高级检索

    SeChain: 基于国密算法的RISC-V安全启动机制设计与实现

    SeChain: Design and Implementation of RISC-V Secure Boot Mechanism Based on Domestic Cryptographic Algorithms

    • 摘要: 开源RISC-V指令集为我国建立自主可控物联网生态提供了重大机遇. 然而,物联网设备通常缺乏硬件加固措施,容易遭受物理级的固件篡改攻击,因此保障固件完整性以提高设备安全性至关重要. 为此,已有基于安全启动技术的初步探索,但仍存在3个问题:1)传统软件信任根难以保证物理级可靠性;2)主流硬件级安全启动技术被国际芯片厂商掌握,技术未公开且不支持国密算法,无法保证安全自主可控;3)已有基于RISC-V CPU的安全启动研究缺乏对上层固件的校验机制. 为解决上述3个问题,首次设计并实现基于国密SM9算法的RISC-V安全启动机制——SeChain. 具体而言:1)在RISC-V SoC内部增加了签名计算单元(signature calculation unit,SCU),实现密钥对生成与签名;2)增加了密钥验证单元(key verification unit,KVU),实现验证算法的片内执行及固件完整性验证;3)设计实现基于验证引导的多级安全启动机制,从不可篡改的硬件信任根出发,逐级完成引导程序的完整性校验. 基于上述设计,SeChain实现了信任根的不可篡改和安全可信,构造了一个可信的安全启动链,基于国密SM9算法为设备的安全启动和可信执行提供可靠保障. 为了验证SeChain的有效性、高效性和可靠性,基于VexRiscv CPU在FPGA 硬件平台完成了SeChain仿真验证实验. 实验结果表明,SeChain能够有效抵御各类固件篡改攻击,并能对抗信任根攻击,且平均额外时间开销不超过6.47 s. SeChain适用于资源受限的IoT设备,在满足安全可信启动的同时,能为国产RISC-V生态的安全自主可控提供有力保障.

       

      Abstract: The open-source RISC-V instruction set architecture (ISA) provides a significant opportunity for China to establish an independent and controllable IoT ecosystem. However, IoT devices often lack hardware protections and are vulnerable to physical-level firmware tampering attacks. Therefore, ensuring firmware integrity to improve device security is crucial. Previous researches have focused on secure boot techniques, but several challenges remain: 1) The traditional software-level trusted root can be physically tampered, making it difficult to ensure the reliability of the trusted root; 2) Mainstream hardware-level secure boot technology is controlled by international chip manufacturers, the specific implementation method is not publicly available, and does not support domestic cryptographic algorithms, making it impossible to ensure security independence and controllability for China; 3) Existing research on secure boot mechanisms based on RISC-V CPUs can verify the credibility of executable code but lacks a mechanism for verifying the integrity of upper-level firmware. To solve these challenges, we design and implement SeChain, a RISC-V secure boot mechanism based on the Chinese domestic cryptographic algorithm SM9. Specifically: 1) A signature calculation unit (SCU) is added inside the RISC-V SoC to generate key pairs and signatures; 2) A key verification unit (KVU) is added to perform on-chip execution of verification algorithms and firmware integrity verification; 3) A multi-level secure boot process based on verification boot is designed and implemented, starting from an immutable hardware trust root, completing the integrity verification of the next-stage boot program step by step, and achieving secure boot. Based on this design, SeChain realizes the security and trustworthiness of the trust root in the startup phase and constructs a trusted secure boot chain based on the domestic cryptographic algorithm SM9, providing reliable protection for device secure boot and trusted execution. To verify the effectiveness, efficiency, and security against trust root attacks of SeChain, we complete SeChain simulation verification experiments based on VexRiscv CPU on FPGA hardware platform. The experimental results show that SeChain can resist various firmware tampering attacks, as well as resist trust root attacks, which has an average additional time overhead of no more than 6.47 seconds. SeChain is suitable for resource constrained IoT devices, while meeting secure and trusted boot requirements, it can provide strong protection for domestic RISC-V ecosystem security independence and controllability.

       

    /

    返回文章
    返回