Support of Secure Boot with netX90
- Yuriy Zavgorodniy
Secure boot is used to prevent untrusted firmware from being executed on the netX90.
The netX 90 provides built-in security features based on a hardware root of trust. The security features are handled by the netX 90 ROM code, which includes:
management and protection of the security configuration
enabling secure boot via signature verification of the executed firmware
The secure configuration required by the ROM code shall be stored in the built-in secure flash memory of netX90. The security configuration includes:
protection options to determine the level of security which will be enforced by the ROM code
encryption keys which are used for signature verification when secure boot is enabled
device data which can be used for optional signature binding
Prerequisites
Following prerequisites exist in order to enable and use secure boot feature on netX90.
Prerequisites | Details | Explanation |
|---|---|---|
netX90 Hardware | requires the series netX 90 with date code 1910 and later. | ROM code changes to support secure boot functions |
Hardware and Maintenance configuration files (HWC / MWC) | Signed "BootSwitcher" code shall be added to HWC/ MWC. Use netX Studio CDT and/or netX 90 Tool Collection (see below) | “BootSwitcher” code is requred to support secure reset and firmware update process |
Maintenance Firmware (MFW) | Version V2.1.0.0 or later is required | Newer maintenance firmware provides support for signed firmware update container “fwupdate.nxs” files, performs signature verification before firmware installation and supports reset with secure boot activated system |
The main component for firmware updates and firmware signature verification is the Maintenance firmware (MFW).
A firmware download could be done either by a running firmware or via the maintenance firmware. The firmware installation (copy the firmware to an executable area) is only done by the MFW, because only the maintenance firmware has write access to the area where the firmware is stored for execution.
If the system is in secure boot mode, the MFW first checks if the actual update container is an NXS file (special kind of zip container) before starting a verification process. The file signature is verified against the key stored in the built-in secure flash memory. Only if this verification is successful, the new firmware will be installed (copied to the FLASH execution area) of the netX90.
Compatible netX90 loadable firmware
The loadable firmware variants for netX90 was updated with new functions, e.g.
support the required reset handling in secure boot enabled system
support the signed firmware update container “fwupdate.nxs” file.
the loadable firmware variants which support the firmware update via integrated webserver will accept signed firmware update container “fwupdate.nxs” file.
All netX90 firmware use cases A, B, C and variants support firmware signing for secure boot.
The loadable firmware variants for netX90 starting from firmware release in following list can be used with secure boot:
PROFINET IO-Device V5.5.0.0 and later
Open Modbus/TCP V5.2.0.0 and later
CC-Link IE Field Basic Slave V5.1.0.0 and later
EtherNet/IP Adapter V5.4.0.0 and later
EtherCAT Slave V5.4.0.0 and later
POWERLINK Controlled Node V5.2.0.0 and later
Sercos Slave V5.2.0.0 and later
CANopen Slave V5.2.0.0 and later
DeviceNet Slave V5.2.0.0 and later
PROFIBUS DP Slave V5.2.0.0 and later
IoT Solution Product V2.3.0.0 and later
netFIELD Device Firmware v1.3.0.0 and later
Getting Started documentation
Hilscher provides comprehensive tool support for testing and activation of secure boot in netX90 based products, as well as collection of tools required to support series production process.
most recent version is provided here | The netX Studio CDT (C/C++ Development Tooling) is an Eclipse-based IDE (Integrated Development Environment) for Hilscher netX SoCs. The tools from the netX tool collection are integrated into netX Studio CDT and provide user guidance during development process. The documentation netX Studio CDT for netX 90 development provides detailed descriptions and step-by-step guides, particulary for Secure Boot:
|
most recent version is provided here | The netX Tool Collection is provided to enable user to create and flash software and configuration to the netX 90 device. Furthermore, it allows to sign configuration files and software to enable secure boot on the device. The documentation netX 90 Tool Collection provides detailed description of tools and usage options. The tools providing command-line interface and can be used to support the series production process. |
Basic workflow to enable secure boot
In order to enable the secure boot on netX90 device the following principal workflow is provided below:
Activity | Required files | Tool |
|---|---|---|
Generating the firmware and master keys |
| netX Studio → Generate Test Keys |
Loading the keys into the flash memory | public firmware and master keys | netX Studio → Security Configuration |
Signing the files for secure boot | .mwc / .hwc / .mxf /.nxi / .nxe / .nai / private firmware key | netX Studio → Signing Tool |
Flashing the signed files | signed files (.mwc / .hwc / .mxf /.nxi / .nxe / .nai) | netX Studio → Flasher |
Enabling secure boot | private firmware key | netX Studio → Security Configuration |
Updating a netX90 device with a nxs file | .nxs file (signed FWUPDATE.zip) | standard Web Browser |
Further activities:
Activity | Required files | Tool |
|---|---|---|
Create and/or export a security configuration with a connection to the device | private master key | netX Studio → Security Configuration |
Import a security configuration | .usp security configuration | netX Studio → Security Configuration |
Create and export a security configuration without a connection to the device | public firmware and master keys | netX Studio → Security Configuration |
Disabling secure boot | private firmware key | netX Studio → Security Configuration |
Signing a .usp security configuration file | private master key | netX Studio → Security Configuration |