Creation Review

Type
Creation
State
Successful
End Date of the Review Period

Reviews run for a minimum of one week. The outcome of the review is decided on this date. This is the last day to make comments or ask questions about this review.

Project
Eclipse Heimlig
Proposal

Eclipse Heimlig

Tuesday, February 28, 2023 - 10:22 by Marco Langerwisch
Basics
This proposal is in the Project Proposal Phase (as defined in the Eclipse Development Process) and is written to declare its intent and scope. We solicit additional participation and input from the community. Please login and add your feedback in the comments section.
Project
Eclipse Heimlig
Parent Project
Eclipse Automotive
Working Group
Eclipse Software Defined Vehicle
Proposal State
Created
Background

Copyright is owned by Accenture PLC.

Scope

Eclipse Heimlig is a Hardware Security Module (HSM) firmware for embedded platforms written in Rust.

As an HSM, Eclipse Heimlig typically runs on dedicated hardware and provides cryptographic services to clients running on other cores. These include:

  • Generation and secure storage of cryptographic keys.
  • Key use (encryption, decryption, signing, verification) without revealing key material to the client.
  • Generation of cryptographically secure random numbers (CSPRNG).

All elements will be developed in Rust, which brings major advantages in terms of security, efficiency, and reliability.

Description

Eclipse Heimlig is a Hardware Security Module (HSM) firmware for embedded platforms written in Rust.

As an HSM, Eclipse Heimlig typically runs on dedicated hardware and provides cryptographic services to clients running on other cores. These include:

  • Generation and secure storage of cryptographic keys.
  • Key use (encryption, decryption, signing, verification) without revealing key material to the client.
  • Generation of cryptographically secure random numbers (CSPRNG).

Eclipse Heimlig implements common cryptographic algorithms:

  • Symmetric encryption and decryption (AES-CBC, AES-GCM, AES-CCM, Chacha20Poly1305)
  • Signing and verification (ECDSA)
  • Key exchange (ECDH)
  • Hashing (SHA-2, SHA-3, BLAKE3)
  • Random number generation (ChaCha20Rng)
Licenses
Apache License, Version 2.0
The MIT License (MIT)
Why Here?

Encryption happens on multiple ECU's inside a vehicle. Having an HSM written in Rust can be of huge advantage and broad acceptance by the SDV development community.

Applying Open Source components in the security domain provides additional credibility of the code itself.

Future Work

Current limitations and hence open points for future work include:

  • Most cryptographic algorithms are implemented in software only, therefore make more use of hardware encryption
  • Asynchronous operation
  • The code should be independently audited by security experts.
Project Scheduling

First build already available (MVP)

People
Project Leads
Norbert Fabritius
Committers
Norbert Fabritius (This committer does not have an Eclipse Account)
Jan Bruckner
Ruslan Piasetskyi
Mentors
Gunnar Wagenknecht
Interested Parties

Some German OEMs

Source Code
Initial Contribution

An example implementation is available for the STM32H745XI discovery board as well as for Linux (for development).

Source Repository Type
GitHub