Reference Design Functional Overview
XAPP1309 (v1.0) March 7, 2017 13
www.xilinx.com
Reference Design Functional Overview
The following steps are done in the reference design to set up IMA, TPM, and network security.
• Activate IMA in the Linux kernel
• Configure the IMA policy
•Activate the TPM
• Set up the privacy certificate authority (CA)
• Set up the attestation client (Zynq-7000 AP SoC)
• Generate an attestation identity key (AIK)
• Configure the integrity measurement collectors
• Configure the TNC client
• Configure the VPN connection
• Set up/configure the attestation server (strongSwan VPN/TNC server)
• Collect measurement values
• Register the device with the policy manager
The process is defined on the strongSwan website
.
Conclusion
Zynq-7000 AP SoCs provide significant advantages in their ability to program both hardware
and software on the same device. Cost-effective firmware updates are a key to increasing
embedded system capability and providing maintenance to reduce the TCO. Remote firmware
updates rely on using the Internet, opening the embedded system to cryptographic attacks.
This application provides mechanisms that provide proven-in-use security for connected
devices.
References
1. Zynq-7000 All Programmable SoC Technical Reference Manual (UG585)
2. Run Time Integrity and Authentication Check of Zynq-7000 AP SoC System Memory
(XAPP1225
)
3. Linux Integrity Measurement Architecture
wiki.strongswan.org/projects/strongswan/wiki/IMA
4. TPM Main Specification www.trustedcomputinggroup.org/tpm-main-specification
To Next Page
Loading...
Need help?
General
