Background
As modern computers, embedded devices, and satellites increase in complexity and connectivity, the need for robust cybersecurity becomes more critical. Government agencies are now mandating cybersecurity measures for new space missions, heightening the pressure on technology providers. Secure boot is a security feature that first verifies digital signatures of boot software before proceeding with the boot process. This prevents unauthorized boot software and rootkits from compromising the bootloader, establishing a “chain of trust” from the start of the system’s operation. Because space systems are often already operating at peak computational capacity, the team prioritized a low-resource solution. By implementing secure boot on a Field Programmable Array Gate (FPGA) core and leveraging non-volatile memory, the solution not only minimizes computational burden, but also strengthens the overall security.
Approach
Figure 1. Signature Verification Process.
To implement secure boot on a legacy target system, the team explored two approaches: a software-only implementation, and a FPGA integration. Early on, challenges with the target system’s bootloader prompted the development of a custom software-based secure boot system. The team utilized SHA-256 as the underlying hash algorithm and generated Rivest-Shamir-Adleman (RSA) private and public keys for signing and verifying each boot file. The system stores the boot images and their corresponding signatures in non-volatile memory, ensuring data persistence across power cycles. During the boot process, the software retrieves these files and verifies the digital signatures. For the hardware integration, the team scaled down the scope due to resource constraints on the proof-of-concept FPGA, focusing on offloading the RSA signature verification to the FPGA core. The SHA-256 hash is calculated on the host computer and, along with the RSA signature, is sent to the FPGA. The FPGA decrypts the signature using the public key and compares the resulting hash with the original as shown in Figure 1.
Accomplishments
This research successfully implemented secure boot on a proof-of-concept space platform, demonstrating both a full software-based solution and a hybrid approach using an FPGA core for RSA signature verification. The results emphasize the importance of continued research and optimization of cybersecurity features on modern resource-constrained space platforms. Future work could involve optimizing cryptographic algorithms, exploring resistance to quantum attacks, and integrating secure boot capabilities into operational satellite systems.