From owner-freebsd-embedded@FreeBSD.ORG Fri Jun 15 14:15:27 2007 Return-Path: X-Original-To: freebsd-embedded@freebsd.org Delivered-To: freebsd-embedded@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 6A77C16A469 for ; Fri, 15 Jun 2007 14:15:27 +0000 (UTC) (envelope-from imp@bsdimp.com) Received: from harmony.bsdimp.com (bsdimp.com [199.45.160.85]) by mx1.freebsd.org (Postfix) with ESMTP id 2AA0613C457 for ; Fri, 15 Jun 2007 14:15:27 +0000 (UTC) (envelope-from imp@bsdimp.com) Received: from localhost (localhost [127.0.0.1]) by harmony.bsdimp.com (8.13.8/8.13.4) with ESMTP id l5FEDDxo011867; Fri, 15 Jun 2007 08:13:13 -0600 (MDT) (envelope-from imp@bsdimp.com) Date: Fri, 15 Jun 2007 08:13:38 -0600 (MDT) Message-Id: <20070615.081338.-399282837.imp@bsdimp.com> To: dunceor@gmail.com From: "M. Warner Losh" In-Reply-To: <5d84cb30706150434u6e722912w9edac38e62bd97c3@mail.gmail.com> References: <467272F7.4010301@bulinfo.net> <5d84cb30706150434u6e722912w9edac38e62bd97c3@mail.gmail.com> X-Mailer: Mew version 5.2 on Emacs 21.3 / Mule 5.0 (SAKAKI) Mime-Version: 1.0 Content-Type: Text/Plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-2.0 (harmony.bsdimp.com [127.0.0.1]); Fri, 15 Jun 2007 08:13:14 -0600 (MDT) Cc: freebsd-embedded@freebsd.org Subject: Re: Embedded systems protection? X-BeenThere: freebsd-embedded@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Dedicated and Embedded Systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Jun 2007 14:15:27 -0000 In message: <5d84cb30706150434u6e722912w9edac38e62bd97c3@mail.gmail.com= > "Karl_Sj=F6dahl_-_dunceor" writes: : On 6/15/07, Krassimir Slavchev wrote: : > -----BEGIN PGP SIGNED MESSAGE----- : > Hash: SHA1 : > : > Hello All, : > : > I am looking for ideas how an embedded system can be secured agains= t : > copying ... First, you need some way to have secure hardware. You need to find some way to be able to insert code into a device, throw a switch (usually an internal fuse) that turns off the programming ability. Ideally, all of this is inside the chip. While not secure against someone with infinite money, it is secure against most users, even professionals. : One way that is popular is to use a OTP flash with a cert inside that= : you verify to see if something has changed. : = : Otherwise certs in different ways is the approach. This will only prevent unauthorized users, or at least users who haven't had their software signed (or users that are sophisticated enough to bypass these checks). An OTP flash part just makes it harder for someone to put their own software in place. If the OTP part is just a 8-pin IIC device, then popping a new one in isn't all that hard, and reading the OTP out of circuit is also easy. Warner