Improving Embedded Operating System Security Part 5: Securing Code and Data

By Bill Graham

Bill GrahamSecure the Boot and Execution

Embedded systems are vulnerable at boot time. For example, it’s common for hobbyists to re-flash consumer products’ firmware to change the way it operates. However, malicious attacks on device boot up and operation are undesirable for mission critical systems. In addition, devices often allow updates via web interfaces or other remote access creating a serious security threat if abused. Securing the boot image is an important step to securing your device. Trusted boot images are cryptographically signed with an identifier that the hardware recognizes as the only acceptable signature for execution.  An example of this is a Trusted Platform Module (TPM), which provides hardware support for encryption, key storage and random number generation. Moreover, a TPM can provide a trusted key value for the device hardware and software. A device without its TPM wouldn’t start or if the software and hardware configuration didn’t match expected values. Any tampering with code or hardware prevents device operation. For example TPM support is common in many PC motherboards (although likely not used much in consumer use.)

Secure Data and Data Storage

No assumptions should be made about the classification and privacy of data used in embedded systems. Traditionally, device data was not considered private nor of interest to third parties. The increasing role of embedded systems in health care, energy systems, power grids, water and sewage control, the data these devices carry may be of interest to the external threats. Data shouldn’t be stored in clear text and cryptographic support is used where possible, especially if stored on disk or flash memory. In particular, don’t store passwords and keys in clear text (obvious but it still happens.) Nowadays, embedded processors have hardware acceleration for cryptographic libraries making fairly sophisticated cryptography reasonable for embedded devices without incurring a heavy power or CPU usage penalty. TPM’s can provide trusted key storage for data encryption.

Application Protection

Application level protection maybe required in embedded systems too. I’ve discussed this at length in another post (link:

I’d love to hear about your concerns about securing your boot process and data storage.


For additional information from Wind River, visit us on Facebook.