Firmware-based trusted platform module for arm processor architectures and trustzone security extensions

Abstract

A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.

Description

BACKGROUND[0001]1. Technical Field[0002]A “Firmware-Based TPM” or “fTPM” provides various techniques for using hardware such as the ARM® architecture's TrustZone™ extensions and security primitives to provide secure execution isolation for a Trusted Platform Module (TPM) within a “firmware-based TPM” that can be implemented within devices using existing ARM®-based processor architectures or similar hardware.[0003]2. Background Art[0004]As is well known to those skilled in the art, a conventional Trusted Platform Module (TPM) is a hardware device or “chip” that provides a secure crypto-processor. More specifically, a typical TPM chip generally offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. It also includes capabilities such as “remote attestation” and sealed storage. Remote attestation is intended to create a practically unforgeable hash key summary of a particular hardware and ...

AI Technical Summary

Benefits of technology

[0015]Once instantiated, the Firmware-Based TPM then uses existing ARM®-based architectures and TrustZone™ extensions to enable execution isolation for ensuring code and data integrity and confidentiality and the isolation of cryptographic operations (and storage) from access by the “Normal World” via a firmware-based “virtual dedicated security processor”. In other words, the fTPM described herein is read from system firmware (or other source) and placed into protected memory and uses the ARM® architecture's TrustZone™ extensions and security primitives to provide secure execution isolation within a “firmware-based TPM” that can be implemented within existing ARM®-based architectures and thus the devices based on such architectures without requiring hardware modifications to existing devices.

[0016]Consequently, one advantage of the Firmware-Based TPM is that it uses existing ARM® TrustZone™ exte

Problems solved by technology

More specifically, a typical TPM chip generally offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator.

However even when a TPM chip is used, keys are still vulnerable once exposed by the TPM chip to applications, as has been illustrated in the case of a conventional cold boot attack.

Unfortunately, such solutions face several challenges.

For example, integrating TPM chips into a typical motherboard design results in an increased bill of materials (BOM) cost in the order of about $1 to $2 per system.

However, even such relatively low per-device costs can add to a very large total considering the tremendous volume of computing devices being manufactured around the world.

Another challenge often associated with conventional TPM chips is that discrete TPMs are generally not optimized for energy efficiency, and can impact the power budget for low-power systems (e.g., portable computing devices, PDA's, tablets, netbooks, mobile phones, etc.).

Further, due to BOM constraints, discrete TPM chips are often implemented with relatively slow (and thus low cost) processors which negatively impacts or potentially prevents certain usage scenarios.

Consequently, because TPMs are generally considered to be optional system components, the additional

Images