DIY: Using trust to secure embedded projects
This talk from Shmoocon 2013 provides a DIY guide to using Trusted Computing on embedded devices.
The authors introduce a low-cost schematic using Atmel’s CryptoModule (AT97SC3204T) and CryptoAuthentication (AT88SA102S) ICs, and release drivers for UEFI, U-Boot, and the Linux kernel.
Using these ICs as a base, they demonstrate (and provide code) ways anyone can use Trusted Computing concepts for embedded projects (Linux IMA, signed data exchange), most importantly, a secured bootstrap from ROM code to a userland application.
They also demonstrate how the TPM can be used to encrypt and sign Ethernet frames. This is a response (and implementation of a well-known mitigation strategy) to attack vectors using various pre-boot environments such as UEFI, BIOS, Option ROM, and other bootloaders.
By the end of the presentation, participants should understand how to use a TPM to secure their creative embedded projects.
About the authors
Teddy is a computer science researcher working for the USA with a focus on large-scale enterprise network modeling and simulation. He has a passion for security and CTF competitions.
David is currently employed as an incident responder with a strong interest in software engineering. He is a recent college graduate with a passion for cryptography, cryptanalysis and digital privacy.