DIY: Using Trust To Secure Embedded Projects presented at Shmoocon 2013

by Teddy Reed, David Anthony,

Summary : This presentation and paper provides a DIY guide to using Trusted Computing on embedded devices. This is NOT an introduction or overview of Trusted Computing. We introduce a low-cost schematic using Atmel\'s CryptoModule (AT97SC3204T) and CryptoAuthentication (AT88SA102S) ICs, and release drivers for UEFI, U-Boot, and the Linux kernel. Using these ICs as a base, we demonstrate (and provide code!) ways anyone can use Trusted Computing concepts for embedded projects (Linux IMA, signed data exchange), most importantly, a secured bootstrap from ROM code to a userland application. We also demonstrate how the TPM can be used to encrypt and sign Ethernet frames. This is a response (and implementation of a well-known mitigation strategy) to attack vectors using various pre-boot environments such as UEFI, BIOS, Option ROM, and other bootloaders. By the end of the presentation, participants should understand how to use a TPM to secure their creative embedded projects. We plan on making "kits" with the components needed to make a TPM breakout, and giving away as many as we can afford to jump start your projects.