1. Technical Field
A “Firmware-Based TPM” or “fTPM” provides various techniques for using hardware such as the ARM® architecture's TrustZone™ extensions and security primitives to provide secure execution isolation for a Trusted Platform Module (TPM) within a “firmware-based TPM” that can be implemented within devices using existing ARM®-based processor architectures or similar hardware.
2. Background Art
As is well known to those skilled in the art, a conventional Trusted Platform Module (TPM) is a hardware device or “chip” that provides a secure crypto-processor. More specifically, a typical TPM chip generally offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. It also includes capabilities such as “remote attestation” and sealed storage. Remote attestation is intended to create a practically unforgeable hash key summary of a particular hardware and software configuration. The extent of the summary is decided by the components involved in measuring the hardware and software configuration. This allows a third party to verify that the software and hardware configuration complies with some set policy. “Binding” encrypts data using a TPM endorsement key, a unique RSA key burned into the TPM chip during its production, or another trusted key descended from it. “Sealing” encrypts data similar to binding, but in addition specifies the state in which the TPM chip must be in order for the data to be decrypted or “unsealed.”
TPM chips are also used to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication. For example, it can be used to verify that a system seeking access is an expected or authorized system. Clearly, pushing the security down to the hardware level of a system, by using discrete TPM chips in conjunction with corresponding security software, provides more protection than a software-only solution. However even when a TPM chip is used, keys are still vulnerable once exposed by the TPM chip to applications, as has been illustrated in the case of a conventional cold boot attack.
Many conventional solutions for implementing a TPM for a computing system involve integrating a discrete hardware TPM chip into the motherboard or system board of such computing systems. Unfortunately, such solutions face several challenges. For example, integrating TPM chips into a typical motherboard design results in an increased bill of materials (BOM) cost in the order of about $1 to $2 per system. However, even such relatively low per-device costs can add to a very large total considering the tremendous volume of computing devices being manufactured around the world. Another challenge often associated with conventional TPM chips is that discrete TPMs are generally not optimized for energy efficiency, and can impact the power budget for low-power systems (e.g., portable computing devices, PDA's, tablets, netbooks, mobile phones, etc.). Further, due to BOM constraints, discrete TPM chips are often implemented with relatively slow (and thus low cost) processors which negatively impacts or potentially prevents certain usage scenarios.
Consequently, because TPMs are generally considered to be optional system components, the additional monetary and power costs for including a discrete TPM in a system often leads to the exclusion of such devices during the manufacturing process. TPMs are therefore not ubiquitous which makes it difficult for software or operating system developers to invest substantial resources in broad TPM usage scenarios. Another issue affecting broad TPM usage scenarios is that many conventional discrete TPMs are not compatible with some form factors (e.g., phones, PDA's, tablets, etc.). In fact, many conventional devices such as mobile phones and tablet type computers don't generally use discrete TPMs, and in some cases may not have the appropriate interconnects (e.g., an LPC bus) to support the use of discrete TPMs with the system-on-a-chip (SoC) driving devices such as phones or tablets.