security(DD-020/REQ-PIX-019): hardware-first root-of-trust (SE050 + HAB) with software fallback#102
Merged
Merged
Conversation
…AB) with software fallback (sigil/relay-sec)
Research-grounded (PX4 fmu-v6xrt source) + user decision ("hardware with a
software fallback if the hardware does not provide").
BOARD (researched): NXP SE050 EdgeLock secure element on I2C4 @ 0x48
(PX4_I2C_OBDEV_SE050, power-sequenced in init.c) + i.MX RT1176 HAB secure boot
(IVT struct ivt_s carries a csf field, but CSF_ADDRESS=0/csf=0 -> default image
UNSIGNED; HAB open). Both present in HW, neither active in the stock dev build;
PX4 default crypto = sw_crypto.
DD-020 decision (two layers, each HW-first / SW-fallback):
- BOOT CHAIN: HAB (fused SRK + CSF-signed loader) as the silicon root; software
sigil-signature verify + relay-sec anti-rollback as the fallback when HAB is
open/unprovisioned. Production provisions HAB; dev runs the SW gate (reported
lower-assurance mode).
- KEY VAULT/CRYPTO: SE050 as a relay-hal I2c transport + verified driver (DD-018),
holding the verify key + relay-sec keys + attestation; software crypto backend
as fallback when SE050 absent/unhealthy. HW/SW selection REUSES DD-018
Presence/health + DD-014 health-vote (use if present+healthy, else degrade with
the downgrade LOGGED).
Honest caveat recorded: a software root is weaker (bypassable loader / no tamper
resistance) -> SW fallback is for dev/unprovisioned/degraded, NOT the certified
target; production MUST provision HW. DD-016 integrity refined as the SW-fallback
layer; REQ-PIX-019 captures the binding (sequenced after REQ-PIX-012, reuses the
embedded-hal-async I2c seam).
rivet validate (v0.18.0): PASS.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Research-grounded (PX4 fmu-v6xrt source) + the decision "hardware with a software fallback if the hardware does not provide."
Board (researched): NXP SE050 EdgeLock secure element on I2C4 @ 0x48 (
PX4_I2C_OBDEV_SE050, power-sequenced ininit.c) + i.MX RT1176 HAB secure boot (IVTstruct ivt_scarries acsffield, butCSF_ADDRESS=0/csf=0→ default image unsigned; HAB open). Both present in hardware, neither active in the stock dev build (PX4 default crypto =sw_crypto).DD-020 — two layers, each HW-first / SW-fallback:
I2ctransport + verified driver (DD-018), holding the verify key + relay-sec keys + attestation; software crypto backend = fallback when SE050 absent/unhealthy. HW/SW selection reuses the DD-018 Presence/health + DD-014 health-vote mechanism (use if present+healthy, else degrade with the downgrade logged, not silent).Honest caveat recorded: a software root is weaker (bypassable loader, no tamper resistance) → the SW fallback is for dev/unprovisioned/degraded-field, not the certified target; production must provision the hardware (burn HAB fuses, provision the SE050).
REQ-PIX-019 captures the binding (sequenced after REQ-PIX-012 — the SE050 reuses the same
embedded-hal-asyncI2c seam). DD-016's integrity section refined as the software-fallback layer under this hardware-first root.rivet validate(v0.18.0): PASS.🤖 Generated with Claude Code