Network Security In Measured Boot - Xilinx Zynq-7000 Application Note
Programmable soc
Hide thumbs
Also See for Zynq-7000:
- User manual (678 pages) ,
- Design manual (78 pages) ,
- Getting started manual (50 pages)
Table of Contents
Advertisement
Network Security in Measured Boot
Network Security in Measured Boot
Software updates and remote attestation require a secure connection between a server and the
embedded system clients. The network has a large attack surface because it can be attacked by
any adversary with access to the Internet. For firmware updates, a server to client(s) connection
is used. In some factory automation environments, client-to-client communication is also
needed to coordinate operational procedures.
Figure 10
shows a high-level view of strongSwan's implementation of TCG's trusted network
connect (TNC). In the TNC architecture, the server connects to clients in the integrity evaluation
layer. The client does integrity measurement collection (IMC), and the server does integrity
measurement verification (IMV). The software on the client is the platform trusted service (PTS),
trust software stack (Trousers), and the TPM tools.
PTS uses the Trousers library to access the TPM and IMA measurements. The reports use
standard PTS formats for interoperability between applications and vendors.
X-Ref Target - Figure 10
The policy decision point (PDP) defines the action taken by the server after measurement
verification. A typical policy/action is to limit network access until remediation is done. A
different policy is used when availability is a critical driver, and some out-of-range measurement
verifications are not treated as critical. The TPM Main Specification
of the TNC architecture.
The underlying security for TNC in the reference design uses IPsec. This includes conventional
technology such as Internet key exchange (IKEv2), public key infrastructure (PKI), and the
transport layer security (TLS) handshake in which the encryption and authentication algorithms
are negotiated and pre-shared keys are exchanged. A virtual private network is set up in the
strongSwan architecture. A privacy CA generates the x509 certificates. The strongSwan
Readme.txt provides information on the IPsec flow.
XAPP1309 (v1.0) March 7, 2017
Server
Policy Decision/
Enforcer
Integrity
Measurement
Verifier
TNC Server
Figure 10: Trusted Network Connect for Remote Attestation
www.xilinx.com
Client
Platform Trust
Service
Trousers
TPM Tools
Integrity
Measurement
Collector
IPsec
TNC Client
[Ref 4]
X18728-020317
provides an overview
12
- Quick Links:
- Zynq 7000 Soc-Tpm Interface
Hide quick links:
Advertisement
Table of Contents
