Securing Boot of an Embedded Linux on FPGA

The growing complexity of embedded systems makes reconfiguration and embedded OSs (Operating Systems) more and more interesting. FPGAs (Field-Programmable Gate Arrays) are able to perform such a feature with success. With most of the FPGAs, the OS is stored into an external memory (usually Flash) and running on a processor embedded into the FPGA. We consider that FPGA embedded processor is able to process the OS update through, for instance, an insecure network. However, these features may give rise to security flaws affecting the system integrity or freshness. Integrity can be altered by spoofing or modifying data in order to introduce malicious code. In the same way, freshness can be affected by replaying an old configuration in order to downgrade the system. This work proposes a trusted computing mechanism taking into account the whole security chain from bit stream-to-kernel-boot ensuring, both hardware and software, integrity while preventing replay attacks. This paper summarizes the current counter-measures ensuring integrity, confidentiality and freshness of the bit stream. Then we propose a solution to protect OS kernel against malicious modifications thanks to already trusted bit stream power-up. We also evaluate the area and performance overhead of the proposed architecture and its improvement using asymmetric cryptography. Adding security and increasing performances, this solution generates between 0 and 40% of area overhead depending on the re-usability consideration.