This proposal has been approved and the Eclipse Heimlig project has been created.
Visit the project page for the latest information and development.

Eclipse Heimlig

Tuesday, February 28, 2023 - 10:22 by Marco Langerwisch
This proposal is in the Project Proposal Phase (as defined in the Eclipse Development Process) and is written to declare its intent and scope. We solicit additional participation and input from the community. Please login and add your feedback in the comments section.
Project
Parent Project
Proposal State
Created
Background

Copyright is owned by Accenture PLC.

Scope

Eclipse Heimlig is a Hardware Security Module (HSM) firmware for embedded platforms written in Rust.

As an HSM, Eclipse Heimlig typically runs on dedicated hardware and provides cryptographic services to clients running on other cores. These include:

  • Generation and secure storage of cryptographic keys.
  • Key use (encryption, decryption, signing, verification) without revealing key material to the client.
  • Generation of cryptographically secure random numbers (CSPRNG).

All elements will be developed in Rust, which brings major advantages in terms of security, efficiency, and reliability.

Description

Eclipse Heimlig is a Hardware Security Module (HSM) firmware for embedded platforms written in Rust.

As an HSM, Eclipse Heimlig typically runs on dedicated hardware and provides cryptographic services to clients running on other cores. These include:

  • Generation and secure storage of cryptographic keys.
  • Key use (encryption, decryption, signing, verification) without revealing key material to the client.
  • Generation of cryptographically secure random numbers (CSPRNG).

Eclipse Heimlig implements common cryptographic algorithms:

  • Symmetric encryption and decryption (AES-CBC, AES-GCM, AES-CCM, Chacha20Poly1305)
  • Signing and verification (ECDSA)
  • Key exchange (ECDH)
  • Hashing (SHA-2, SHA-3, BLAKE3)
  • Random number generation (ChaCha20Rng)
Why Here?

Encryption happens on multiple ECU's inside a vehicle. Having an HSM written in Rust can be of huge advantage and broad acceptance by the SDV development community.

Applying Open Source components in the security domain provides additional credibility of the code itself.

Future Work

Current limitations and hence open points for future work include:

  • Most cryptographic algorithms are implemented in software only, therefore make more use of hardware encryption
  • Asynchronous operation
  • The code should be independently audited by security experts.
Project Scheduling

First build already available (MVP)

Project Leads
Committers
Norbert Fabritius (This committer does not have an Eclipse Account)
Interested Parties

Some German OEMs

Initial Contribution

An example implementation is available for the STM32H745XI discovery board as well as for Linux (for development).

Source Repository Type