summaryrefslogtreecommitdiffstats
path: root/security-blueprint/part-1
diff options
context:
space:
mode:
authormudcam <v.nieutin@live.fr>2017-12-07 10:31:22 +0100
committerronan [iot.bzh] <ronan.lemartret@iot.bzh>2017-12-07 12:52:16 +0100
commit981e9b9c4a40e248733d45cfedc6a512bdf95f5e (patch)
tree12526631368064d80c832d6bbf78b20af85c50f7 /security-blueprint/part-1
parentbc11e3eaceb629fbf5dee7ed7bfdf696839ddb12 (diff)
Add proposal for new security blueprint
Diffstat (limited to 'security-blueprint/part-1')
-rw-r--r--security-blueprint/part-1/0_Abstract.md70
1 files changed, 70 insertions, 0 deletions
diff --git a/security-blueprint/part-1/0_Abstract.md b/security-blueprint/part-1/0_Abstract.md
new file mode 100644
index 0000000..188c911
--- /dev/null
+++ b/security-blueprint/part-1/0_Abstract.md
@@ -0,0 +1,70 @@
+# Part 1 - Hardware
+
+## Abstract
+
+You will find in this first part everything that concerns the hardware security.
+The goal is to protect system against all attacks that are trying to gain
+additional privileges by recovering and/or changing cryptographic keys in order
+to alter the integrity of the boot. We should also prevent hardware modifications
+in order to achieve this goal. We will expose below some examples of possible
+configurations.
+
+--------------------------------------------------------------------------------
+
+## Acronyms and Abbreviations
+
+The following table lists the terms utilized within this part of the document.
+
+Acronyms or Abbreviations | Description
+------------------------- | --------------------------------------
+_HSM_ | **H**ardware **S**ecurity **M**odule
+_NVM_ | **N**on-**V**olatile **M**emory
+_SHE_ | **S**ecure **H**ardware **E**xtensions
+
+--------------------------------------------------------------------------------
+
+## Integrity
+
+The board must store hardcoded cryptographic keys in order to verify among others
+the _integrity_ of the _bootloader_. Manufacturers can use **HSM** and **SHE** to
+enhance the security of their board.
+
+<!-- config -->
+
+Domain | Object | Recommendations
+-------------------- | ---------- | ----------------------------------
+Hardware-Integrity-1 | Bootloader | Must control bootloader integrity.
+Hardware-Integrity-2 | Board | Must use a HSM.
+Hardware-Integrity-3 | RTC | Must not be alterable.
+
+<!-- endconfig -->
+
+--------------------------------------------------------------------------------
+
+<!-- pagebreak -->
+
+## Certificates
+
+<!-- config -->
+
+Domain | Object | Recommendations
+---------------------- | ------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------
+Hardware-Certificate-1 | System | Shall allow storing dedicated certificates.
+Hardware-Certificate-2 | ECU | The ECU must verify the certification authority hierarchy.
+Hardware-Certificate-3 | System | Allow the modification of certificates only if the source can be authenticated by a certificate already stored or in the higher levels of the chain of trust.
+
+<!-- endconfig -->
+
+--------------------------------------------------------------------------------
+
+## Memory
+
+<!-- config -->
+
+Domain | Object | Recommendations
+----------------- | ---------- | ------------------------------------------------------------------------------------
+Hardware-Memory-1 | ECU | The ECU shall never expose the unencrypted key in RAM when using cryptographic keys.
+Hardware-Memory-2 | Bootloader | Internal NVM only
+Hardware-Module-3 | - | HSM must be used to secure keys.
+
+<!-- endconfig -->