Open Source Summit + AI_dev Japan 2024

When the Zephyr project(https://zephyrproject.org/) launched in 2016, the lack of standardized security best practices in the IoT market segment was a known problem. It was one of the goals the project wanted to address, and started working on from before day 1. This talk will go through the journey of the last 8 years of applying known best security practices to an open source project, including becoming a CVE Numbering Authority, and forming a PSIRT team from volunteers from different companies. This team has been managing embargo windows, bulk vulnerability reports as well as the occasional vulnerability reported from the community. It is possible for open source projects to follow Security Best Practices and this talk will let others leverage the key lessons that Zephyr has learned over time.

MCUboot enables secure booting of Zephyr RTOS using asymmetric cryptographic signature verification with a public key. Typically, the hash of the public key is embedded within the MCUboot binary, ensuring its integrity. For enhanced tamper protection, this hash can also be securely stored and retrieved using hardware keys. Embedded SoCs, such as the i.MX RT, offer advanced security features like High Assurance Boot (HAB), Data Co-Processor (DCP), and Trusted Firmware-M (TF-M) for implementing TrustZone in SoCs like the nRF91. These features enable secure storage with hardware crypto acceleration or external security modules (e.g., TPM, EdgeLock) to store keys in a hardware vault. This presentation will explore MCUboot secure booting with hardware keys, using the NXP i.MX RT as an example. We'll delve into HAB for booting signed and encrypted MCUboot, establishing a hardware root of trust, and booting Zephyr RTOS using keys from OTP for verification. Additionally, we'll discuss using the TF-M backend and OTP for securely booting TrustZone-enabled SoCs.

In this talk, we will introduce Sony's Edge Virtualization Platform (EVP), a cutting-edge solution that leverages WebAssembly (Wasm) at the edge to ensure the security and safety of sensing applications. The EVP addresses key challenges in the embedded IoT landscape, including resource constraints, cybersecurity, and lifecycle management. Our discussion will cover: WebAssembly at the Edge: How Wasm enhances security and performance for sensing applications. Edge App SDK: A powerful toolkit for developers to create, manage, and deploy edge applications within a Wasm sandbox, ensuring compatibility and efficiency across diverse hardware. Device and Lifecycle Management: Techniques for efficient device management and application lifecycle management within the EVP. By the time of the Open Source Summit Japan, all these components will be open-sourced, aligning with Sony's upstream strategy to foster collaboration and innovation in the IoT community.

Secure and efficient software updates are crucial in infrastructure. Our research integrates SWUpdate with The Update Framework (TUF), which enhances security by ensuring update integrity and improving resistance to well-known attacks. However, there are challenges in the TUF verification process for embedded devices. It requires downloading the entire target images and verifying its size and hash values. This process may be difficult to execute on devices with limited resources. Therefore, we have developed a device management function that manages unique information such as device version information, in addition to integrating with TUF. This function enables the generation of delta update images considering the target device information. As a result, it is believed that updates can be made even within limited resources by transmitting only delta. Furthermore, it becomes possible to meet specific needs of each device, such as reducing bandwidth and update time, customizing update images, and enhancing image encryption. In this presentation, we will showcase the practical implementation of our function that integrates TUF and delta update.