Xilinx Zynq-7000 Application Note page 2

Introduction
X-Ref Target - Figure 1
Remote attestation capability has been in Linux starting with 2.6.3, and is generally known as
integrity measurement architecture (IMA). The Linux extended verification module (EVM) is
used in conjunction with IMA. The term measured boot is used because the client returns a
value, typically a secure hash algorithm-1 (SHA-1) digest, of each of the partitions loaded. In
remote attestation, the server compares the measured logs with known good measurements.
The attestation server knows the characteristics (measurements) of the partitions loaded on the
embedded systems, including partition size and digests. At load, the embedded systems send
log files to the server containing partition measurements. The server verifies the measurement,
and if a client loads software that is different than what is expected, the server executes a policy
set up by the server administrator. A policy is a set of actions taken by the server based on
measurement results. Policies in the reference design include Allowed, Quaranteed, Blocked, and
Isolated.
An example of a policy is to keep the embedded system off the network, update the software,
re-run remote attestation, and allow the client to connect to the network if the software can be
trusted. Isolating a corrupted embedded system from the network limits its ability to corrupt
other embedded systems. This is a typical policy of a server in remote attestation, not the only
policy, because the policy is generally defined by the application.
Measured boot is done in addition to, not in place of, secure boot. Measured boot does not
prevent malicious software from being loaded. The TPM enhances the HROT and increases the
security of the software load/update process. The TPM is placed on the same board as the
Zynq-7000 AP SoC. A device ID is associated with the Zynq-7000 SoC-TPM platform. The TPM
provides cryptographic functions used in measure boot. The HROT is enhanced with the TPM
because an adversary has to defeat both the Zynq-7000 AP SoC and the tamper-resistant TPM
for a successful attack.
XAPP1309 (v1.0) March 7, 2017
Server Remote Attestation
Integrity Measurement Architecture
Infineon 9670 TPM
Zynq-7000 AP SoC
Avnet IIOT Kit
Client 1
Figure 1: Measured Boot of Zynq-7000 AP SoC Embedded Systems
www.xilinx.com
strongSwan TNC, IMC/IMV
Wind River Pulsar Linux
IPsec Network Security
Infineon 9670 TPM
Zynq-7000 AP SoC
Avnet IIOT Kit
Client 2
Infineon 9670 TPM
Zynq-7000 AP SoC
Avnet IIOT Kit
Client N
X18727-021417
2