SECUREBOARD1.0 implement only a subset of requirements for TLS13 server.
The most notable restrictions are:
The only cipher suite supported is TLS_CHACHA20_POLY1305_SHA256.
The only supported signature algorithm is ECDSA_SHA256 over the prime256v1.
All handshake messages (except Certificate) are restricted to 475 bytes.
Client Certificates within the Certificate message are restricted to 475 bytes (for each certificate separately).
Clients must support and offer the proprietary extension micro-fragmentation (This repository provides an openssl implementation).
This repository contains an openssl as submodule call
git submodule update --init --recursive
git submodule sync
after clone/checkout.
The following libraries are required:
- libevdev-dev
- libudev-dev
- libconfig-dev
- libhidapi-dev
The project should compile with gcc versions 4.9 and later. gcc 4.8.1 does not work (see
The simplest way to build the project is to call
to produce binaries in .build
. See the script it self for details.
The trust chain is defined as follows:
Cherry Secure Board CA -> Theobroma Systems Production Certificate -> SECUREBOARD Device Certificate
The certificates (public part) are maintained and published at
After downloading/updating your local copy. Prepare it for use with openssl:
c_rehash <path-to-ca>
Also verify the fingerprint of
:$ openssl x509 -noout -fingerprint -sha256 -inform pem -in SecureboardRootCA.pem SHA256 Fingerprint=2E:1E:CB:35:76:EF:D4:AF:77:0C:91:0B:C3:48:00:9B: \ F7:BF:E2:1C:DB:EC:41:08:8D:6B:28:94:13:6C:38:BE $ openssl x509 -noout -fingerprint -sha1 -inform pem -in SecureboardRootCA.pem SHA1 Fingerprint=88:A0:59:94:FD:E8:EE:D0:C9:24:EA:A0:F1:F5:01:24:64:E2:B9:D1
This trust chain can only be used to verify that the device genuineness, and for device personalizing.
To allow to operate in Secure Keyboard Mode a User Certificate and User Key must be loaded into the device.
Thus step must be executed in a Secure Environment (e.g.: offline PC).
sb-relayd is a service the relays TLS1.3 records between secure boards and libsecureboard. It has to be started after the SECUREBOARD 1.0 is connected. Systemd and udev rules are provided in this repository.
The following files need to be installed at the proper locations to work with systemd/udev:
/lib/systemd/system/[email protected]
After installing the files and reload the rules:
sudo systemctl daemon-reload
sudo udevadm control --reload-rules
sudo udevadm trigger
and after reconnecting a SECUREBOARD 1.0 the a service should show up:
# sudo systemctl | grep SECUREBOARD
[email protected] loaded active running "SECUREBOARD 1.0 Relay Daemon 00000002JS0405948N5LI0OTHA"
With its abstract namespace socket:
$ netstat -lnp | grep SECUREBOARD
unix 2 [ ACC ] STREAM LISTENING 42128 - @SECUREBOARD1.0-00000002JS0405948N5LI0OTHA
Once the relay daemon is running, the secure keyboard mode can be activated with (see /sb-tool -h for further options):
sudo <path-to>/sb-tool --ca-dir <path-to-ca> -u @SECUREBOARD1.0-<device-serial>
or, to enable SKM Linux OS binding, by:
sudo <path-to>/sb-tool --ca-dir <path-to-ca> -u @SECUREBOARD1.0-<device-serial> --evdev
Note: The SECUREBOARD 1.0 needs to be personalized for the commands above to work. See Below
User Certificate must be an X509 Version 3 Certificate
The size of the DER encoded certificate must no exeed 572 bytes.
Example to cCreate a Root CA (Keep subject short to to fit into the 572 limit):
export CADIR=<path-to-your-ca>
export KEYDIR=<path-to-a-secure-storage>
export CONFIGFILE=<path-to-openssl.cnf>
export USER_DEVICE_ROOT_CA=device_root_ca
openssl req -days 3650 -config $CONFIGFILE -sha256 -new -x509 \
-newkey ec:<(openssl ecparam -name prime256v1) \
-subj "/C=AT/O=User Company/CN=SB Root" \
c_rehash $CADIR
If you have multiple SECUREBOARD 1.0 you can reuse the Root CA for multiple devices.
Example; Create and sign a Device Certificate (Keep subject short to to fit into the 572 limit):
export TMPDIR=/tmp
export USER_DEVICE=device01
openssl req -config $CONFIGFILE -sha256 -new \
-newkey ec:<(openssl ecparam -name prime256v1) \
-subj "/C=AT/O=User Company/CN=$USER_DEVICE" \
-keyout $USER_DEVICE-key.pem -out $USER_DEVICE-csr.pem
openssl x509 -sha256 -days 3650 -req -in $USER_DEVICE-csr.pem \
-extfile $(dirname $CONFIGFILE)/production.ext \
-CAcreateserial -out $USER_DEVICE.der --outform DER
# certificate signing request is no longer required
If you have more than one SECUREBOARD 1.0 it is highly recommended to create a unique certificate for each device you own.
After creating the Certificates they have to be uploaded to the Device:
# Assuming sb-relayd is running in default configuration
sb-tool \
-u @SECUREBOARD1.0-<device-serial> \
--ca-dir <path-to-secureboard-ca> \
--user-cert $TMPDIR/$USER_DEVICE.der \
--user-priv-key $TMPDIR/$USER_DEVICE-key.pem
# Certificate and key are no longer required
The size of the DER encoded certificate must no exceed 475 bytes. This applies to each certificate in the chain (including the root certificate).
If you use the root CA also for client certificates (which is possible), the 475 byte restriction also applies to the root CA.
Once a root CA is initialized with a fingerprint the device requests a client certificate when connecting not using a PSK session. The client must send the complete certificate chain and starting with the client certificate (use a --ca-dir with a directory containing all certificates in the chain). The secure board verifies the signature of each certificate sent in the chain.
A connection is accepted if:
The signature of each item in the chain can be verified with the public key of the following item in the chain (see TLS13 Certificate).
The fingerprint (sha256 of the DER encoded certificate) of the last item in the chain matches the fingerprint of the root CA. This certificate may or may not be self signed.
The client can proof that it posses the private key of the client certificate by generating a valid signature of the handshake traffic (see TLS13 CertificateVerify).
Notes on client certificates:
The devices memory and computation power is restricted. The following limitations apply:
The DER encoded size of each certificate in the chain must not exceed 475 bytes. Especially when using Verision 3 certificated this can oppose a limitation. Secure board accepts Version 3 certificates, but does NOT ENCFORCE them.
To print the size of the DER encoded certificate the following CLI can be used:
openssl x509 -in <certificate> -out - -outform DER | wc -c
Signature Verification takes about 2 seconds per signature. This can significantly increase handshake time when using longer chains.
When reconnecting using PSK sessions (-s), no certificates are sent and verified at all. Use them to speed up handshake significantly.
Generate the root CA (Especially when using longer subjects, verify the certificate length). Use the same commands as for the Device Certificate root CA. You may even use the Device Certificate Root CA to sign you client certificates.
Generate one or more Client Certificates signed by the root ca:
export CLIENT_NAME=bob cd $CADIR openssl req -config $CONFIGFILE -sha256 -new \ -newkey ec:<(openssl ecparam -name prime256v1) \ -subj "/C=AT/O=User Company/CN=$CLIENT_NAME" \ -keyout $KEYDIR/$CLIENT_NAME-key.pem -out $CLIENT_NAME-csr.pem openssl x509 -sha256 -days 365 -req \ -in $CLIENT_NAME-csr.pem -CA $CADIR/$USER_DEVICE_ROOT_CA.pem \ -CAkey $KEYDIR/$USER_DEVICE_ROOT_CA-key.pem \ -extfile $(dirname $CONFIGFILE)/device.ext \ -CAcreateserial -out $CADIR/$CLIENT_NAME.pem rm $CLIENT_NAME-csr.pem c_rehash $CADIR
# Note, that since the CA has already been provisioned into the
# SECUREBOARD 1.0 # the --ca-dir option changed.
sb-tool \
-u @SECUREBOARD1.0-<device-serial> \
--ca-dir $CADIR \
--user-root-ca $CADIR/$USER_DEVICE_ROOT_CA.pem
- Extend sb-relayd to support non abstract AF_UNIT sockets