Accession Number:

AD1166905

Title:

Evaluating the Use of Boot Image Encryption on Talos II Architecture

Descriptive Note:

[Technical Report, Master's Thesis]

Corporate Author:

AIR FORCE INSTITUTE OF TECHNOLOGY WRIGHT-PATTERSON AFB OH

Personal Author(s):

• Muramoto, Calvin M.

Report Date:

2022-03-01

Pagination or Media Count:

101

Abstract:

Sensitive devices operating in unprotected environments are vulnerable to hardware attacks like reverse engineering and side channel analysis. This represents a security concern because the root of trust can be invalidated through boot firmware manipulation. For example, boot data is rarely encrypted and typically travels across an accessible bus like the LPC bus, allowing data to be easily intercepted and possibly manipulated during system startup. The ash chip storing the boot data can also be removed from these devices and examined to reveal detailed boot information. This paper details an implementation of encrypting a section of the boot image and decrypting it during the IPL of the Talos II. During power-on, the encrypted image travels across the LPC bus into the POWER9 Level3 cache and is decrypted in the processor. This proves that it is possible to prevent adversaries from interfering with the IPL flow or obtaining details on xCfirmware from the ash chip. The boot image encryption method is implemented with multiple levels of encryption and an evaluation of their efficiency is conducted to determine the performance impact for each algorithm.

Descriptors:

• air force
• computer programs
• operating systems
• embedded systems
• computers
• engineering
• algorithms
• firmware
• internet of things
• kernels (operating system)
• security
• central processing units
• field programmable gate arrays
• reverse engineering
• standards
• test and evaluation
• abstracts

Subject Categories:

• Computer Systems Management and Standards
• Cybernetics

Distribution Statement:

[A, Approved For Public Release]