Need of a Secure Firmware
Manufacturers of embedded systems should ensure that their devices only start with original and unmodified firmware and that only authorized configuration files and updates can be used. The required key material must be stored in a highly protected environment and only authorized users should have access to it. If this is not implemented consistently and end-to-end, there is a high risk of manipulation and misuse. The original software may run on faked hardware or vice versa, faked or manipulated software may run on the original hardware. Non-authorized third-party companies are thus enabled to offer for example low priced replacement materials for systems with exchangeable sensors, software upgrades or special software features. In this case manufacturers would miss important sources of income, and quality and liability risks might arise for the entire system. MTG Secure Firmware uses digital signatures to ensure the trustwor-thiness of the embedded system throughout the entire device lifecycle.
MTG Secure Boot
When an embedded device boots, it executes programs that are stored in its memory. If the code is not legitimate or incorrect this device will malfunction or endanger the infrastructure in which it is located. Therefore, booting of the device is a critical operation and needs to be secured to ensure that a device executes only legitimate software. During production the firmware needs to be protected by signature with private keys. This makes sure, that only the original firmware of the product is used.
MTG Secure Boot is responsible for all crypto operations (encryption, signing, key generation…), which are needed for secure boot, configuration and update of embedded systems. The initial boot process will be secured with the customer encryption key. All required symmetric and asymmetric keys are securely protected in the MTG Key Storage respectively HSM.
MTG Secure Boot is delivered as RPM package or on request on a pre-installed and configured server with a compatible HSM. It can be quickly and easily put into operation at a central and secure location. The connection of the development and production environment can be implemented very flexibly. Code signing tools of the chip manufacturers (e.g. NXP) are integrated into the system according to customer requirements. MTG provides support for all IT security relevant questions regarding the configuration of the firmware. The optional Hardware Security Modules are pre-configured and provided on a fail-safe basis.