System software for an embedded control platform

With the explosive rise in demand for Internet of Things solutions, embedded devices are more exposed than ever. The highly specialized algorithms in embedded devices represent considerable assets and therefore attract cybercriminals seeking profit. The aim of this study is to prevent theft of intellectual property as well as tampering with the system by implementing secure boot on a Zynq-7000 System on Chip. Secure boot is a technology where every partition in the boot process is authenticated by the previous one, building a chain of trust. A secure boot prototype based on a Xilinx reference design is built by adding security features incrementally and trying to break either confidentiality or integrity at each step. The final iteration of the prototype implements RSA authentication and AES-256 encryption of each partition. The encryption key is saved in volatile battery-backed memory and is clearable in case a tampering event is detected. Debugging interfaces have been disabled to prevent easy access to system internals. An operating system has been incorporated into the boot image and all partitions are authenticated and decrypted by the first stage boot loader. The final result of this work is a secure boot prototype our industrial partner ABB can incorporate into their development process.