Post-Quantum Firmware Integrity Verification for Xilinx Zynq UltraScale+ MPSoC

In today’s fast-paced technological environment, cybersecurity is facing critical challenges, especially with the rise of quantum computing. This advancement threatens traditional cryptographic systems, such as RSA, which could soon be vulnerable to powerful quantum-based attacks. To mitigate this risk, the field of Post-Quantum Cryptography (PQC) aims to develop algorithms resilient to quantum capabilities. Despite progress in PQC, incorporating these algorithms into existing systems requires careful adaptation to maintain performance and usability. One key area where PQC solutions are essential is in embedded devices' secure and measured boot processes. These processes ensure that only trusted software loads at startup, protecting unauthorised access and potential threats. This work focuses on developing secure and measured boot procedures for embedded devices that resist quantum computing threats. The target platform was the Xilinx ZCU104 evaluation board, designed to showcase the Xilinx Zynq UltraScale+ MPSoC’s capabilities. This board features a quad-core ARM Cortex-A53 processor and a dual-core ARM Cortex-R5 real-time processor with programmable logic. The Cortex-A53 cores support ARM TrustZone technology, enabling secure and non-secure execution modes to enhance embedded security. The main contribution of this thesis was implementing a measured boot process within the firmware of the Zynq UltraScale+ MPSoC platform. This included creating a measurement log compatible with the "TCG EFI Platform Specification", enabling the collection of integrity measurements on the code executed during the system’s startup. These measurements allow for the verification of memory contents’ integrity. The generated log can be accessed by an fTPM (Firmware Trusted Platform Module) in the secure execution environment of the ARM Cortex-A53, which initialises the Platform Configuration Registers (PCRs) of the fTPM with boot-acquired measurements. This setup supports remote attestation, allowing external entities to verify the system’s trusted boot status. To improve security against quantum threats, hash algorithms with stronger security than SHA-256 are recommended. In this work, a hardware-accelerated SHA3-384 implementation was used, providing enhanced resistance in verifying boot integrity. Additionally, this work investigated implementing a quantum-resistant secure boot for the Zynq UltraScale+ MPSoC, which currently relies on RSA-4096 signatures for authentication. This approach leaves the platform exposed to quantum computing threats. A quantum-secure design based on Leighton-Micali Hash-Based Signatures (LMS) was proposed, compliant with recommendations from standardisation bodies, to create a robust secure boot process.