Secure Boot

Secure boot is a feature implemented in a computing device to ensure that only authorized code is run. This requires a way to verify the authenticity and integrity of the code. This means making sure that the code is what it claims to be and that it has not been tampered with. The goal is to gain trust in the integrity of the executed code.
Secure boot is beneficial for a wide range of devices, users and organizations, as it provides an additional layer of security. It establishes a secure and trusted foundation for the system’s boot process, mitigating various threats and ensuring that only authorized and digitally signed software components are allowed to run, thus enhancing the overall security level of the device. 
Secure boot is used in government and public sector, critical infrastructure, financial institutions, healthcare, automotive, transportation and more. The implementation of secure boot is accompanied by various challenges that demand careful consideration.

• In terms of performance, the trade-off between security and efficiency becomes apparent, as the additional layer of verification can impact boot-up time and latency. Striking a balance is essential to maintain a responsive user experience.
• Resource utilization presents another challenge, requiring efficient and customized solutions in hardware and/or software depending on the target system. 
• The security level of a secure boot system is a constant concern, with the ongoing challenge of preventing sophisticated hacking attempts. Additionally, safeguarding the trust anchor such as a public key used in the secure boot process is critical.
• Cost considerations encompass various aspects, including the allocation of resources for additional hardware and/or software within the device. Integrating secure boot into software development and deployment processes incur expenses too.

Secure boot can be implemented using various secure verification schemes: hash-based, Message Authentication Code (MAC)-based or signature-based.
Signature-based verification relies on asymmetric cryptography. In this verification scheme, the executable binary (code instructions and configuration data) is deployed to the target device along with a cryptographic signature over the binary. The signature is securely generated with a private key in a protected backend (R&D site) and is often enveloped in a certificate. The corresponding public key is deployed to the target device during production and stored tamper protected inside the device. During the boot phase of the device, a hash is generated over the binary. This hash value is then compared to the given hash value of the corresponding signature, verifying the signature with the public key. Classically, hashing algorithms such as SHA3 and Elliptic Curve Digital Signature Algorithm (ECDSA) can be used to securely generate the signature and to verify the binary. Additionally, post quantum cryptography (PQC) such as Dilithium (ML-DSA, FIPS-204) or SPINCS+ (SLH-DSA, FIPS-205) can be applied to generate and verify signatures.

KiviCore offers cryptographic primitives which can be used to create different classic and PQC applications. Those are hash functions as defined by secure hash algorithms (SHA3) from NIST FIPS-202 standard as well as Keccak.