user-doc: tech-doc: add picture of the TBM on top of the OLimeXino A20 LIME

master
S.J.R. van Schaik 7 years ago
parent ab9795d27d
commit 2344de2c47
  1. BIN
      tech-doc/figures/tbm-lime.jpg
  2. 7
      tech-doc/tech-spec.tex
  3. BIN
      user-doc/figures/tbm-lime.jpg
  4. 7
      user-doc/user-doc.tex

Binary file not shown.

After

Width:  |  Height:  |  Size: 107 KiB

@ -92,6 +92,13 @@ This document covers the specification, the design, the motivation and the imple
Figure~\ref{fig:tbm-overview} shows a high-level overview of the design. Once the device receives power the \emph{Trusted Boot Module} will boot and at some point the TBM will power on the host device. The host device will then read the trusted image from the SPI NOR flash. Because the device has been configured to be restricted to boot from the SPI NOR flash and because the SPI NOR flash has been configured to be read-only, the host devices enter a \emph{Read-Only Trusted Stage} or ROTS. The image that has been booted is designed to be minimal and only contains the software necessary to perform the boot procedure. Furthermore, the image does not contain a network stack to reduce the amount of possible vulnerabilities and thus to minimise the attack vector. Once the trusted image has been booted, the host device will enumerate the images to boot and co-operate with the TBM to verify images and to select the image to boot. This co-operation happens by means of serial communication with the TBM, where the TBM will grant access to the key storage to the ROTS. Once an image has been selected to boot, the ROTS will inform the TBM that it will boot this image and enter the untrusted stage. From there on the TBM will only allow for restricted access. Figure~\ref{fig:tbm-overview} shows a high-level overview of the design. Once the device receives power the \emph{Trusted Boot Module} will boot and at some point the TBM will power on the host device. The host device will then read the trusted image from the SPI NOR flash. Because the device has been configured to be restricted to boot from the SPI NOR flash and because the SPI NOR flash has been configured to be read-only, the host devices enter a \emph{Read-Only Trusted Stage} or ROTS. The image that has been booted is designed to be minimal and only contains the software necessary to perform the boot procedure. Furthermore, the image does not contain a network stack to reduce the amount of possible vulnerabilities and thus to minimise the attack vector. Once the trusted image has been booted, the host device will enumerate the images to boot and co-operate with the TBM to verify images and to select the image to boot. This co-operation happens by means of serial communication with the TBM, where the TBM will grant access to the key storage to the ROTS. Once an image has been selected to boot, the ROTS will inform the TBM that it will boot this image and enter the untrusted stage. From there on the TBM will only allow for restricted access.
\begin{figure}[H]
\centering
\includegraphics[width=0.6\linewidth]{figures/tbm-lime.jpg}
\caption{the Trusted Boot Module}
\label{fig:tbm-lime}
\end{figure}
\subsection{Trust Model} \subsection{Trust Model}
There are different trust models that can be used depending on the use case. These mostly depend on whether the concept of certificate authorities (CAs) is required or not. Furthermore, the key storage also plays an important role in deciding which of the trust models to use. There are different trust models that can be used depending on the use case. These mostly depend on whether the concept of certificate authorities (CAs) is required or not. Furthermore, the key storage also plays an important role in deciding which of the trust models to use.

Binary file not shown.

After

Width:  |  Height:  |  Size: 107 KiB

@ -108,6 +108,13 @@ This co-operation happens by means of serial communication with the TBM, where t
Once an image has been selected to boot, the ROTS will inform the TBM that it will boot this image and enter the untrusted stage. Once an image has been selected to boot, the ROTS will inform the TBM that it will boot this image and enter the untrusted stage.
From there on the TBM will only allow for restricted access. From there on the TBM will only allow for restricted access.
\begin{figure}[H]
\centering
\includegraphics[width=0.6\linewidth]{figures/tbm-lime.jpg}
\caption{the Trusted Boot Module}
\label{fig:tbm-lime}
\end{figure}
\section{Building ROTS} \section{Building ROTS}
\subsection{u-boot} \subsection{u-boot}

Loading…
Cancel
Save