Automotive Security: How to Protect Driver Information in the

TM
21 June 2011
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, t
he Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony
are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack,
ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ
Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks
of Freescale Semiconductor, Inc. All other product or service names are the property
of their respective owners. В© 2011 Freescale Semiconductor, Inc.
вЂў
Connected car
в€’ Opens
new opportunities for driver information & assistance
features
в€’ Enables new threats going beyond current automotive security
в€’ Focuses attention on isolation between open and critical
subsystems
вЂў
i.MX Trust Architecture
в€’ Provides
multiple cohesive protection features
в€’ Guards against sophisticated attacks
в€’ Assures software security measures
TM
Freescale on Facebook
Tweeting?
Tag yourself in photos
and upload your own!
Please use hashtag
#FTF2011
2
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
вЂў
After this presentation, you will be able to:
в€’ Explain
new security threats arising from the rich open features
of the connected car
в€’ Identify difficulties in isolating open and critical subsystems
connected through a driver information system
в€’ Apply the i.MX Trust Architecture to build up defensive layers
against malware attacks on the connected driver information
system
TM
Freescale on Facebook
Tweeting?
Tag yourself in photos
and upload your own!
Please use hashtag
#FTF2011
3
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
вЂў
Connected car
в€’ Example:
вЂў
Platform Virtualization
в€’ Example:
вЂў
Virtualization Deployment
Trusted Execution
в€’ Example:
вЂў
Attack Tree
Trusted Execution Deployment
High Assurance Boot
в€’ Example:
TM
High Assurance Boot Deployment
Freescale on Facebook
Tweeting?
Tag yourself in photos
and upload your own!
Please use hashtag
#FTF2011
4
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
TM
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, t
he Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony
are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack,
ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ
Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks
of Freescale Semiconductor, Inc. All other product or service names are the property
of their respective owners. В© 2011 Freescale Semiconductor, Inc.
вЂў
Existing security requirements
в€’ Local
threats
в€’ Body, engine, driver
п‚§
Component protection
п‚§
Remote key entry / immobilizer
п‚§
Rights management
в€’ Evolving:
вЂў
see FTF-AUT-F0162
Connected car emphasis
в€’ Driver
information
в€’ Remote threats
TM
6
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
вЂў
High-speed, high-bandwidth network access
в€’ Enhanced
navigation
в€’ Richer user experience
п‚§
Cloud services, apps, social networking,вЂ¦
в€’ Dynamic
insurance
в€’ Remote status & control
в€’ Remote diagnosis & update
вЂў
Vehicle-to-vehicle, vehicle-to-infrastructure networks
в€’ Cashless
payment (parking, tolls, fuel, вЂ¦)
в€’ Active safety
TM
7
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
вЂў
вЂў
May 2010: OBD-II
interface hacked
August 2010: TPMS
vulnerabilities exposed
Requires physical
access to OBD-II to
install wireless
bridge
вЂў
Enables control of
high-speed CAN
(brakes) via the
slow-speed CAN
(OBD)
вЂў
TM
Tire pressure
sensors send
unprotected
messages via RF
Enables remote
spoofing of sensor
messages from
another vehicle
8
March 2011: CD
player exploited
вЂў
Malformed MP3
alters CD player
firmware
вЂў
Exposes control of
engine & body
subsystems
вЂў
Vulnerable over
Bluetooth & cellular
networks
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
User downloads malicious
infotainment app
App opens channel to critical
subsystems via CAN controller
App opens channel to attacker
via external network
Attacker controls vehicle
remotely
TM
9
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
TM
Infotainment
malware
download hijacks
CAN controller
Isolate apps from
hardware and
operating system
services
Application
Virtualization
(e.g. Java)
Privilege
escalation gives
direct CAN
controller access
Isolate general
software from
trusted hardware
subsystems
Platform
Virtualization
Graphics DMA
gives indirect
CAN controller
access
Isolate general
DMA peripherals
from trusted
hardware
i.MX Trusted
Execution &
Secure Storage
Rootkitted
firmware
download
bypasses isolation
Authenticate
trusted software
Signed updates,
i.MX High
Assurance Boot
10
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
Malicious Application
Application
System
Call
User
Mode
Supervisor
Mode
Hardware
TM
Rich OS
CAN
Stack
Driver
Driver
Driver
Display
GPU
DMA
CAN
Controller
11
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
App
User
Mode
Supervisor
Mode
Hardware
TM
App
Native
Application
System
Call
App
VM
Rich OS
CAN
Stack
Driver
Driver
Driver
Display
GPU
DMA
CAN
Controller
12
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
TM
Infotainment
malware
download hijacks
CAN controller
Isolate apps from
hardware and
operating system
services
Application
Virtualization
(e.g. Java)
Privilege
escalation gives
direct CAN
controller access
Isolate general
software from
trusted hardware
subsystems
Platform
Virtualization
Graphics DMA
gives indirect
CAN controller
access
Isolate general
DMA peripherals
from trusted
hardware
i.MX Trusted
Execution &
Secure Storage
Rootkitted
firmware
download
bypasses isolation
Authenticate
trusted software
Signed updates,
i.MX High
Assurance Boot
13
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
App
User
Mode
Privilege
Escalation
Supervisor
Mode
Hardware
TM
App
Native
Application
App
VM
Rich OS
CAN
Stack
Driver
Driver
Driver
Display
GPU
DMA
CAN
Controller
14
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
TM
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, t
he Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony
are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack,
ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ
Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks
of Freescale Semiconductor, Inc. All other product or service names are the property
of their respective owners. В© 2011 Freescale Semiconductor, Inc.
Applications #1
Applications #2
OS #1
OS #2
Hardware
Hardware
Applications #2
Applications #1
Applications #2
Guest OS #1
Guest OS #2
Hosted
hypervisor
Bare metal
hypervisor
Guest OS #2
Applications #1
Hypervisor
Hypervisor
Main OS #1
Hardware
Hardware
TM
16
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
HW-Enforced
Isolation
HW-Enforced
Isolation
Application
User/Supervisor modes
used to isolate applications
from HW and each other
Application
Physical User Mode
OS
Physical Supervisor Mode
CPU / MMU
HW-Enforced
Isolation
Applications
Applications
Virtual User Mode
Virtual User Mode
Virtual Supervisor
Mode
Guest OS
Guest OS
Virtual Supervisor Mode
Physical User Mode
User/Supervisor modes
used to isolate VMs from
HW and each other.
Penalty вЂ“ performance.
TM
Hypervisor
HW-Enforced
Isolation
Physical Supervisor
Mode
CPU / MMU
17
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
Guest OS
Standard
Driver
Frontend
Driver
Guest OS
Frontend
Driver
Frontend
Driver
Backend
Driver
Standard
Driver
Shared device drivers may
be standard (full
virtualization) or optimised
(paravirtualization)
Hypervisor
Backend
Driver
Dedicated
Device
Dedicated devices may be
assigned to one VM and
standard drivers used
TM
Shared
Device
Shared
Device
Dedicated
Device
Shared devices must be virtualized
using frontend drivers in VM and
backend drivers in Hypervisor or
privileged VM
18
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
Applications #1
Applications #2
Privileged
process
Guest OS #1
Guest OS #2
Hypervisor
Microkernel / Separation Kernel
Hardware
TM
19
Microkernel has minimal
functionality and
deterministic execution
paths вЂ“ low latency, realtime performance
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
App
Virtual
User
Mode
Privilege
Escalation
Virtual
Supervisor
Mode
App
App
VM
Rich OS
Driver
Physical
Supervisor
Mode
Hardware
TM
Native
Application
CAN
Stack
Hypervisor
Driver
Microkernel
Display
GPU
DMA
CAN
Controller
20
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
TM
Infotainment
malware
download hijacks
CAN controller
Isolate apps from
hardware and
operating system
services
Application
Virtualization
(e.g. Java)
Privilege
escalation gives
direct CAN
controller access
Isolate general
software from
trusted hardware
subsystems
Platform
Virtualization
Graphics DMA
gives indirect
CAN controller
access
Isolate general
DMA peripherals
from trusted
hardware
i.MX Trusted
Execution &
Secure Storage
Rootkitted
firmware
download
bypasses isolation
Authenticate
trusted software
Signed updates,
i.MX High
Assurance Boot
21
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
App
Virtual
User
Mode
Privilege
Escalation
Virtual
Supervisor
Mode
App
Native
Application
App
VM
Rich OS
Driver
Physical
Supervisor
Mode
Hardware
CAN
Stack
Hypervisor
Driver
Microkernel
Display
GPU
DMA
CAN
Controller
DMA
Access
TM
22
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
TM
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, t
he Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony
are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack,
ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ
Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks
of Freescale Semiconductor, Inc. All other product or service names are the property
of their respective owners. В© 2011 Freescale Semiconductor, Inc.
вЂў
Trusted execution allows critical SW to co-exist with a rich
platform SW environment on a single IC
в€’ Isolates
trusted SW performing critical services
в€’ Protects confidentiality and integrity of sensitive data
в€’ Protects critical peripherals and memory
в€’ Enables access for trusted DMA masters only
вЂў
Trusted execution protects against
в€’ Attacks
from compromised platform SW
в€’ Access to protected peripherals and memory
в€’ Backdoors using untrusted DMA masters
в€’ Starvation of resources available to critical services
TM
24
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
Non-Secure World
вЂў
HW system partitioning
вЂў ARM TrustZone
в€’ Secure
& non-secure worlds
в€’ Multicore support
вЂў
Memory isolation
в€’ Virtual
вЂў
& physical
General
Application
Secure World
Trusted
Service
User
Mode
Rich OS
Trusted OS
Privileged
Mode
Peripheral isolation
в€’ Master
& slave
Hardware
вЂў
Interrupt separation
вЂў Watchdog protection
TM
General
Peripheral
General
DMA
General RAM
25
Protected
Peripheral
Trusted
DMA
Protected RAM
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
Non-Secure World
Secure World
Applications
Virtual User Mode
Applications
Guest OS
Physical User Mode
Physical Supervisor
Mode
NonSecure world OS has
HW virtualized CPU вЂ“
better performance
TM
Virtual Supervisor Mode
Physical User Mode
Guest OS
Hypervisor
Physical Supervisor
Mode
CPU / MMU
Secure/NonSecure worlds
HW-isolate VMs from each
other.
26
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
вЂў
HW Firewall
в€’ Monitors
п‚§
internal bus to external memory controller
Secure world access only vs. Shared access
в€’ Programmed
by Secure World
General
SW
Trusted
SW
HW Firewall
General RAM
TM
Protected RAM
27
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
вЂў
HW Firewall
в€’ Monitors
п‚§
Secure world access only vs. Shared access
в€’ Monitors
п‚§
peripheral access
DMA transactions
Secure vs. Non-secure privileges
в€’ Programmed
by Secure World
General
SW
Trusted
SW
HW Firewall
General
Peripheral
TM
General
DMA
Protected
Peripheral
28
Trusted
DMA
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
Non-Secure World
App
User
Mode
Privilege
Escalation
App
Secure World
Native
Application
CAN
Stack
Hypervisor
App
VM
Rich OS
Privileged
Mode
Hardware
Driver
Driver
Display
GPU
DMA
Microkernel
CAN
Controller
General RAM
HW
Firewall
Protected RAM
DMA
Access
TM
29
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
TM
Infotainment
malware
download hijacks
CAN controller
Isolate apps from
hardware and
operating system
services
Application
Virtualization
(e.g. Java)
Privilege
escalation gives
direct CAN
controller access
Isolate general
software from
trusted hardware
subsystems
Platform
Virtualization
Graphics DMA
gives indirect
CAN controller
access
Isolate general
DMA peripherals
from trusted
hardware
i.MX Trusted
Execution &
Secure Storage
Rootkitted
firmware
download
bypasses isolation
Authenticate
trusted software
Signed updates,
i.MX High
Assurance Boot
30
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
Non-Secure World
App
User
Mode
App
Secure World
Native
Application
CAN
Stack
Rootkit
Hypervisor
Firmware
Update
App
VM
Rich OS
Privileged
Mode
Hardware
Driver
Driver
Display
GPU
DMA
Microkernel
CAN
Controller
General RAM
TM
HW
Firewall
Protected RAM
31
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
TM
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, t
he Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore and Symphony
are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack,
ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a Package, Processor Expert, QorIQ
Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks
of Freescale Semiconductor, Inc. All other product or service names are the property
of their respective owners. В© 2011 Freescale Semiconductor, Inc.
вЂў
High Assurance Boot ensures the boot sequence:
в€’ Uses
authentic SW
в€’ Establishes a вЂњknown-goodвЂќ system state
вЂў
High Assurance Boot protects against:
в€’ Platform
re-purposing
в€’ Rootkits and similar unauthorised SW designed to
п‚§
harvest secrets
п‚§
circumvent access controls
TM
33
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
Secured
Environment
Run OS
SW Image
Reload Image
X
Compare
Hash
Sign
(RSA)
Private
Key
Public
Key
Fuse
SRK
Device
Boot
SW Image +
Signature
TM
34
Verify
(RSA)
Hash
SW Image +
Signature
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
Non-Secure World
App
User
Mode
App
Secure World
Native
Application
CAN
Stack
Hypervisor
App
VM
Rich OS
Privileged
Mode
Hardware
Driver
Driver
Display
GPU
DMA
Microkernel
CAN
Controller
General RAM
TM
HW
Firewall
Bootloader
HAB
Protected RAM
35
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
TM
Infotainment
malware
download hijacks
CAN controller
Isolate apps from
hardware and
operating system
services
Application
Virtualization
(e.g. Java)
Privilege
escalation gives
direct CAN
controller access
Isolate general
software from
trusted hardware
subsystems
Platform
Virtualization
Graphics DMA
gives indirect
CAN controller
access
Isolate general
DMA peripherals
from trusted
hardware
i.MX Trusted
Execution &
Secure Storage
Rootkitted
firmware
download
bypasses isolation
Authenticate
trusted software
Signed updates,
i.MX High
Assurance Boot
36
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
вЂў
i.MX Trust Architecture:
в€’ Provides
multiple cohesive protection features
в€’ Guards against sophisticated attacks
в€’ Assures software security measures
вЂў
You can now:
в€’ Explain
new security threats for the connected car
в€’ Identify difficulties in isolating open and critical subsystems
в€’ Apply the i.MX Trust Architecture to build up defensive layers
against malware attacks
Session materials will be posted @
www.freescale.com/FTF
Look for announcements in the FTF Group
on LinkedIn or follow Freescale on Twitter
TM
37
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
www.imxcommunity.org
A Freescale supported open web community of developers sharing common
interest in transforming i.MX applications processors into practically
anything imaginable.
i.MX Community
вЂў Support and enablement for i.MX processors and software
вЂў Forums, Groups and Blogs Posts
вЂў News, Photos and Videos
вЂў Training, Events and Promotions
Check it out!
If you are not already, become a member today! The best and most informative i.MX support tip or blogs
posted between June 27 and July 31st will be entered to win a i.MX development system of your choice.
Drawing will be held on July 31st
TM
38
Freescale, the Freescale logo, AltiVec, C-5, CodeTEST, CodeWarrior, ColdFire, C-Ware, the Energy Efficient Solutions logo, mobileGT, PowerQUICC, QorIQ, StarCore
and Symphony are trademarks of Freescale Semiconductor, Inc., Reg. U.S. Pat. & Tm. Off. BeeKit, BeeStack, ColdFire+, CoreNet, Flexis, Kinetis, MXC, Platform in a
Package, Processor Expert, QorIQ Qonverge, Qorivva, QUICC Engine, SMARTMOS, TurboLink, VortiQa and Xtrinsic are trademarks of Freescale Semiconductor, Inc.
All other product or service names are the property of their respective owners. В© 2011 Freescale Semiconductor, Inc.
TM

Download Report