Re: Embedded Linux & Code Security

In FPGAs, configurations can be stored in Flash in an encrypted format that
>only the FPGA to be configured has the key to . During configuration, the >FPGA does the encryption, so even data over the Flash to FPGA channel is >secure. How the FPGA keeps it's key secure, I don't remember. Maybe there >is an analogue to this in MCU land.

Specifically Altera Statrix-II FPGAs have AES 128 decryption and OTP (fuse) non-readable key storage for the configuration bitstream.

So: run Linux on a NIOS soft core in one of these FPGAs. Encrypt the code in flash. Add decryption units with keys to the memory interfaces (or limit yourself to the memory built into the FPGA). The decyption unit and keys are encrypted in the Stratix-II bitstream, so they can't be read.

Even if you were able to read the fuse settings somehow, you would then have to reverse-engineer the undocumented bit-stream format.

I think this is all bad, except for protecting nuclear weapons. There would be no hacked iPhones if its firmware was encrypted this well. Vernor Vinge's _Rainbow's End_ told about a computer engineer who could no longer tinker with hardware due to her invention of a secure hardware environment.

-- /* jhallen@world.std.com AB1GO */ /* Joseph H. Allen */ int a[1817];main(z,p,q,r){for(p=80;q+p-80;p-=2*a[p])for(z=9;z--;)q=3&(r=time(0) +r*57)/7,q=q?q-1?q-2?1-p%79?-1:0:p%79-77?1:0:p158?-79:0,q?!a[p+q*2 ]?a[p+=a[p+=q]=q]=q:0:0;for(;q++-1817;)printf(q%79?"%c":"%c\n"," #"[!a[q-1]]);}