Accompanying material for C-FLAT: Control Flow Attestation for Embedded Systems Software
C Python Assembly
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
binaries
include
instrumentation
library
measurement-engine
runtime-tracer
samples
LICENSE
README.md

README.md

Accompanying Material for C-FLAT: Control Flow Attestation for Embedded Systems Software

This archive contains the accompanying material for C-FLAT: Control Flow Attestation for Embedded Systems Software.

This repository contains the source code for the C-FLAT Runtime Tracer, Measurement engine, C-FLAT Library and the sample applications used for evaluation. It also contains our binary instrumentation tool for ARM binaries and pre-build kernel images of the sample applications instrumented with C-FLAT runnable on Raspberry Pi 2.

Note: Due to confidentiality reasons, we are unable to make the complete platform source code available in this release. It may, however, be open sourced in the future, in which case this README will be updated with information on how to access the complete source code.

Those wishing to reproduce C-FLAT on a Raspberry Pi 2 or other ARM-based board will need to provide the implementation for the bootloader and secure world kernel. In particular the kernel needs to provide:

Contents

  • binaries: Runnable pre-build kernel images for Raspberry Pi 2
  • instrumentation: instrumentation tool
  • library: C-FLAT Library code
  • runtime-tracer: Runtime Tracer Trampolines
  • measurement-engine: C-FLAT Measurement Engine
  • samples/syringe: Sample program and output discussed in paper
  • samples/soldering: Sample program and output discussed in technical report

Requirements

Running the pre-built kernel images

The assume that the Raspberry Pi 2 SD card has been prepared with pre-compiled binaries of the current bootloader/GPU firmware available from the Raspberry Pi Foundation. The easiest way to obtain these is to install a prebuilt Raspbian image on the SD card using the offical instructions.

NOTE: WE DO NOT USE RASPBIAN LINUX IN THIS PROTOTYPE. THE ONLY THING NEEDED ARE THE FIRMWARE IMAGES NEEDED TO BOOT UP THE BOARD AND THE BARE-METAL KERNEL IMAGE REFERRED TO BELOW.

In order to seize control of the TrustZone secure world, the bootloader needs to obtain control of the board while it’s still in secure mode. This can be achieved by setting the kernel_old=1 option in config.txt on the Raspberry 2 SD card boot partition:

kernel_old=1
disable_commandline_tags=0

With this done, the bare-metal kernel.img can be loaded onto the Raspberry Pi 2 SD card:

$ cp binaries/kernel-<version>.img /boot/kernel.img

where /boot is the boot partition of the Raspberry Pi 2 SD card.

Please make sure that kernel.img is the only .img file present. In particular that kernel7.img is NOT present on the SD card.

Disclaimer

All implementations are only research prototypes!

Our code is NOT safe for production use! Please use it only for tests.

License

Copyright (c) 2016 Aalto University

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.