As previously discussed on Bits & Pieces, the Cosino Project is an embedded prototyping system that combines the functionality of a mini-computer with those of a professional automation system. Cosino includes a comprehensive lineup of CPU boards, carrier boards and multiple peripherals that support industrial applications, as well as countless DIY projects by Makers.
With the recent launch of the Cosino Enigma, the team will now enrich their offering of Atmel based MPU modules. This new CPU module supports secure boot, which allows a user to store all of their software in an encrypted form on the system’s mass memory, therefore making it inaccessible to unauthorized intrusions!
How the secure boot works
Enigma’s CPU has two way of functioning: normal mode and secure mode. In the former mode, the CPU is no different than all other CPUs; however, once the secure mode is activated, it will execute ONLY encrypted code.
In normal mode, the boot stages consist of:
- The on-chip ROM bootloader loads the pre-bootloader from an external mass storage into the internal RAM, then
- The pre-bootloader sets up the external RAM and loads the bootloader from an external mass storage into external RAM, then
- The bootloader can setup some peripherals in order to prepare the system for the kernel and loads the kernel from an external mass storage into external RAM, then
- The kernel activates all system’s peripherals and mounts the rootfs from an external mass storage and starts the user’s processes executions.
Starting from stage 2, all the software that is not coded in ROM can be potentially subjected to attempts to replace the original firmware with a malicious one, simply by altering the code images stored into the system’s mass storage memory.
In industry applications this can lead to several issues related to system security. For instance, let’s consider a biomedical application where the system MUST not work continuously for more than 2 hours. The manufacturer can program the software in order to respect this directive; however, a malicious user may gain access to the system’s mass storage, copy it and then modify it in such a way that the machine can now work for more than 2 hours!
How can the manufacturer protect itself? It can simply use the secure mode!
Once the secure mode is activated, the Enigma’s CPU will execute ONLY encrypted code. In fact, when in secure mode, the internal ROM boot loader (during stage 1), will load the pre-bootloader image and it will then decrypt it by using the AES algorithm with the secret key deeply stored into the CPU.
Note that the AES key is not readable by using any CPU instruction nor the JTAG which is disabled too!
It’s obvious that without knowing the secret key is quite difficult to alter the pre-bootloader code! While, we have just shown that the second stage is secure, by using the same trick for both stage 3 and 4, all the booting chain is secure as well.
But, what about the root file system? Several solutions may be used; however, the SAMA5D3 based Cosino Enigma solution is used as an embedded file system into the kernel, and in the event that large data storage is needed, to mount an encrypted partition.
What the secure boot cannot do
Despite the secure mode, your system is not protected against backdoors and programming bugs, but these issues are NOT due the secure mode but due weak programmers! The secure mode can assure that your code cannot be altered and/or read so, if your code is well-written, the system is strongly protected against malicious attacks.
The secure boot and the Libre Software
Since Cosino Enigma runs a complete GNU/Linux system, how can it fit within the open source/free software licences? The answer: the unlock track.
By damaging this track on the board, the user can unlock the system; that is, even in secure mode the CPU can run unencrypted code, so every open source/free software licence is respected! Of course, the manufacturer can release the open source/free software code but NOT its protected code.
In addition, the integrity of the unlock track can be used to assert the warranty integrity; once damaged, the unlock path can assert that the warranty is now void. The open source/free software licence is saved and the manufacturer can decline all responsibility against any software modifications.
The newly-unveiled board features a vast range of I/O peripherals and communication ports. Along with the TFT touchscreen LCD panels driver capable of resolutions up to 1024×768 pixels, it makes the Cosino Engima quite suitable for human/machine interfaces, gateways, and industrial controllers.
Aside from the ARM Cortex-A5 based SAMA5D3, other key specs include:
- Internal hardware floating-point unit
- 256MB (optional 512) SDRAM DDR2
- 256MB NAND
- 1x Ethernet 10/100 (optional 1000)
- 2x USB Host 2.0
- 1x USB Host/Device 2.0
- 2x microSD
- 7x UART
- 1x LCD
- 1x real-time clock1
- 1x I2C
- 2x SPI
- 1x crypto engine
- 1x true number generator
Interested in learning more? You can check out Cosino’s official page here.