Requirements harmonize secure boot processes for gateways
A proposal from the prpl Foundation is giving Original Equipment Manufacturers (OEMs) and operators a common set of requirements to better protect Gateways from critical attacks.
As an industry association, the prpl Foundation has defined the concepts of a secure boot process and the prerequisites which need to be considered for it. This was created by prpl’s Security Assurance Working Group and outlines the major principles of a secure boot, how these can be applied to all prpl-compliant products and provides key guidance on how best to align the implementation efforts of a prpl-compliant bootloader.
The bootloader performs all the steps necessary to put the hardware of the Gateway into a defined state when powering on, so that the execution process can be carried out by the main Operating System (OS) or Firmware. Correct and predictable functioning of the Gateway is essential if operators are to provide reliable services to their subscribers.
To achieve that, a bootloader must be built around a Chain of Trust (CoT), which will ensure each software component loaded has not been tampered with. All firmware components found in the chain must be verified and authenticated, and, if running Customer Premises Equipment (CPE) has been compromised, the bootloader must ensure that any such changes to these components are not persistent.
If these considerations are not met, an attacker could quickly access confidential information which allows for unauthorized exposure and usage, leading to significant financial and reputational damage for all involved. At the same time, secure boot designs rely on critical assets such as Root of Trust (RoT) keys, yet OEMs and operators may have alternate designs for bootloaders that prefer simpler or more complicated key management schemes, hardware capabilities and trust-party setups. The type of non-volatile flash memory chosen may also impact the implementation of a bootloader, leading to proprietary developments which may hinder a successful secure boot process.
The Secure Boot Requirements (PRPL-SB001) specification helps overcome these issues by explaining how a CoT can be established by leveraging chipset hardware, starting with a typically hardware-based System on a Chip (SoC) RoT. This will result in a boot process that successfully launches the execution of authenticated and authorized firmware.
The document provides high-level specifications for gateway bootloader implementations derived from an operator’s internal bootloader requirements. With guidance on how to use a classical open-source bootloader and chipset hardware to correctly establish a RoT capable of expanding security once the boot stage has been completed, the document plays a crucial role in enhancing the security measures of the Gateway.
“While the concept of a secure boot is well established, the lack of commonality regarding the necessary requirements for one can result in operators having to navigate difficult proprietary processes,” said prpl Foundation President Dr. Len Dauphinee. “
Greater harmonization allows OEMs and operators to trust that the baseline from which their specific secure boot process derives remains consistent even when switching between vendors. Subsequently, organizations can use a number of approaches to best suit their security and operational requirements, providing the possibility for further innovation.
The specifications are at prplfoundation.org/documents/
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
