Process of Creating Custom Linux Kernel with Boot Time Integrity Check Using U-Boot for Embedded Devices
摘要
Protecting the system against malicious code being loaded and executed early in the boot process is necessary for the era where cyber security incidents are at their peak and still more to come. Usually, embedded devices do not come with any kind security that checks kernel integrity before booting. Therefore, a method like Secure boot in embedded devices is essential to prevent such attacks. In critical infrastructure too firmware level security is essential. In the world of embedded devices resources are very limited and hence there is a need to create a custom kernel that is stripped down to serve specific purpose. In this paper we are showing a standard method of creating custom kernel and do integrity verification while booting using custom built u-boot bootloader that have TPM support. The complete process in embedded devices is quite complex and involves several complicated steps. Purpose is to eliminate that complexity and make generalized method that can work for almost any type of embedded board.