Open-source hardware is great for a lot of things. It gives students and educators a great learning platform, and it's the perfect solution for all sorts of DIY projects. But can you design a commercial product around open source?
You can if you understand the risks and take the proper security precautions, particularly when it comes to your firmware.
Speaking at the 2017 Embedded Systems Conference (ESC) in Boston Brian Richardson, a technical evangelist for Intel, praised open hardware platforms for many reasons: they offer publicly available designs; they're based on open-source concepts; and they encourage experimentation, new features, and new designs. The DIY and Maker community has already heavily embraced hobbyist boards like the Raspberry Pi and Arduino, and there are other products on the market as well such as the MinnowBoard and Intel's own Galileo Board.
|Intel technical evangelist Brian Richardson explains how UEFI Capsule can enable secure remote firmware updates to an audience at ESC Boston 2017. (Image source: Design News)|
“On an open hardware platform the firmware is made available primarily for debugging and hacking,” Richardson told the audience. “It ships with unsigned binary firmware images because as a maker if we signed binary it doesn't do you any good. It also assumes updates are run by a developer – and hopefully not a hacker.” The trouble comes, Richardson said, because the platform identifiers are not unique. If a developer uses GitHub or some other open-source repository to get a GUID for a platform that means everyone else can get and use the same one as well, even people with bad intentions.
There are also problems inherent in the way firmware itself operates. “Firmware initializes hardware, establishes root-of-trust, then hands things off to OS ... which creates an opportunity for someone else,” Richardson said. “Standardization is good but it means people who want to do bad things only have to read one book. If everyone plays by the rules this is great...but guess what? People don't play by the rules.” Compounding this is that firmware is more deeply embedded into the system than a program running off a hard drive. If your computer catches a virus at the most extreme you can at least wipe your drive to get rid of it. No amount of wiping will clear exploited firmware.
Last year an exploit, dubbed ThnkPwn, was discovered in Lenovo and other brand laptops and Intel motherboards that allows hackers to install malicious code directly into a computer's Extensible Firmware Interface (UEFI), the modern equivalent of BIOS meant to standardize firmware across manufacturers. Once this is done an attacker can disable critical security features at the hardware level and can pretty much have the run of your system. Think of it like a thief rather than having the keys to your house instead having access to the locksmith who makes any and all possible keys to your house.
So how do you deploy products based on open designs without creating a BlackHat presentation waiting to happen?
The first step Richardson said is to build for release – that is, make a product look like it is proprietary, and keep people from knowing you used open source. “At the very least don't advertise so someone can't find it on GitHub,” Richardson said, also strongly suggesting that designers remove the debug features and change the default identifiers on their open source hardware.
The other big key is in UEFI itself and providing secure field updates to firmware. “You really want to have firmware update in the field,” Richardson said. “The risk is someone can drop the wrong thing on the platform, such as hacked firmware or a slight variation that could brick a product by accident. The reward is if there's a bug or security hole on the platform you can patch it.”
Richardson advocated the use of the UEFI Capsule function being embraced by Intel and other organizations that allows for remote firmware updates without using third-party or OS-based utilities that could be hacked. In this model the firmware is responsible for authenticating its own updates – checking new versions of the firmware against the firmware already in place.
|UEFI Capsule Update offers several benefits for designers. (Image source: Brian Richardson / Intel)|
“If I trust the firmware then we can let the firmware be the root of trust,” Richardson said. “If you can't trust version 1 of your firmware not to be exploited you have a bigger problem than anyone can help you with.”Richardson also pointed to groups like Tianocore, a community built around the open-source implementation of UEFI, as a great resource for developers.
Ultimately it will be up to developers to decide if using open source is the right move. With the open-source hardware space growing and companies even beginning to offer open-source SoCs, it's likely that a lot more designers, particularly at the DIY and startup level, will be opting to leverage some sort of open source hardware and software to help bring their product to market. “This is the Internet of Things, not the Internet of Thing,” Richardson said. So the question for developers is then, how do you propagate over the field? It's possible, as long as everyone keeps security first in mind.
Chris Wiltz is the Managing Editor of Design News.