{"id":48695,"date":"2025-11-10T01:40:56","date_gmt":"2025-11-10T00:40:56","guid":{"rendered":"https:\/\/www.derivaty.sk\/?p=48695"},"modified":"2025-11-10T01:40:56","modified_gmt":"2025-11-10T00:40:56","slug":"architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie","status":"publish","type":"post","link":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/","title":{"rendered":"Architekt\u00fara d\u00f4very: Implement\u00e1cia hardv\u00e9rom akcelerovanej zabezpe\u010denej boot sekvencie"},"content":{"rendered":"<h2>Pre\u010do bezpe\u010dn\u00e1 boot sekvencia rozhoduje o d\u00f4vere v autopilot<\/h2>\n<p>Autopilot je \u201emozgom\u201c UAV, ktor\u00fd riadi let, bezpe\u010dnostn\u00e9 funkcie a komunik\u00e1ciu s okol\u00edm. Ak je kompromitovan\u00fd u\u017e pri \u0161tarte, v\u0161etky \u010fal\u0161ie vrstvy ochrany str\u00e1caj\u00fa v\u00fdznam. <em>Bezpe\u010dn\u00e1 boot sekvencia<\/em> (secure boot) a <em>re\u0165azec d\u00f4very<\/em> (chain of trust) zabezpe\u010duj\u00fa, \u017ee od prv\u00e9ho in\u0161truk\u010dn\u00e9ho cyklu procesora a\u017e po nahratie aplika\u010dn\u00e9ho k\u00f3du be\u017e\u00ed iba overen\u00fd a nepozm\u011bnen\u00fd softv\u00e9r, podp\u00edsan\u00fd legit\u00edmnym vlastn\u00edkom zariadenia alebo v\u00fdrobcom.<\/p>\n<h2>Model hrozieb pre autopilot: \u010do mus\u00ed boot sekvencia odol\u00e1va\u0165<\/h2>\n<ul>\n<li><strong>Trval\u00e9 kompromit\u00e1cie:<\/strong> vlo\u017eenie \u0161kodliv\u00e9ho bootloaderu, implanty v pam\u00e4ti Flash, manipul\u00e1cia s boot konfigur\u00e1ciou.<\/li>\n<li><strong>\u00datoky cez OTA (over-the-air) aktualiz\u00e1cie:<\/strong> podvrhnut\u00e9 firmware bal\u00edky, downgrade na zranite\u013en\u00fa verziu.<\/li>\n<li><strong>Fyzick\u00e9 z\u00e1sahy:<\/strong> priamy pr\u00edstup k debug rozhraniam (JTAG\/SWD), glitching (nap\u00e4\u0165ov\u00e9\/\u010dasov\u00e9), fault injection, side-channel anal\u00fdzy.<\/li>\n<li><strong>Supply-chain rizik\u00e1:<\/strong> kompromitovan\u00e9 komponenty, klonovan\u00e9 bezpe\u010dnostn\u00e9 \u010dipy, nespo\u013eahliv\u00e9 k\u013e\u00fa\u010dov\u00e9 materi\u00e1ly.<\/li>\n<li><strong>Medzi-dom\u00e9nov\u00e9 \u00fatoky:<\/strong> preniknutie z payloadu (napr. kamery so syst\u00e9mom Linux) do riadiacej avioniky.<\/li>\n<\/ul>\n<h2>Princ\u00edpy bezpe\u010dn\u00e9ho \u0161tartu: kore\u0148 d\u00f4very a kryptografick\u00e9 podpisy<\/h2>\n<p>Secure boot stoj\u00ed na <em>koren\u00ed d\u00f4very<\/em> (Root of Trust, RoT), ktor\u00fd obsahuje alebo ochra\u0148uje kryptografick\u00e9 k\u013e\u00fa\u010de na verifik\u00e1ciu \u010fal\u0161ej f\u00e1zy. Ka\u017ed\u00e1 f\u00e1za over\u00ed integritu a p\u00f4vod nasleduj\u00facej, \u010d\u00edm vznik\u00e1 <em>re\u0165azec d\u00f4very<\/em> a\u017e po aplik\u00e1ciu:<\/p>\n<ol>\n<li><strong>ROM Boot (immutable):<\/strong> mal\u00fd k\u00f3d v maskovanej ROM MCU\/SoC. Obsahuje verejn\u00fd k\u013e\u00fa\u010d v\u00fdrobcu alebo hash \u201epublic key hash\u201c (PKH).<\/li>\n<li><strong>Prv\u00fd-stup\u0148ov\u00fd bootloader (FSBL):<\/strong> podp\u00edsan\u00fd v\u00fdrobcom HW alebo platformy; inicializuje pam\u00e4te, hodiny, perif\u00e9rie, autentizuje druh\u00fd stupe\u0148.<\/li>\n<li><strong>Druh\u00fd-stup\u0148ov\u00fd bootloader (SSBL):<\/strong> vlastn\u00edk zariadenia\/oper\u00e1tor; rie\u0161i v\u00fdber partici\u00ed, \u201eA\/B\u201c sloty a na\u010d\u00edtanie OS\/RTOS jadra.<\/li>\n<li><strong>Jadro\/Hypervisor\/RTOS:<\/strong> verifikovan\u00e9 pred spusten\u00edm; aktivuje izol\u00e1cie (MPU\/MMU), SELinux\/AppArmor (ak Linux), pr\u00edpadne unikernelov\u00e9 prostredia.<\/li>\n<li><strong>Autopilot aplik\u00e1cia a kni\u017enice:<\/strong> posledn\u00e9 \u010dl\u00e1nky re\u0165azca; validovan\u00e9 cez podpisy a politiky verzi\u00ed.<\/li>\n<\/ol>\n<p>Na \u00farovni kryptografie sa pou\u017e\u00edva <em>digit\u00e1lne podpisovanie<\/em> (ECDSA\/EdDSA, pr\u00edpadne RSA) s <em>verifik\u00e1ciou hashov<\/em> (SHA-256\/384). K\u013e\u00fa\u010dov\u00e9 je spr\u00e1vne riadenie k\u013e\u00fa\u010dov a ochrana pred downgrade.<\/p>\n<h2>Meran\u00fd \u0161tart (Measured Boot) a atest\u00e1cia integrity<\/h2>\n<p><em>Measured boot<\/em> roz\u0161iruje secure boot o <em>telemetriu d\u00f4very<\/em>: ka\u017ed\u00e1 f\u00e1za nielen verifikuje \u010fal\u0161iu, ale aj <em>meria<\/em> (hashuje) sp\u00fa\u0161\u0165an\u00e9 bin\u00e1rky a uklad\u00e1 odtla\u010dky do bezpe\u010dn\u00e9ho \u00falo\u017eiska (TPM\/TEE\/SE). N\u00e1sledne je mo\u017en\u00e9 vykona\u0165:<\/p>\n<ul>\n<li><strong>Lok\u00e1lnu politiku:<\/strong> spustenie autopilota iba ak nameran\u00e9 hodnoty zodpovedaj\u00fa povolen\u00fdm profilom (\u201eallowlist\u201c).<\/li>\n<li><strong>Vzdialen\u00fa atest\u00e1ciu:<\/strong> GCS \u010di flotilov\u00fd mana\u017e\u00e9r si vy\u017eiada podp\u00edsan\u00fd report \u2013 autopilot preuk\u00e1\u017ee, \u010do skuto\u010dne be\u017e\u00ed, e\u0161te pred povolen\u00edm arm\/disarm.<\/li>\n<\/ul>\n<h2>Komponenty kore\u0148a d\u00f4very: TEE, TPM a Secure Element<\/h2>\n<ul>\n<li><strong>Secure Element (SE):<\/strong> samostatn\u00fd \u010dip s ochrann\u00fdmi vrstvami; chr\u00e1ni priv\u00e1tne k\u013e\u00fa\u010de, vykon\u00e1va podpisy a dr\u017e\u00ed monot\u00f3nne \u010d\u00edta\u010de.<\/li>\n<li><strong>TPM 2.0\/firmware TPM:<\/strong> poskytuje PCR registre pre meranie bootu, k\u013e\u00fa\u010dov\u00fd mana\u017ement a atest\u00e1ciu. V embedded sf\u00e9re \u010dasto ako integrovan\u00e1 perif\u00e9ria.<\/li>\n<li><strong>TEE\/TrustZone:<\/strong> rozdelenie na \u201esecure world\u201c a \u201enormal world\u201c. Secure world vykon\u00e1va kryptografiu a boot logiku; normal world nem\u00e1 pr\u00edstup k tajomstv\u00e1m.<\/li>\n<\/ul>\n<h2>Politika k\u013e\u00fa\u010dov: hierarchia, rot\u00e1cia a deleg\u00e1cia<\/h2>\n<p>Bez k\u013e\u00fa\u010dovej politiky secure boot r\u00fdchlo zastar\u00e1. Odpor\u00fa\u010dan\u00e1 hierarchia:<\/p>\n<ul>\n<li><strong>Root Signing Key (RSK):<\/strong> najvy\u0161\u0161ia autorita; ulo\u017een\u00e1 offline (HSM), pou\u017e\u00edva sa iba na podpisovanie \u201eintermediate\u201c k\u013e\u00fa\u010dov.<\/li>\n<li><strong>Platform\/Boot Signing Key (BSK):<\/strong> podpisuje FSBL\/SSBL. Rotovate\u013en\u00fd cez \u201ekey-roll\u201c mechanizmus s prechodn\u00fdm obdob\u00edm, kedy zariadenie d\u00f4veruje star\u00e9mu aj nov\u00e9mu k\u013e\u00fa\u010du.<\/li>\n<li><strong>Application Signing Keys (ASK):<\/strong> pre autopilot a moduly (nav, komunika\u010dn\u00e9 stacky). M\u00f4\u017ee existova\u0165 viac dom\u00e9n (v\u00fdrobca platformy vs. integr\u00e1tor).<\/li>\n<li><strong>Anti-downgrade mechanizmus:<\/strong> verzovan\u00e9 manifesty a monot\u00f3nne \u010d\u00edta\u010de v SE\/TPM, ktor\u00e9 br\u00e1nia nahratiu star\u0161ieho, zranite\u013en\u00e9ho FW.<\/li>\n<\/ul>\n<h2>Manifesty a metad\u00e1ta obrazu: \u010do sa podpisuje<\/h2>\n<p>Namiesto podpisovania samotn\u00fdch bin\u00e1rok sa be\u017ene podpisuje <em>manifest<\/em>, ktor\u00fd obsahuje:<\/p>\n<ul>\n<li>Hash obrazu (FW\/BL\/OS), verziu (semver + build \u010d\u00edslo), cie\u013eov\u00fa platformu a parameter \u201esecurity level\u201c.<\/li>\n<li>Politiky sp\u00fa\u0161\u0165ania (po\u017eadovan\u00e9 perif\u00e9rie, RAM limity, bezpe\u010dnostn\u00fd kontext, po\u017eadovan\u00e9 PCR odtla\u010dky ni\u017e\u0161\u00edch vrstiev).<\/li>\n<li>Inform\u00e1cie pre \u201eA\/B\u201c aktualiza\u010dn\u00e9 sloty a \u010dasov\u00e9 platnosti (valid-from\/valid-until pre pl\u00e1novan\u00e9 end-of-life).<\/li>\n<\/ul>\n<h2>Architekt\u00fary secure boot v praxi: RTOS vs. Linux<\/h2>\n<ul>\n<li><strong>MCU + RTOS (Cortex-M, RISC-V):<\/strong> ROM Boot s PKH \u2192 FSBL (XIP z QSPI) \u2192 verifik\u00e1cia obrazu RTOS + autopilot modulu. D\u00f4le\u017eit\u00e1 je ochrana QSPI proti z\u00e1pisu (HW write-protect) a deaktiv\u00e1cia SWD\/JTAG po v\u00fdrobn\u00fdch testoch.<\/li>\n<li><strong>SoC + Linux:<\/strong> ROM Boot \u2192 FSBL (DDR init) \u2192 U-Boot\/TF-A (SSBL) s verifik\u00e1ciou FIT\/DM \u2192 signed kernel + initramfs + signed rootfs (dm-verity). Vhodn\u00e1 je kombin\u00e1cia \u201emeasured boot\u201c s TPM a vzdialen\u00e1 atest\u00e1cia pred arm\/disarm.<\/li>\n<\/ul>\n<h2>Oddelenie dom\u00e9n: avionika vs. payload a komunika\u010dn\u00e9 subsyst\u00e9my<\/h2>\n<p>Siln\u00e9 oddelenie minimalizuje later\u00e1lny pohyb \u00fato\u010dn\u00edka:<\/p>\n<ul>\n<li><strong>Fyzik\u00e1lne oddelen\u00e9 MCU\/SoC:<\/strong> autopilot v izolovanom MCU, payload na Linuxe. Komunik\u00e1cia cez vybran\u00e9 rozhrania (UART\/CAN) s protokolmi s autentiz\u00e1ciou r\u00e1mcov.<\/li>\n<li><strong>Virtu\u00e1lna separ\u00e1cia:<\/strong> hypervisor\/micro-VM, kde autopilot be\u017e\u00ed v chr\u00e1nenej dom\u00e9ne, payload v inej; IOMMU blokuje DMA \u00fatoky.<\/li>\n<li><strong>\u0160triktn\u00e9 ACL:<\/strong> iba whitelisted spr\u00e1vy s typmi \u201enav, status, arm\/disarm\u201c. \u017diadny priamy file transfer do avioniky.<\/li>\n<\/ul>\n<h2>Obnova a \u201eA\/B\u201c slotovanie: bezpe\u010dn\u00e9 aktualiz\u00e1cie bez preru\u0161en\u00ed<\/h2>\n<p>Aktualiz\u00e1cie musia by\u0165 <em>at\u00f3mov\u00e9<\/em> a <em>reverzibiln\u00e9<\/em>:<\/p>\n<ul>\n<li><strong>A\/B sloty:<\/strong> nahr\u00e1 sa nov\u00fd obraz do neakt\u00edvneho slotu, po re\u0161tarte sa spust\u00ed sk\u00fa\u0161obn\u00e1 f\u00e1za. Ak telemetria nepotvrd\u00ed \u00faspech, bootloader sa vr\u00e1ti do slotu A.<\/li>\n<li><strong>Bezpe\u010dn\u00fd recovery m\u00f3d:<\/strong> iba s lok\u00e1lnou pr\u00edtomnos\u0165ou (fyzick\u00fd k\u013e\u00fa\u010d, proximity token) alebo s kryptografick\u00fdm schv\u00e1len\u00edm \u201ebreak-glass\u201c k\u013e\u00fa\u010dom; recovery obraz je rovnako podp\u00edsan\u00fd.<\/li>\n<li><strong>Delta OTA:<\/strong> men\u0161ie bal\u00edky, ale podpisuje sa v\u017edy <em>v\u00fdsledn\u00fd<\/em> obraz; delta sa aplikuje v sandboxe a verifikuje pred aktiv\u00e1ciou.<\/li>\n<\/ul>\n<h2>Ochrana proti downgrade a replay<\/h2>\n<ul>\n<li><strong>Verzovanie v manifeste<\/strong> + <strong>monot\u00f3nny \u010d\u00edta\u010d<\/strong> v SE\/TPM, ktor\u00fd sa inkrementuje pri ka\u017edom \u00faspe\u0161nom update.<\/li>\n<li><strong>\u010casov\u00e9 pe\u010diatky:<\/strong> ak je k dispoz\u00edcii spo\u013eahliv\u00fd \u010das (GNSS PPS + secure-time), kontrola \u201evalid-from\u201c.<\/li>\n<li><strong>Nonce pri atest\u00e1cii:<\/strong> zabra\u0148uje op\u00e4tovn\u00e9mu pou\u017eitiu star\u00fdch, platn\u00fdch reportov integrity.<\/li>\n<\/ul>\n<h2>Hardening boot f\u00e1zy: anti-tamper a anti-glitch opatrenia<\/h2>\n<ul>\n<li><strong>Deaktiv\u00e1cia debug rozhran\u00ed:<\/strong> fuse\/option bytes na trval\u00e9 uzamknutie SWD\/JTAG, oddelenie testovac\u00edch pinov.<\/li>\n<li><strong>Glitch detekcia:<\/strong> doh\u013ead nad nap\u00e4t\u00edm a hodinami (brown-out, clock monitor), randomiz\u00e1cia \u010dasovania kryptografick\u00fdch oper\u00e1ci\u00ed.<\/li>\n<li><strong>Anti-rollback poistky:<\/strong> jednosmern\u00e9 fuses s verziou bootloadera; fyzick\u00e1 pe\u010da\u0165 krytu s tamper switchom a logovan\u00edm udalost\u00ed.<\/li>\n<\/ul>\n<h2>V\u00fdber kryptografie a v\u00fdkonov\u00e9 kompromisy<\/h2>\n<p>Pre embedded autopiloty b\u00fdva kritick\u00e1 ve\u013ekos\u0165 k\u00f3du a latencia verifik\u00e1cie:<\/p>\n<ul>\n<li><strong>Podpisy:<\/strong> ECDSA P-256 alebo Ed25519 (r\u00fdchlej\u0161ie na verifik\u00e1ciu, men\u0161ie k\u013e\u00fa\u010de). RSA iba ak je po\u017eadovan\u00e1 kompatibilita.<\/li>\n<li><strong>Hash:<\/strong> SHA-256 je \u0161tandard; pri dlhom re\u0165azci alebo v\u00e4\u010d\u0161\u00edch obrazoch mo\u017en\u00e9 uva\u017eova\u0165 SHA-384.<\/li>\n<li><strong>PQC (post-quantum):<\/strong> v experiment\u00e1lnych re\u017eimoch \u201ehybridn\u00e9 podpisy\u201c (napr. Ed25519 + PQC) s oh\u013eadom na ve\u013ekos\u0165 manifestu; do produkcie a\u017e po stabiliz\u00e1cii \u0161tandardov a HW podpory.<\/li>\n<\/ul>\n<h2>Bezpe\u010dn\u00e1 konfigur\u00e1cia perif\u00e9ri\u00ed pri \u0161tarte<\/h2>\n<p>Boot f\u00e1za mus\u00ed nastavi\u0165 bezpe\u010dn\u00e9 defaulty:<\/p>\n<ul>\n<li>Vypnutie nepotrebn\u00fdch rozhran\u00ed (USB gadget, telnet\/ssh v payload dom\u00e9ne).<\/li>\n<li>MPU\/MMU pravidl\u00e1 pred na\u010d\u00edtan\u00edm aplik\u00e1ci\u00ed: k\u00f3d iba na \u010d\u00edtanie a sp\u00fa\u0161\u0165anie, d\u00e1ta bez sp\u00fa\u0161\u0165ania (W^X), z\u00e1sobn\u00edky s guard str\u00e1nkami.<\/li>\n<li>Secure boot pre spolube\u017eiace MCU (napr. komunika\u010dn\u00e9 moduly) \u2013 \u017eiadna \u201ebo\u010dn\u00e1\u201c cesta do avioniky.<\/li>\n<\/ul>\n<h2>Politiky sp\u00fa\u0161\u0165ania a autoriz\u00e1cie letov\u00fdch re\u017eimov<\/h2>\n<p>Aj po \u00faspe\u0161nom boot-e m\u00e1 ma\u0165 autopilot <em>gate<\/em> na kritick\u00e9 akcie:<\/p>\n<ul>\n<li><strong>Arming podmienky:<\/strong> platn\u00e1 atest\u00e1cia, overen\u00fd \u010das, schv\u00e1len\u00fd geofencing, bat\u00e9riov\u00e9 limity a autentizovan\u00e1 GCS.<\/li>\n<li><strong>Privilege separation:<\/strong> modul pre navig\u00e1ciu nem\u00e1 pr\u00e1vo meni\u0165 RF parametre; komunika\u010dn\u00fd stack nem\u00e1 pr\u00edstup k senzorick\u00fdm kalibr\u00e1ci\u00e1m.<\/li>\n<li><strong>Policy-as-code:<\/strong> jednoduch\u00fd, form\u00e1lne verifikovate\u013en\u00fd DSL pre rozhodovanie (napr. \u201eak PCR\u2260X \u2192 DISARM\u201c).<\/li>\n<\/ul>\n<h2>Telemetria d\u00f4very a audit<\/h2>\n<ul>\n<li><strong>Boot logy:<\/strong> podpisovan\u00e9 a timestampovan\u00e9; obsahuj\u00fa verzie, PCR odtla\u010dky, v\u00fdsledky verifik\u00e1ci\u00ed a pr\u00edpadn\u00e9 odch\u00fdlky.<\/li>\n<li><strong>Bezpe\u010dnostn\u00e9 KPI:<\/strong> % \u0161tartov s \u00faspe\u0161nou atest\u00e1ciou, po\u010det odmietnut\u00fdch OTA bal\u00edkov, \u010das verifik\u00e1cie, v\u00fdskyt tamper udalost\u00ed.<\/li>\n<li><strong>Forenzn\u00e9 z\u00e1znamy:<\/strong> pri fail-boot-e ulo\u017ei\u0165 minimalizovan\u00fd dump diagnostiky do bezpe\u010dn\u00e9ho kruhov\u00e9ho bufferu.<\/li>\n<\/ul>\n<h2>Integr\u00e1cia so syst\u00e9mami riadenia flotily a C2<\/h2>\n<p>Flotilov\u00fd mana\u017ement mus\u00ed by\u0165 <em>trust-aware<\/em>:<\/p>\n<ul>\n<li>Pred autoriz\u00e1ciou misie vy\u017eiada\u0165 atest\u00e1ciu; bez nej misia nie je nasadite\u013en\u00e1.<\/li>\n<li>Distrib\u00facia k\u013e\u00fa\u010dov a OTA cez \u201ezero-trust\u201c kan\u00e1ly (mTLS, kr\u00e1tko\u017eij\u00face tokeny, device identity via SE\/TPM attestation).<\/li>\n<li>Politiky odstavenia: ak d\u00f4jde k naru\u0161eniu integrity, zariadenie sa prepne do \u201esafe-mode\u201c s limitmi (bez vrt\u00fa\u013e, iba diagnostika a geolok\u00e1cia).<\/li>\n<\/ul>\n<h2>Testovanie a verifik\u00e1cia bezpe\u010dn\u00e9ho \u0161tartu<\/h2>\n<ul>\n<li><strong>Jednotkov\u00e9 a integra\u010dn\u00e9 testy:<\/strong> verifik\u00e1cia podpisov, zlyhania I\/O, fallback cesty A\/B, \u010dasov\u00e9 limity \u0161tartu.<\/li>\n<li><strong>Chaos\/Tamper testy:<\/strong> korupcia manifestu, neplatn\u00fd podpis, star\u0161\u00ed firmware, glitchovanie nap\u00e1jania po\u010das verifik\u00e1cie.<\/li>\n<li><strong>Penetra\u010dn\u00e9 testy:<\/strong> zameranie na debug porty, fault-injection, anal\u00fdzu SWD\/JTAG poistiek, side-channel merania pri podpisovan\u00ed.<\/li>\n<li><strong>Form\u00e1lne overovanie:<\/strong> kritick\u00e9 \u010dasti boot state machine a policy DSL m\u00f4\u017eu by\u0165 verifikovan\u00e9 model-checkingom.<\/li>\n<\/ul>\n<h2>Supply-chain zabezpe\u010denie: od v\u00fdroby po nasadenie<\/h2>\n<ul>\n<li><strong>Secure provisioning:<\/strong> v tov\u00e1rni generova\u0165 device identity (DI) v SE\/TPM, nikdy neexportova\u0165 priv\u00e1tne k\u013e\u00fa\u010de.<\/li>\n<li><strong>HSM pipeline:<\/strong> v\u0161etky podpisy FW a manifestov musia prech\u00e1dza\u0165 cez HSM s audit trailom.<\/li>\n<li><strong>Serializ\u00e1cia a traceability:<\/strong> v\u00e4zba DI \u2194 s\u00e9riov\u00e9 \u010d\u00edslo \u2194 produktov\u00e1 \u0161ar\u017ea \u2194 certifik\u00e1ty; jednoduch\u00e9 stiahnutie konkr\u00e9tnych \u0161ar\u017e\u00ed v pr\u00edpade incidentu.<\/li>\n<\/ul>\n<h2>Bezpe\u010dn\u00fd boot v kontexte proti-dronov\u00fdch syst\u00e9mov<\/h2>\n<p>Proti-dronov\u00e9 opatrenia \u010dasto cielia na <em>soft-kill<\/em> (ru\u0161enie\/klamanie). Secure boot zni\u017euje riziko \u201epreprogramovania vo vzduchu\u201c alebo aktiv\u00e1cie skryt\u00fdch re\u017eimov. Pri \u201ehard-kill\u201c sc\u00e9naroch poskytuje telemetria d\u00f4very forenzn\u00fa hodnotu a umo\u017e\u0148uje preuk\u00e1za\u0165, \u017ee platforma be\u017eala v autorizovanej konfigur\u00e1cii.<\/p>\n<h2>Check-list implement\u00e1cie (referen\u010dn\u00e9 kroky)<\/h2>\n<ol>\n<li>Vyberte RoT (SE\/TPM\/TEE) a definujte hierarchiu k\u013e\u00fa\u010dov (RSK \u2192 BSK \u2192 ASK).<\/li>\n<li>Implementujte ROM Boot s verifik\u00e1ciou FSBL (PKH v ROM, audit fuse nastaven\u00ed).<\/li>\n<li>Zave\u010fte manifesty s verziou, hashmi a anti-rollback parametrami.<\/li>\n<li>Aktivujte measured boot (PCR\/merania) a pripravte vzdialen\u00fa atest\u00e1ciu.<\/li>\n<li>Navrhnite A\/B aktualiz\u00e1cie, recovery cestu a politiku \u201ebreak-glass\u201c.<\/li>\n<li>Uzamknite debug rozhrania, nastavte MPU\/MMU a W^X politiky e\u0161te pred spusten\u00edm aplik\u00e1ci\u00ed.<\/li>\n<li>Oddelte dom\u00e9ny avioniky a payloadu; zaveste autentiz\u00e1ciu spr\u00e1v.<\/li>\n<li>Integrujte trust sign\u00e1ly do C2 a flotilov\u00e9ho mana\u017ementu (deployment gates).<\/li>\n<li>Vykonajte tamper\/glitch\/pen-testy a nastavte pravideln\u00fa rot\u00e1ciu k\u013e\u00fa\u010dov.<\/li>\n<li>Dokumentujte a auditujte: boot logy, podpisov\u00e9 oper\u00e1cie, incident response proces.<\/li>\n<\/ol>\n<p>Bezpe\u010dn\u00e1 boot sekvencia a robustn\u00fd re\u0165azec d\u00f4very s\u00fa z\u00e1kladn\u00fdmi stavebn\u00fdmi kame\u0148mi kybernetickej bezpe\u010dnosti autopilotov. Kombin\u00e1cia nemenn\u00e9ho kore\u0148a d\u00f4very, pr\u00edsnych podpisov\u00fdch polit\u00edk, meran\u00e9ho \u0161tartu s atest\u00e1ciou, bezpe\u010dn\u00fdch aktualiz\u00e1ci\u00ed a tvrd\u00fdch izola\u010dn\u00fdch mechanizmov zaru\u010duje, \u017ee autopilot vykon\u00e1va iba to, \u010do mu prev\u00e1dzkovate\u013e explicitne povolil. V prostred\u00ed zvy\u0161uj\u00facich sa hrozieb a regul\u00e1ci\u00ed je tak\u00e1to architekt\u00fara nevyhnutn\u00e1 nielen pre bezpe\u010dnos\u0165 letu, ale aj pre d\u00f4veru z\u00e1kazn\u00edkov, regul\u00e1torov a verejnosti.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Budovanie d\u00f4very od \u0161tartu: meran\u00fd boot, podpisy a attestation br\u00e1nia kompromit\u00e1cii autopilota.<\/p>\n","protected":false},"author":38,"featured_media":88695,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2629],"tags":[2533,2534,2535,2536,2537,2356,2538,2539],"class_list":["post-48695","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-drony","tag-anti-rollback","tag-attestation","tag-bezpecny-boot-a-trust-chain","tag-merana-boot-sekvencia","tag-odtlacky-fw","tag-podpisy","tag-secure-element","tag-update"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Architekt\u00fara d\u00f4very: Implement\u00e1cia hardv\u00e9rom akcelerovanej zabezpe\u010denej boot sekvencie - Podnik\u00e1m, lietam a relaxujem<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/\" \/>\n<meta property=\"og:locale\" content=\"sk_SK\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Architekt\u00fara d\u00f4very: Implement\u00e1cia hardv\u00e9rom akcelerovanej zabezpe\u010denej boot sekvencie - Podnik\u00e1m, lietam a relaxujem\" \/>\n<meta property=\"og:description\" content=\"Budovanie d\u00f4very od \u0161tartu: meran\u00fd boot, podpisy a attestation br\u00e1nia kompromit\u00e1cii autopilota.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/\" \/>\n<meta property=\"og:site_name\" content=\"Podnik\u00e1m, lietam a relaxujem\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/vrtulniky\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-10T00:40:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.vrtulniky.sk\/news\/wp-content\/uploads\/2022\/08\/vrtulniky-sk.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1400\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Luk\u00e1\u0161 Kroc\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Autor\" \/>\n\t<meta name=\"twitter:data1\" content=\"Luk\u00e1\u0161 Kroc\" \/>\n\t<meta name=\"twitter:label2\" content=\"Predpokladan\u00fd \u010das \u010d\u00edtania\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 min\u00fat\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\\\/\"},\"author\":{\"name\":\"Luk\u00e1\u0161 Kroc\",\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/#\\\/schema\\\/person\\\/cb79e77c4df94a6073f4b575fa42fadb\"},\"headline\":\"Architekt\u00fara d\u00f4very: Implement\u00e1cia hardv\u00e9rom akcelerovanej zabezpe\u010denej boot sekvencie\",\"datePublished\":\"2025-11-10T00:40:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\\\/\"},\"wordCount\":1960,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/vzdelavanie-vysoka-skola-8695.jpg\",\"keywords\":[\"anti-rollback\",\"attestation\",\"bezpe\u010dn\u00fd boot a trust chain\",\"meran\u00e1 boot sekvencia\",\"odtla\u010dky FW\",\"podpisy\",\"secure element\",\"update\"],\"articleSection\":[\"Drony\"],\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\\\/\",\"url\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\\\/\",\"name\":\"Architekt\u00fara d\u00f4very: Implement\u00e1cia hardv\u00e9rom akcelerovanej zabezpe\u010denej boot sekvencie - Podnik\u00e1m, lietam a relaxujem\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/vzdelavanie-vysoka-skola-8695.jpg\",\"datePublished\":\"2025-11-10T00:40:56+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\\\/#breadcrumb\"},\"inLanguage\":\"sk-SK\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"sk-SK\",\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/vzdelavanie-vysoka-skola-8695.jpg\",\"contentUrl\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/wp-content\\\/uploads\\\/2025\\\/12\\\/vzdelavanie-vysoka-skola-8695.jpg\",\"width\":1536,\"height\":1024,\"caption\":\"Architekt\u00fara d\u00f4very: Implement\u00e1cia hardv\u00e9rom akcelerovanej zabezpe\u010denej boot sekvencie\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Architekt\u00fara d\u00f4very: Implement\u00e1cia hardv\u00e9rom akcelerovanej zabezpe\u010denej boot sekvencie\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/#website\",\"url\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/\",\"name\":\"Podnik\u00e1m, lietam a relaxujem\",\"description\":\"Vrtu\u013en\u00edky.sk\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"sk-SK\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/#organization\",\"name\":\"Podnik\u00e1m, lietam a relaxujem\",\"url\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"sk-SK\",\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/news-vrtulniky-sk-logo-e1660318023553.png\",\"contentUrl\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/wp-content\\\/uploads\\\/2022\\\/08\\\/news-vrtulniky-sk-logo-e1660318023553.png\",\"width\":201,\"height\":200,\"caption\":\"Podnik\u00e1m, lietam a relaxujem\"},\"image\":{\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/vrtulniky\\\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/#\\\/schema\\\/person\\\/cb79e77c4df94a6073f4b575fa42fadb\",\"name\":\"Luk\u00e1\u0161 Kroc\",\"url\":\"https:\\\/\\\/www.vrtulniky.sk\\\/news\\\/author\\\/lukas-kroc\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Architekt\u00fara d\u00f4very: Implement\u00e1cia hardv\u00e9rom akcelerovanej zabezpe\u010denej boot sekvencie - Podnik\u00e1m, lietam a relaxujem","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/","og_locale":"sk_SK","og_type":"article","og_title":"Architekt\u00fara d\u00f4very: Implement\u00e1cia hardv\u00e9rom akcelerovanej zabezpe\u010denej boot sekvencie - Podnik\u00e1m, lietam a relaxujem","og_description":"Budovanie d\u00f4very od \u0161tartu: meran\u00fd boot, podpisy a attestation br\u00e1nia kompromit\u00e1cii autopilota.","og_url":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/","og_site_name":"Podnik\u00e1m, lietam a relaxujem","article_publisher":"https:\/\/www.facebook.com\/vrtulniky\/","article_published_time":"2025-11-10T00:40:56+00:00","og_image":[{"width":1400,"height":900,"url":"https:\/\/www.vrtulniky.sk\/news\/wp-content\/uploads\/2022\/08\/vrtulniky-sk.jpg","type":"image\/jpeg"}],"author":"Luk\u00e1\u0161 Kroc","twitter_card":"summary_large_image","twitter_misc":{"Autor":"Luk\u00e1\u0161 Kroc","Predpokladan\u00fd \u010das \u010d\u00edtania":"10 min\u00fat"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/#article","isPartOf":{"@id":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/"},"author":{"name":"Luk\u00e1\u0161 Kroc","@id":"https:\/\/www.vrtulniky.sk\/news\/#\/schema\/person\/cb79e77c4df94a6073f4b575fa42fadb"},"headline":"Architekt\u00fara d\u00f4very: Implement\u00e1cia hardv\u00e9rom akcelerovanej zabezpe\u010denej boot sekvencie","datePublished":"2025-11-10T00:40:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/"},"wordCount":1960,"commentCount":0,"publisher":{"@id":"https:\/\/www.vrtulniky.sk\/news\/#organization"},"image":{"@id":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/#primaryimage"},"thumbnailUrl":"https:\/\/www.vrtulniky.sk\/news\/wp-content\/uploads\/2025\/12\/vzdelavanie-vysoka-skola-8695.jpg","keywords":["anti-rollback","attestation","bezpe\u010dn\u00fd boot a trust chain","meran\u00e1 boot sekvencia","odtla\u010dky FW","podpisy","secure element","update"],"articleSection":["Drony"],"inLanguage":"sk-SK","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/","url":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/","name":"Architekt\u00fara d\u00f4very: Implement\u00e1cia hardv\u00e9rom akcelerovanej zabezpe\u010denej boot sekvencie - Podnik\u00e1m, lietam a relaxujem","isPartOf":{"@id":"https:\/\/www.vrtulniky.sk\/news\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/#primaryimage"},"image":{"@id":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/#primaryimage"},"thumbnailUrl":"https:\/\/www.vrtulniky.sk\/news\/wp-content\/uploads\/2025\/12\/vzdelavanie-vysoka-skola-8695.jpg","datePublished":"2025-11-10T00:40:56+00:00","breadcrumb":{"@id":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/#breadcrumb"},"inLanguage":"sk-SK","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/"]}]},{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/#primaryimage","url":"https:\/\/www.vrtulniky.sk\/news\/wp-content\/uploads\/2025\/12\/vzdelavanie-vysoka-skola-8695.jpg","contentUrl":"https:\/\/www.vrtulniky.sk\/news\/wp-content\/uploads\/2025\/12\/vzdelavanie-vysoka-skola-8695.jpg","width":1536,"height":1024,"caption":"Architekt\u00fara d\u00f4very: Implement\u00e1cia hardv\u00e9rom akcelerovanej zabezpe\u010denej boot sekvencie"},{"@type":"BreadcrumbList","@id":"https:\/\/www.vrtulniky.sk\/news\/architektura-dovery-implementacia-hardverom-akcelerovanej-zabezpecenej-boot-sekvencie\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.vrtulniky.sk\/news\/"},{"@type":"ListItem","position":2,"name":"Architekt\u00fara d\u00f4very: Implement\u00e1cia hardv\u00e9rom akcelerovanej zabezpe\u010denej boot sekvencie"}]},{"@type":"WebSite","@id":"https:\/\/www.vrtulniky.sk\/news\/#website","url":"https:\/\/www.vrtulniky.sk\/news\/","name":"Podnik\u00e1m, lietam a relaxujem","description":"Vrtu\u013en\u00edky.sk","publisher":{"@id":"https:\/\/www.vrtulniky.sk\/news\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.vrtulniky.sk\/news\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"sk-SK"},{"@type":"Organization","@id":"https:\/\/www.vrtulniky.sk\/news\/#organization","name":"Podnik\u00e1m, lietam a relaxujem","url":"https:\/\/www.vrtulniky.sk\/news\/","logo":{"@type":"ImageObject","inLanguage":"sk-SK","@id":"https:\/\/www.vrtulniky.sk\/news\/#\/schema\/logo\/image\/","url":"https:\/\/www.vrtulniky.sk\/news\/wp-content\/uploads\/2022\/08\/news-vrtulniky-sk-logo-e1660318023553.png","contentUrl":"https:\/\/www.vrtulniky.sk\/news\/wp-content\/uploads\/2022\/08\/news-vrtulniky-sk-logo-e1660318023553.png","width":201,"height":200,"caption":"Podnik\u00e1m, lietam a relaxujem"},"image":{"@id":"https:\/\/www.vrtulniky.sk\/news\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/vrtulniky\/"]},{"@type":"Person","@id":"https:\/\/www.vrtulniky.sk\/news\/#\/schema\/person\/cb79e77c4df94a6073f4b575fa42fadb","name":"Luk\u00e1\u0161 Kroc","url":"https:\/\/www.vrtulniky.sk\/news\/author\/lukas-kroc\/"}]}},"_links":{"self":[{"href":"https:\/\/www.vrtulniky.sk\/news\/wp-json\/wp\/v2\/posts\/48695","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vrtulniky.sk\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vrtulniky.sk\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vrtulniky.sk\/news\/wp-json\/wp\/v2\/users\/38"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vrtulniky.sk\/news\/wp-json\/wp\/v2\/comments?post=48695"}],"version-history":[{"count":0,"href":"https:\/\/www.vrtulniky.sk\/news\/wp-json\/wp\/v2\/posts\/48695\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.vrtulniky.sk\/news\/wp-json\/wp\/v2\/media\/88695"}],"wp:attachment":[{"href":"https:\/\/www.vrtulniky.sk\/news\/wp-json\/wp\/v2\/media?parent=48695"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vrtulniky.sk\/news\/wp-json\/wp\/v2\/categories?post=48695"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vrtulniky.sk\/news\/wp-json\/wp\/v2\/tags?post=48695"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}