CycurHSM combines secure handling of X.509 certificates with trusted boot
Versions 2.5.6 and higher of ESCRYPT’s CycurHSM security firmware support the secure use of X.509 certificates. Users may implement chains of trust based on certificates that are protected by the hardware security module (HSM). With the functionality provided, it is possible to build secure authentication or authorization services.
The HSM increases the security level of handling certificates – which are by definition public elements – by keeping a set of them, known as the parent or root certificates, as part of the HSM code flash. These are thus simultaneously part of the protected area and the HSM trust anchor (root of trust).
When a certificate is injected, the HSM copies it to its secure memory and checks its authenticity against the existing higher-level certificates (digital signature verification). This makes it possible to build a secure ECU certificate store; the HSM firmware’s trust level is transferred to the certificates. As a result, CycurHSM supports basic parsing operations on the injected certificates, such as reading out the issuer, subject, and serial number. CycurHSM thus provides the ideal basis for meeting OEM certification service requirements.
Certificate-based trusted boot functionality reduces vulnerability
Moreover, the current version (2.7.0) cleverly combines certificate handling with trusted boot. The greatest challenge this poses is ensuring that flexibility is maintained in the software update when verifying the authenticity of the software. To do this, however, it must be possible to make the ECU software update known to the HSM, which exposes the ECU bootloader as a major target for attackers.
CycurHSM significantly reduces this vulnerability with the new certificate-based trusted boot. The certificates are stored in an epilogue with the software parts in the memory. If anything changes or is manipulated, the HSM automatically uses these certificates to verify the software and, if this is successful, subsequently accepts the update. This also reduces the complexity of the bootloader, as there is no need to manage the software configuration in the HSM. The X.509 certificate handling feature of CycurHSM thus offers the following key benefits:
- Strong certificate-based root of trust, e.g. for firmware authentication
- Prevention of manipulation of trust/certificate stores
- Automatic detection of software updates and reduced bootloader complexity
Read more in the white paper “Implementing chains of trust with CycurHSM”.
Find out more about certificate-based trusted boot in the recorded webinar "How to secure automotive ECUs – introducing HSM technology and trusted boot feature".