Security

Overview

Security has multiple layers and dimensions. It starts at booting the device, and goes all the way to running software on it, and connecting to cloud services. A FoundriesFactory® Factory provides a set of features to target each aspect.

The following sections focus on how to securely:

• connect your devices to Foundries.io™ cloud services.
• boot your devices;
• update the firmware and software on your devices;
• store secrets on your devices;

FoundriesFactory Security Summary

A brief summary of the crypto keys used in a Factory can be found in:

• Summary of Crypto Keys Used by FoundriesFactory

Secure Connection to Cloud Services

Your devices communicate with a set of FoundriesFactory cloud services, the central of which is the Device Gateway. The Device Gateway enforces Factory devices establishing the Mutual TLS (mTLS) connection to it. During the TLS Handshake phase in Mutual TLS, both device and cloud service present and verify their TLS certificates.

The Factory owner must take their Factory PKI offline before going to production. We also recommend taking the Device Registration Service under full control. Finally, the Device Networking must be configured properly to connect to cloud services.

• Managing Factory PKI
• Manufacturing Process for Device Registration
• Device Network Access
• Device Certificate Rotation

Secure Boot (Hardware Root of Trust)

FoundriesFactory Secure Boot is a mechanism to force a device to only execute boot software signed by a certain set of keys. The verification process and corresponding security functions are performed by the SoC boot ROM. These are the starting points for building a hardware root of trust.

The SoC hardware security manual should be consulted to identify the supported key types and the signing process. Secure Boot specifics of select hardware platforms are described below.

• Secure Boot on i.MX 6/7/8M Using HABv4
• Secure Boot on i.MX 8/8X Families Using AHAB Including 8QM
• Secure Boot on STM32MP1
• Secure Boot on TI AM62x
• Secure Boot on Zynq UltraScale+ MPSoC
• Unified Extensible Firmware Interface (UEFI) Secure Boot

More information around the Secure Boot aspects supported by LmP can be found in:

• Machines with Secure Aspects Enabled by FoundriesFactory
• Revoke Secure Boot Keys on i.MX
• OP-TEE on the Versal Adaptive Compute Acceleration Platform

See how to implement the Secure Boot Firmware Updates further below.

Secure Online Keys for Boot Stack

FoundriesFactory uses online keys to sign the components from the boot stack during build time. More information on how these keys are used and how to modify them can be found below.

• Crypto Keys Used by FoundriesFactory at Build Time

Secure Over the Air Updates

FoundriesFactory Over the Air Updates (OTA) is the mechanism used to securely deliver firmware and software updates to your devices. It leverages The Update Framework (TUF) , which uses a set of keys to sign every software piece. These keys should be managed offline by the Factory owner before going to production.

• Offline Factory TUF Keys

Secure Boot Firmware Updates

FoundriesFactory uses OTA to deliver secure boot firmware updates to your devices. Secure Boot Firmware update specifics for select hardware platforms are described below.

• Boot Software Updates on iMX
• Boot Software Updates on iMX8QM
• Boot Software Updates on Zynq UltraScale+ MPSoC
• Boot Software Updates on STM32MP1

Anti-rollback protection, which prevents downgrading of boot firmware, can be enabled by following the guide below.

• Anti-Rollback Protection

Secure Element as Secrets Storage

There are different techniques to securely store secrets on your devices. We recommend that you take advantage of the Hardware Security Module (HSM) to keep your device secrets sealed.

Hardware Secure Module (Secure Element) specifics for select hardware platforms are described below.

• EdgeLock™ SE05x: Plug & Trust Secure Element
• Enabling SE05X
• Trusted Platform Module