Calls: Send in your ideas. Deadline April 1, 2024

Last update: 2017-04-01

Grant
End: 2018-01

Trusted Boot Module

An open hardware trusted boot manager

This project is developing a system for booting trusted OS images on existing, ARM-based systems. It will consist of open hardware and software that allows users to start up Linux systems on off-the-shelf ARM development boards, where the system ensures that the system can be booted in a trusted state by booting only OS images trusted by the vendor and/or the user of the system. The hardware consists of cheap, off-the-shelf components that are simple to analyse and program, and which provide for an easily verifiable solution that does not depend on 'black box' components. This project aims to bring trusted boot to the market of commodity ARM-based servers, thus providing the community a security solution that allows for, for example, affordable distributed hosting and computing.

The goal of the project is simple: to provide a means to ensure that, at a specific point in time – specifically, after system (re)start – the state of a system is known and trusted. For non-centralized systems, being able to bring the system into a sane, known state is more difficult than in a centralized environment where the hardware is directly accessible to the system's maintainers. The TBM developed in this project allows maintainers of a distributed system that consists of (small) devices/servers located with (trusted) end-users to ensure that the state of the devices can be known.

The system provides way to ensure that at system boot time, no untrusted code is executed. The aim of the trusted boot system is to protect against persistent backdoors that may be inserted by a remote attacker exploited a vulnerability, and made modifications to e.g., kernels stored on a device's disk. At runtime, we can only prevent such compromise by traditional means, but by rebooting the system at regular intervals we can at least ensure that if a system is compromised, this compromise is time limited and that integrity is restored eventually.

A project initiated by Whitebox Systems.