Freely subscribe to our NEWSLETTER

Presented at the 2023 prpl Summit, ‘An Introduction to Secure Boot’ (PRPL-SBW001) defines the concepts of a secure boot process and the prerequisites which need to be considered for it. Created by prpl’s Security Assurance Working Group, the document outlines the major principles of a secure boot, how these can be applied to all prpl-compliant products and provides key guidance on how best to align the implementation efforts of a prpl-compliant bootloader.

“While the concept of a secure boot is well established, the lack of commonality regarding the necessary requirements for one can result in operators having to navigate difficult proprietary processes,” said prpl Foundation President Dr. Len Dauphinee. “Thanks to the Security Assurance Working Group and ‘An Introduction to Secure Boot’, organizations can benefit from improved guidance and a common, secure foundation to build from. I’m excited to see what this harmonization will bring across our industry.”

The bootloader is a piece of software that performs all the steps necessary to put the hardware of the Gateway into a defined state when powering on, so that the execution process can be carried out by the main Operating System (OS) or Firmware. Correct and predictable functioning of the Gateway is essential if operators are to provide reliable services to their subscribers. To achieve that, a bootloader must be built around a Chain of Trust (CoT), which will ensure each software component loaded has not been tampered with. All firmware components found in the chain must be verified and authenticated, and, if running Customer Premises Equipment (CPE) has been compromised, the bootloader must ensure that any such changes to these components are not persistent.

If these considerations are not met, an attacker could quickly access confidential information which allows for unauthorized exposure and usage, leading to significant financial and reputational damage for all involved. At the same time, secure boot designs rely on critical assets such as Root of Trust (RoT) keys, yet OEMs and operators may have alternate designs for bootloaders that prefer simpler or more complicated key management schemes, hardware capabilities and trust-party setups. The type of non-volatile flash memory chosen may also impact the implementation of a bootloader, leading to proprietary developments which may hinder a successful secure boot process.

Serving as a companion to the ‘prpl Secure Boot Requirements’ (PRPL-SB001) specification document, ‘An Introduction to Secure Boot’ helps overcome these issues by explaining how a CoT can be established by leveraging chipset hardware, starting with a typically hardware-based System on a Chip (SoC) RoT. This will result in a boot process that successfully launches the execution of authenticated and authorized Firmware.

Both documents underscore the prpl Foundation’s dedication to creating a common set of requirements for vendors to implement within their bootloader. With greater harmonization of values, OEMs and operators will be able to trust that the baseline from which their specific secure boot process derives remains consistent even when switching between vendors. Subsequently, organizations can leverage a number of approaches to best suit their security and operational requirements, providing the possibility for further innovation.

The ‘prpl Secure Boot Requirements’ document provides high-level specifications for gateway bootloader implementations derived from an operator’s internal bootloader requirements. With guidance on how to use a classical open-source bootloader and chipset hardware to correctly establish a RoT capable of expanding security once the boot stage has been completed, the document plays a crucial role in enhancing the security measures of the Gateway.