Embedded systems protection?
M. Warner Losh
imp at bsdimp.com
Fri Jun 15 14:15:27 UTC 2007
In message: <5d84cb30706150434u6e722912w9edac38e62bd97c3 at mail.gmail.com>
"Karl_Sjödahl_-_dunceor" <dunceor at gmail.com> writes:
: On 6/15/07, Krassimir Slavchev <krassi at bulinfo.net> wrote:
: > -----BEGIN PGP SIGNED MESSAGE-----
: > Hash: SHA1
: >
: > Hello All,
: >
: > I am looking for ideas how an embedded system can be secured against
: > copying ...
First, you need some way to have secure hardware. You need to find
some way to be able to insert code into a device, throw a switch
(usually an internal fuse) that turns off the programming ability.
Ideally, all of this is inside the chip. While not secure against
someone with infinite money, it is secure against most users, even
professionals.
: One way that is popular is to use a OTP flash with a cert inside that
: you verify to see if something has changed.
:
: Otherwise certs in different ways is the approach.
This will only prevent unauthorized users, or at least users who
haven't had their software signed (or users that are sophisticated
enough to bypass these checks). An OTP flash part just makes it
harder for someone to put their own software in place. If the OTP
part is just a 8-pin IIC device, then popping a new one in isn't all
that hard, and reading the OTP out of circuit is also easy.
Warner
More information about the freebsd-embedded
mailing list