Understanding Laird Connectivity’s Chain of Trust Architecture

In today’s technological landscape, securing your device is an increasingly complex goal that requires more comprehensive approaches.

The best and most effective approaches to device security address the vulnerabilities at every level, isolate subcomponents to firewall potential damage, and rigorously test to stay ahead of malicious activities. Devices leveraging an embedded OS, such as Linux, require security to be designed at the point of product creation and hardened to a sufficient level prior to leaving the factory.

Laird Connectivity is introducing its latest line of Enterprise Performance and Security modules based on the 60 Series SOM. These modules use the Chain of Trust architecture which is rooted in hardware to ensure only authorized software is loaded and executed on the device. This makes it much more difficult to leverage the 60 SOM-based communication module to compromise its host or attack other devices on the same network. The 60 SOM-based communication module is also designed to be securely updated to quickly remediate any vulnerabilities found in the future. 

Chain of Trust

Chain Of Trust – Verified At Every Layer

Laird Connectivity’s Chain of Trust architecture, in combination with secure production provisioning, secures software images running on the 60 SOM. For customers utilizing the 60 SOM as the wireless communications module, this architecture protects from attacks using vulnerabilities exploited on the module to further attack the hosted platform. For devices utilizing the 60 SOM as the host for the main application, the Chain of Trust provides a mechanism to provision and update software with signed images, preventing unauthorized or rogue software from loading into the device.

The Chain of Trust is based on a Secure Boot process that begins with an embedded Hardware Root of Trust. The Secure Boot process enables the Root of Trust to be chained to all executable code for the 60 SOM enabling verification of every bit of code running on the module. Secure Boot also controls the available boot sources. Insecure boot paths such as serial or USB ports are disabled permanently during the production process. 

During the production provisioning process, a secure symmetric key is programmed into the hardware. The first external boot code that is executed by the 60 SOM is stored in the onboard flash. This boot code is encrypted with the same symmetric key during provisioning thus ensuring the contents remain secret and can be verified as trustworthy. The device will not boot unless the code and data loaded from the flash memory matches the unique pre-determined hash generated during production. This proprietary and secure implementation protects against modifications to the 60 SOM, preventing the loading of insecure images or the enabling of external boot processes.

Security can be increased further by enabling each individual device to be programed with a unique encryption key. If one device is ever compromised, that key cannot be used to attack multiple devices. At a minimum, we anticipate providing unique keys on a per customer or customer device type basis.

The Laird Connectivity Chain of Trust architecture includes an Encrypted File System on the 60 SOM to store confidential information such as network credentials, passwords, or other configuration details deemed sensitive by the end user or hospital where the unit is deployed. This protects any stored credentials or configuration details from exposure to hackers and intruders.

Designing and building secure products is only the beginning. Software and image updates are required over the life of the product to improve performance, add features, and fix security vulnerabilities. Over time, unpatched connected devices become one of the largest potential attack surfaces given that their security vulnerabilities become well-known and easily exploited. The reason is simple – an attacker can scan a network to find devices with old firmware, then simply take advantage of well-known, well-documented vulnerabilities without having to first do the hard work of discovering how to attack the device. This type of attack is so simple that it can be fully automated and deployed by amateur hackers.

By working in partnership with our customers, it is possible to ensure all devices are up to date. This may include Laird Connectivity managing the update process to connected devices in the field via a web service, as well as making updates available to our customers and end users where a physical update of the device may be required. 

Over time, unpatched connected devices become one of the largest potential attack surfaces given that their security vulnerabilities become well-known and easily exploited.

60 SoM Render - Side Angle