Firmware-based trusted platform module for arm processor architectures and trustzone security extensions

Abstract

A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.

Description

BACKGROUND[0001]1. Technical Field[0002]A “Firmware-Based TPM” or “fTPM” provides various techniques for using hardware such as the ARM® architecture's TrustZone™ extensions and security primitives to provide secure execution isolation for a Trusted Platform Module (TPM) within a “firmware-based TPM” that can be implemented within devices using existing ARM®-based processor architectures or similar hardware.[0003]2. Background Art[0004]As is well known to those skilled in the art, a conventional Trusted Platform Module (TPM) is a hardware device or “chip” that provides a secure crypto-processor. More specifically, a typical TPM chip generally offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. It also includes capabilities such as “remote attestation” and sealed storage. Remote attestation is intended to create a practically unforgeable hash key summary of a particular hardware and ...

AI Technical Summary

Benefits of technology

The patent describes a way to implement a trusted execution environment (TPM) in computing devices without the need for a hardware TPM module. This is achieved by using existing hardware architectures and security extensions, allowing for a wide range of TPM usage scenarios across different devices. The "fTPM" reduces costs associated with the inclusion of a TPM by providing a software interface to the security extension functionality, while also lowering power consumption and achieving execution isolation for ensuring code and data integrity. By leveraging existing features and capabilities, the "fTPM" enables TPM ubiquity across multiple SoC platforms without requiring hardware modifications.

Problems solved by technology

More specifically, a typical TPM chip generally offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator.

However even when a TPM chip is used, keys are still vulnerable once exposed by the TPM chip to applications, as has been illustrated in the case of a conventional cold boot attack.

Unfortunately, such solutions face several challenges.

For example, integrating TPM chips into a typical motherboard design results in an increased bill of materials (BOM) cost in the order of about $1 to $2 per system.

However, even such relatively low per-device costs can add to a very large total considering the tremendous volume of computing devices being manufactured around the world.

Another challenge often associated with conventional TPM chips is that discrete TPMs are generally not optimized for energy efficiency, and can impact the power budget for low-power systems (e.g., portable computing devices, PDA's, tablets, netbooks, mobile phones, etc.).

Further, due to BOM constraints, discrete TPM chips are often implemented with relatively slow (and thus low cost) processors which negatively impacts or potentially prevents certain usage scenarios.

Consequently, because TPMs are generally considered to be optional system components, the additional monetary and power costs for including a discrete TPM in a system often leads to the exclusion of such devices during the manufacturing process.

TPMs are therefore not ubiquitous which makes it difficult for software or operating system developers to invest substantial resources in broad TPM usage scenarios.

Another issue affecting broad TPM usage scenarios is that many conventional discrete TPMs are not compatible with some form factors (e.g., phones, PDA's, tablets, etc.).

In fact, many conventional devices such as mobile phones and tablet type computers don't generally use discrete TPMs, and in some cases may not have the appropriate interconnects (e.g., an LPC bus) to support the use of discrete TPMs with the system-on-a-chip (SoC) driving devices such as phones or tablets.

Unfortunately, the TPM's broad adoption has met resistance due to a number of reasons, including, for example, the additional Bill of Materials (BOM) cost of adding a discrete TPM component to the motherboard, the cost and time of redesigning a particular device to provide the appropriate interface for connecting or adding a TPM to such devices, etc.

Unfortunately, both of these approaches incur additional cost to the system.

TrustZone™, however, is a nearly ubiquitous feature across the broad set of high-end ARM® SoC roadmaps but remains largely unused.

Images