AEWIN Trusted Secure Boot – OT006

social_icon_fb social_icon_twitter social_icon_line social_icon_line

AEWIN Launches the OT006 family of Trusted Secure Boot Module for increased firmware resilience to guard against tampering and data corruption. This is part of AEWIN’s push for a hardware system root of trust for our network and edge computing systems. We have leveraged our experiences from specialized sectors where tamper resistance and firmware hardening are required.

OT006 is a self-contained module and isolated from rest of the system to reduce possible attack surfaces. The on-board logics identify and authenticate firmware digital signatures inside the system. The actions after detection of the anomaly are programmable. The default is sound the buzzer alarm and hold the boot up sequence, then requiring user interaction to correct the firmware and continue the boot process. The module can be programmed to provide automated firmware recovery if desired.

Another critical part of firmware restoration is ensuring there is a pristine golden image as reference. Extra attention was put into ensuring the integrity of the golden image on-board. To prevent tampering of the golden image, updating the image requires a dedicated hardware key along with password. The addition of a hardware key raises another hurdle for potential malicious actors. An added benefit is that is also prevent tampering by physical access, unless they are able to access the physical hardware key.

There are 2 SKUs of OT006, the OT006A and OT006B. OT006A on-board firmware is based on Intel’s Platform Firmware Resilience (PFR) technology, where OT006B is based on AEWIN’s own Trusted Secure Boot code base. The biggest difference between the 2 technologies is the boot sequence, where PFR has a more sequential verification process flow, and AEWIN Trusted Secure Boot have parallelized the verification process to speed up the boot sequence. However, both are designed to offer similar set of features and can secure the firmware on-board and detect if errant hardware has been added.

The OT006 support is being integrated into many of our products. The first wave of the systems supporting the modules has already been announced: BIS-5221 and SCB-1932. Please talk to our friendly sales about integrating firmware security into your next AEWIN devices.

   OT006 – Trusted Secure Boot Module
– Intel Platform Firmware Resiliency Module
– M.2
– Max10 Chipset