Oct 2, 2014 0 Comments in News, Press by
Cosino Enigma: the encrypted GNU/Linux system

HCE Engineering is proud to announce a new born in the Cosino Project: the CPU module Cosino Enigma.

This new CPU module supports secure boot which allows you to store on the system mass memory all your software in an encrypted form making it inaccessible to unauthorized intrusions!

How the Secure Boot works

Enigma’s CPU has two way of functioning: normal mode and secure mode. In the former mode the CPU is just as all other CPUs but when the secure mode is activated it will execute ONLY encrypted code!

In normal mode the boot stages are:

  1. the on-chip ROM bootloader loads the pre-bootloader from an external mass storage into the internal RAM, then
  2. the pre-bootloader setups the external RAM and then loads the bootloader from an external mass storage into external RAM, then
  3. the bootloader can setup some peripherals in order to prepare the system for the kernel and then loads the kernel from an external mass storage into external RAM, then
  4. the kernel activates all system’s peripherals and then mounts the rootfs from an external mass storage and starts user’s processes executions.

Cosino Enigma boot stages

Starting from stage 2 all software can be replaced just altering the code images stored into the system’s mass storage memory.

In industry applications this can lead to several issues related to system security, let’s consider a biomedical application where, for instance, the system MUST not work continuously for more than 2 hours. The manufacturer can program the software in order to respect this directive, however a malicious user may get access to the system’s mass storage, copy it and then modify it in such a way the machine can now work for more then 2 hours!

How the manufacturer can protect itself? Simply it can use the secure mode!

Once the secure mode is activated the Enigma’s CPU will execute ONLY encrypted code, in fact, when in secure mode, the internal ROM bootloader, during stage 1), will load the pre-bootloader image and then it will decrypt it by using the AES algorithm with the secret key deeply stored into the CPU.

Note that the AES key is not readable by using any CPU instruction nor the JTAG which is disabled too!

It’s obvious that without knowing the secret key is quite difficult alter the pre-bootloader code! Good, we have just shown that the second stage is secure… but not only, in fact just using the same trick for both stage 3 and 4 all the booting chain is secure!

Now remain the root filesystem. As last stage the kernel must mount a root filesystem where the user’s programs are stored. Several solutions may be used, however the Cosino Enigma solution is to use an embedded filesystem into the kernel and, in case of large data storage is needed, to mount an encrypted partition.

What the Secure Boot can NOT do

Despite the secure mode your system is not protected against backdoors and programming bugs, but these issues are NOT due the secure mode but due weak programmers! 🙂

The secure mode can assure that your code cannot be altered and/or read so, if your code is well written, the system is strongly protected against malicious attacks.

The secure boot and the Libre Software

Cosino Enigma runs a complete GNU/Linux system, so how this fact can fit with the Open Source/Free Software licences? The answer is the unlock track.

Cosino Enigma unlock path

By damaging this track on the board the user can unlock the system, that is, even in secure mode the CPU can run unencrypted code, so every Open Source/Free Software licence is respected! Of course the Manufacturer can release the Open Source/Free Software code but NOT its protcted code! 🙂

Also, the integrity of the unlock track can be used to assert the warranty integrity, in fact, once damaged, the unlock path can assert that the warranty is now void. The Open Source/Free Software licence is saved and the Manufacturer can decline all responsibility against any software modifications!

Hardware overview

This new board has a vast range of I/O peripherals and communication ports which, along with the TFT touchscreen LCD panels driver capable of resolutions up to 1024×768 pixels, making it suitable for human/machine interfaces, gateways, and industrial controllers.

Here the complete hardware list:

  • Core Cortex A5 Atmel SAMA5D3 536Mhz
  • Internal hardware Floating Point Unit
  • 256MB (optional 512) SDRAM DDR2
  • 256MB NAND
  • 1x Ethernet 10/100 (optional 1000)
  • 2x USB Host 2.0
  • 1x USB Host/Device 2.0
  • 2x microSD
  • 7x UART
  • 1x LCD
  • 1x realtime clock1
  • 1x I2C
  • 2x SPI
  • 1x crypto engine
  • 1x true number generator

Leave a Reply

Your email address will not be published. Required fields are marked *

9 + 1 =