Signed Firmware
What is Firmware?
Firmware is a special kind of software that serves the narrow purpose of abstracting the hardware functionality for a piece of hardware. It enables high-level software development to be independent of the hardware.
What is Signed Firmware?
Signed firmware is implemented when the software vendor signs the firmware image with a private key. When a firmware has this signature attached to it, a device will validate the firmware before accepting to install it. If the device detects that the firmware integrity is compromised, the firmware upgrade will be rejected.
The process of signing firmware is initiated through the computation of a cryptographic hash value. The value is then signed with the private key of a private/public key pair before the signature is attached to the firmware image.
Before firmware can be upgraded, the new firmware must be verified. To ensure that the new firmware is unmodified, the public key is used to confirm that the hash value was indeed signed with the matching private key. By also computing the hash value of the firmware and comparing it to this validated hash value from the signature, the integrity of the firmware can be verified.
How it works?
A secure signing server signs the firmware securely. After the firmware is signed in the signing server, it travels through the supply chain, eventually reaching its destination OCP platform (or device).
There, the platform verifies the signer's digital signature. If the verification succeeds, the platform installs and / or executes the firmware. If the verification fails, because the wrong key was used, or the signature was modified, or the firmware was modified somewhere along the way, a platform policy dictates the next action, whether to reject the failing firmware, isolate it, or allow it to run.
Therefore, the security of the signing server is critical because it applies the “protective wrapper” (digital signature) that protects the firmware on its journey from the supplier to the OCP product. For this reason, the signing server must be configured securely, it must be placed in a secure environment, and there must be safeguards against its misuse by associated administrators and users.
Benefits of Digitally Signed Firmware:
- Prevents malicious modifications to the firmware which could result in: Viruses being inserted into the firmware
- Prevents Data theft
- Prevents Data Destruction
- Prevents Data Manipulation
- Protection from counterfeit drives
- Verifies the authenticity and integrity of firmware
- Enhances ability to withstand both physical and logical attacks
- Protect the private keys (even in the face of adversarial destructive analysis)
What Digitally Signed Firmware Does:
Firmware Authentication / Validity Checks are conducted before the firmware is downloaded to the drive to:
- Validate authentic firmware for the drive
- Validate firmware is genuine firmware
- Ensures firmware has been unaltered
QuickServer Signed Firmware and Secure Connections
SSL/TLS (Secure Sockets Layer/Transport Layer Security) is a security technique that allows secure data transfer across untrusted networks by establishing an encrypted connection between a server and a client.
These functions are supported on the following FieldServers; FS-QS-1011 or FS-QS-1211
The TLS Port parameter is added in the connections section of the configuration file and a port number between 1 – 65535 is set.
This sets the FieldServer to accept any incoming connection, but a client’s verification certificate will not be requested. The FieldServer end-point communication will be encrypted but not authenticated.
Connections can be limited to only a particular domain (vendor devices) by using the check_Remote_Host in the configuration to specify the domain/host name.
The Check_Remote_Host (common name) can be obtained by;
- Using https://www.sslshopper.com/certificate-decoder.html to decode the certificate.
- Run (openssl x509 -in certificate.pem -text -noout) in the openssl program.
- Asking for the host name from the certificate issuer.
The certificate used must be in PEM format and can be converted using
(https://support.ssl.com/Knowledgebase/Article)
On request, an embedded self-signed certificate can be sent.
The TLS_Port parameter can also add Validate_Client_Cert to request and verify a client’s certificate against its authority file before accepting a connection. This lets the FieldServer only accept connections from other FieldServers.
The FieldServer can also accept connections from a chosen list of remote clients using the authority file containing a collection of client certificates.
