A secure bootloader should be provided. Only signed images should be loaded by the device, and there should be the option to encrypt images for confidentiality. There should be a means to revoke compromised signing keys.
-
-
Prikaži ovu nit
-
A firmware update mechanism should be provided. Firmware should be downloaded over an authenticated and encrypted channel. The integrity and authenticity of the firmware should be checked.
Prikaži ovu nit -
In combination, the secure bootloader and firmware updated mechanism should prevent firmware rollback attacks, where earlier versions with known vulnerabilities are loaded onto a device.
Prikaži ovu nit -
Dual-banked firmware should be supported, allowing for multiple firmware images to be stored. This allows for safe firmware upgrades without the risk of the device being “bricked”.
Prikaži ovu nit -
The device should support a means to prevent the flash contents from being read, including the firmware, settings and any stored data. This would require encryption of the external flash.
Prikaži ovu nit -
It should be easy to entirely disable all debug interfaces on the device without risk of preventing firmware updates.
Prikaži ovu nit -
The device should have source of entropy available for cryptography. This should be a dedicated hardware random number generator.
Prikaži ovu nit -
Internal secure storage should be provided to store keys, certificates and other sensitive data. This would include immutable fields, and write-only flags.
Prikaži ovu nit -
A range of operating systems should be provided, including a real-time operating system and full Linux system. Tools should be provided to allow these to be hardened appropriately for production systems.
Prikaži ovu nit -
Cryptographic libraries should be provided to perform common operations such as encryption, signing, and hashing. These should have high-level interfaces and use secure settings by default.
Prikaži ovu nit -
Software provided for use on devices should use a permissive license which is compatible with other open source licenses.
Prikaži ovu nit -
Threat modelling should be performed against devices and software provided. The results of this should be openly stated in documentation.
Prikaži ovu nit -
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.