Design of Embedded Trust Root Based on Dual-Kernel Architecture

Abstract

Given the characteristics and design constraints of the embedded system, a software trust root construction method based on dual kernel architecture and composed of bootloader and trusted kernel and a stem branch trust chain transmission model are proposed ,aiming at the requirements of the trusted environment of embedded applications, The Bootloader, solidified in the boot FLASH, embeds the SHA-1 engine, to measure and load the trusted kernel. Meanwhile, the trusted kernel realizes the protection of the Bootloader by prohibiting the user kernel and upper-layer applications from writing access to the FLASH. The interaction between them, as the root of trust, can resist non-physical attacks; the trusted kernel provides password service-related functions for the user kernel; the application system and the user kernel where it is lockated run as a process of the trusted kernel. Finally, based on predicate logic, a formal proof of trusted boot is given, and a prototype system is built to verify the availability of the scheme.