlash memory

WRP PCROP

Trust

Firewall

• Protect RAMand Flashmemory atruntime

Trust

TrustCrypto

• Verify the integrityand authenticity ofthe userapplication

MPU

• Execution allowedonly inside thechain of trust

Trust

SB / SFU

Trusted

SBSFU covered use cases• Industrial Firmware Update

• Usually performed by a human• Requires a physical connection between the updater tool and the MCU

• UART, SPI, USB, ….. Wired connection• Able to stop the application running during the update• In case of update error, retry is manually managed

• Over The Air Firmware Update (FOTA)• Stand alone update operation• Uses device connectivity to receive and manage the update

• Wi-Fi, LPWAN, BT/BLE, ….• Running application manages its own firmware update• Retry may be difficult to support

21

SBSFU : 2 implementations

• 1) Non isolated modules• Secure Boot and Secure Firmware Updates form a single immutable code protected

the same way• It includes cryptographic and SFU keys• Introduce Root of Trust protection mechanism into STM32

• 2) Isolated modules• Secure Boot module is immutable code• Secure Engine is isolated from rest of code• Secure Firmware Update includes Root of Trust verification runtime code

22

SBSFU roadmap on STM32 23

SBSFU package now available for STM32L4 series

• X-CUBE-SBSFU expansion software available from ST website• www.st.com/x-cube-sbsfu

24

http://www.st.com/x-cube-sbsfu

Recommendations• Reduce risk

• Ensures products are strengthened against attacks throughout their entire lifetime

• Understand the value of your assets• Perform threat analysis• Confidentiality, availability and integrity are key

• Use good design practices to develop and maintain secureproducts

• Use security features and tools to achieve robust products• Work with trusted and experienced partners

25

Releasing Your Creativity 26

www.st.com/stm32trust/STM32 @ST_World ST community

https://www.facebook.com/pg/STM32/about/?ref=page_internalhttps://community.st.com/s/topic/0TO0X000000BSqSWAW/stm32-mcushttps://twitter.com/st_world

X-CUBE-SBSFU �software expansion for STM32Cube �Secure boot and secure firmware update In the NewsToday’s Connected WorldOur concern for tomorrowWhat embedded solutions shall protect ?Categories of attacksSecure Boot / Root of Trust TargetRoot of Trust General ProcessCurrent Market approachHow to support such approachSecure Firmware UpdateSecure Firmware UpdateSBSFU software package overviewSecure Firmware Update ProcessSecurity LayeringSecuritySecuritySBSFU Based product architecture overviewSecurity Mindset / Security Protecting The Chain Of TrustSBSFU covered use casesSBSFU : 2 implementationsSBSFU roadmap on STM32SBSFU package now available �for STM32L4 seriesRecommendationsReleasing Your Creativity