![Page 1: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/1.jpg)
presented by
ARM Server’s Firmware Security
Spring 2017 UEFI Seminar and PlugfestMarch 27 - 31, 2017
Presented by Zhixiong (Jonathan) Zhang(Cavium, Inc.)
UEFI Plugfest – March 2017 www.uefi.org 1
Updated 2011-‐06-‐01
![Page 2: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/2.jpg)
Agenda
• Challenges• Hardware Design Differentiations• Firmware Solutions• Conclusion• Q&A
UEFI Plugfest – March 2017 www.uefi.org 2
![Page 3: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/3.jpg)
Challenges
UEFI Plugfest – March 2017 www.uefi.org 3
![Page 4: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/4.jpg)
Market for ARMv8 volume servers
UEFI Plugfest – March 2017 www.uefi.org 4
HPC Cloud Compute Telco Storage OCP Web
Hosting
![Page 5: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/5.jpg)
Future opportunities
UEFI Plugfest – March 2017 www.uefi.org 5
• Tomorrow’s edge devices face similar security challenges as today’s server do.
• Tomorrow’s edge devices are:• Always on-line• Open hardware design• Open software design
![Page 6: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/6.jpg)
Managing firmware images in a data center
UEFI Plugfest – March 2017 www.uefi.org 6
• Data centers have many hosts and appliances with different architectures.
• One network storage appliance may have dozens of hosts.
• One host has multiple FW images:• Processor FW images: ARM TF, UEFI• Microcodes for inter-processor link, PCIe, etc.
![Page 7: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/7.jpg)
Security related ARM standards
UEFI Plugfest – March 2017 www.uefi.org 7
• Trusted Base System Architecture• Presents a System-on-Chip (SoC) architecture that incorporates a trusted hardware base suitable for the implementation of systems compliant with key industry security standards and specifications, in particular those dealing with third party content protection, personal data, and second factor authentication.
• Trusted Board Boot Requirements • Describes and defines a Trusted Boot Process for application processors based around the ARMv8-A architecture.
Note: Both standards are ARM partners only. They are for client devices, but useful as reference for server.
![Page 8: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/8.jpg)
Hardware Design Differentiations
UEFI Plugfest – March 2017 www.uefi.org 8
![Page 9: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/9.jpg)
On-chip secure controller
UEFI Plugfest – March 2017 www.uefi.org 9
SOC DDR Controllers
Coherent Fabric
CachesMain Cores
Management Cores
(including secure controller)
PCIe Root Complexes
Inter-chip Connect
On chip I/O
Controllers
![Page 10: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/10.jpg)
Security related co-processors
UEFI Plugfest – March 2017 www.uefi.org 10
• Common storage area in SoC for all cores.• Random number generator/memory.
![Page 11: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/11.jpg)
ARM TrustZone technology
UEFI Plugfest – March 2017 www.uefi.org 11
• https://www.arm.com/products/security-on-arm/trustzone
![Page 12: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/12.jpg)
ARM TrustZone technology
UEFI Plugfest – March 2017 www.uefi.org 12
• Secure memory• Operation fails when a non-secure bus master attempts to access secure memory.
• Secure devices• A secure interrupt controller and timer allows a non-interruptible secure task to monitor the system.
• A securable keyboard peripheral enables secure entry of a user password.
• Secure world• ARMV8 architecture defines secure world vs. non-secure world. A CPU can context switches between secure world and non-world and among different exception levels.
![Page 13: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/13.jpg)
Firmware Solutions
UEFI Plugfest – March 2017 www.uefi.org 13
![Page 14: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/14.jpg)
ARM Trusted Firmware
UEFI Plugfest – March 2017 www.uefi.org 14
![Page 15: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/15.jpg)
Secure world service
UEFI Plugfest – March 2017 www.uefi.org 15
Non-secureWorld SW
SecureWorld SW
Securedevice
1. Request Service 2. Request Data
3. Provide Data4. Provide Result
Non-secureWorld SW
SecureWorld SW
Securedevice1. Secure interrupt
fired
2. Non-Secure
Interrupt fired
![Page 16: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/16.jpg)
Secure memory
UEFI Plugfest – March 2017 www.uefi.org 16
• Any data not needed by non-secure SW must reside in secure memory! Non-secure memory is inherently not safe.
• Don’t leak secrets! When copying data from secure memory to non-secure memory.
• Don’t trust input! When copying data from non-secure memory to secure memory.
![Page 17: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/17.jpg)
Secure device
UEFI Plugfest – March 2017 www.uefi.org 17
• Which devices must be made secure devices?• If direct device access from NS world is not necessary. Example: flash.
• If device is not needed by main cores. Example: management controller controlled devices.
• If device is only needed by secure world. Example: security related co-processors, secure interrupt/timer.
• Devices unsecure but not exposed to OS:• This can be done through either ECAM enumeration disable, ACPI (Device Tree), or both.
• Device used by UEFI run time service. Example: RTC device.
![Page 18: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/18.jpg)
Capsule update
UEFI Plugfest – March 2017 www.uefi.org 18
• Intel’s recent works:• Patchset: https://lists.01.org/pipermail/edk2-devel/2016-November/004244.html
• Whitepaper: https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_Capsule_Update_and_Recovery_in_EDK_II.pdf
• Windows:• Whitepaper: https://msdn.microsoft.com/en-us/windows/hardware/drivers/bringup/windows-uefi-firmware-update-platform
• Redhat:• Fwupd project: http://fwupd.org.s3-website-eu-west-1.amazonaws.com/
• Blog: https://blog.uncooperative.org/blog/2015/09/16/an-update-on-firmware-updates/
![Page 19: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/19.jpg)
A tale of platform firmware update
UEFI Plugfest – March 2017 www.uefi.org 19
User: Issue firmware update command from OS
OS: Are the capsule/platform
good to go?
No
Yes
OS: Copy capsule to EFI System Partition; set a special OS bootloader as BootNext; reboot
OS bootloader: Deliver user interface; call UpdateCapsule()
![Page 20: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/20.jpg)
A tale of platform firmware update
UEFI Plugfest – March 2017 www.uefi.org
20
UEFI DXE driver: Is the capsule
valid?
No
Yes
UEFI DXE driver: issue SMC call to enter into secure world
ARM TF secure service: flash new firmware image into flash, return to non-‐secure world
UEFI DXE driver: return to OS bootloader
OS bootloader: restore BootNext; reboot
![Page 21: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/21.jpg)
Secure boot
UEFI Plugfest – March 2017 www.uefi.org 21
• Secure boot vs. managed boot.• Chain of trust following PKCS (Public Key Cryptography Standards)
• Starting from bootRom, each boot loader loads, decrypts, authenticates, passes controls to, the next boot loader, all the way to OS.
• FW of other devices such as microcodes, need to be securely loaded as well, if applicable.
![Page 22: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/22.jpg)
Secure boot – ARM TF
UEFI Plugfest – March 2017 www.uefi.org 22
• https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/auth-framework.md
• https://github.com/ARM-software/arm-trusted-firmware/blob/master/docs/trusted-board-boot.md
![Page 23: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/23.jpg)
Secure boot – UEFI 2.3.1
UEFI Plugfest – March 2017 www.uefi.org 23
• Intel whitepaper: https://github.com/tianocore-docs/Docs/raw/master/White_Papers/A_Tour_Beyond_BIOS_into_UEFI_Secure_Boot_White_Paper.pdf
• Platform Keys: • Establishes a trust relationship between the platform owner and the platform firmware.
• Must be stored in non-volatile storage which is tamper and delete resistant. Example: EEPROM.
• Key Exchange Keys: • Establish a trust relationship between the operating system and the platform firmware.
• Must be stored in non-volatile storage which is tamper resistant. Example: flash that is secure, eg. non-accessible from non-secure world.
![Page 24: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/24.jpg)
Secure boot – UEFI 2.6
UEFI Plugfest – March 2017 www.uefi.org 24
• Customized UEFI secure boot: http://www.uefi.org/sites/default/files/resources/UEFI_Plugfest_VZimmer_Fall_2016.pdf
• https boot: https://github.com/tianocore-docs/Docs/raw/master/White_Papers/EDKIIHttpsBootGettingStartedGuide_1.2.pdf
![Page 25: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/25.jpg)
Conclusion
UEFI Plugfest – March 2017 www.uefi.org 25
![Page 26: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/26.jpg)
Challenges mean opportunities
UEFI Plugfest – March 2017 www.uefi.org 26
• As UEFI becomes centerpiece of modern day devices, from server to embedded devices, their security faces new challenges• ARM SoC and UEFI FW ecosystem provide necessary building blocks for security solutions
![Page 27: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/27.jpg)
Go ahead of the curve
UEFI Plugfest – March 2017 www.uefi.org 27
• We will bankrupt ourselves in the vain search for absolute security – Dwight D. Eisenhower
• But in the mean time, we need to plan ahead…
• A chain is no stronger than its weakest link.
![Page 28: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/28.jpg)
UEFI Plugfest – March 2017 www.uefi.org 28
![Page 29: Jonathan Zhang - ARM Server's FW Security Cavium · ARMTrustZonetechnology UEFI’Plugfest’– March’2017 12 • Secure’memory • Operation’failswhen’a’non =secure’busmaster’attemptsto’access](https://reader033.vdocuments.net/reader033/viewer/2022050120/5f50903771c81e451c6bfb64/html5/thumbnails/29.jpg)
Thanks for attending the Spring 2017 UEFI Seminar and Plugfest
For more information on the UEFI Forum and UEFI Specifications, visit http://www.uefi.org
presented by
UEFI Plugfest – March 2017 www.uefi.org 29