This written description is in the field of implementing Core Root of Trust for Measurement (CRTM) software. More particularly, the description relates to updating CRTM software.
Many different types of computing systems have attained widespread use around the world. These computing systems include personal computers, servers, mainframes and a wide variety of stand-alone and embedded computing devices. Sprawling client-server systems exist, with applications and information spread across many PC networks, mainframes and minicomputers. In a distributed system connected by networks, a user may access many application programs, databases, network systems, operating systems and mainframe applications. Computers provide individuals and businesses with a host of software applications including word processing, spreadsheet, and accounting. Further, networks enable high speed communication between people in diverse locations by way of e-mail, websites, instant messaging, and web-conferencing.
A common architecture for high performance, single-chip microprocessors is the reduced instruction set computer (RISC) architecture characterized by a small simplified set of frequently used instructions for rapid execution. Thus, in a RISC architecture, a complex instruction comprises a small set of simple instructions that are executed in steps very rapidly. These steps are performed in execution units adapted to execute specific simple instructions. In a superscalar architecture, these execution units typically comprise load/store units, integer Arithmetic/Logic Units, floating point Arithmetic/Logic Units, and Graphical Logic Units that operate in parallel. In a processor architecture, an operating system controls operation of the processor and components peripheral to the processor. Executable application programs are stored in a computer's hard drive. The computer's processor causes application programs to run in response to user inputs.
Thus, in a modern system, a plurality of computers—including servers—are connected together through a network. Each computer may run application programs for performing certain functions. These application programs may include word-processing, e-mail, graphics, document viewing and mark-up, spreadsheet, database, music player, internet browser, photo-shop, games, anti-virus, as well as a host of other application programs too numerous to mention.
Trusted Computing aims to provide a level of security which is beyond the control of the PC user, and is therefore resistant to attacks which the user may deliberately or accidentally allow. It does this by employing a chip called a Trusted Platform Module (TPM) which securely stores cryptographic keys and other data. In particular, it is manufactured with a public/private key pair, known as the endorsement key (EK). The private part of that key cannot be extracted from the TPM, and records of it at manufacture time should be destroyed.
In some systems, a Core Root of Trust Measurement (CRTM) code executes from the same Read Only Memory that holds the Basic Input/Output System (BIOS). The CRTM is a BIOS boot block code. It is considered trustworthy. It reliably measures integrity values of other computer code entities and devices of the system upon Which it resides. CRTM is an extension of normal BIOS, and will be run first to measure other parts of the BIOS block before passing control. The BIOS then measures hardware, and passes control to the bootloader. The bootloader measures Operating System (OS) kernels and passes control to the OS. After the OS is loaded (or during the boot process), one can check for the Platform Configuration Register (PCR) values of a Trusted Platform Module (TPM) to see if it is running in a good (expected) configuration.
Typically, the ROM that the CRTM and BIOS is stored upon is flash memory. To store a new CRTM or other new code would require reprogramming the memory. This cannot be done while executing the CRTM or other new code. The CRTM in particular resides in flash sectors of the ROM which are locked against any writes before control is passed to the regular BIOS. The CRTM code initializes the TPM chip and extends hash data to the TPM chip for any software that is measured when the system boots, which includes main BIOS and option ROM.
For CRTM code to meet the specification of the Trusted Computing Group (TCG), it must satisfy, inter alia, two basic requirements: The flash memory update procedure to update the CRTM must be secure. This essentially means that the CRTM can only be flashed by trusted code. Trusted code is code that is digitally signed using a platform private key. The second requirement is that the area of flash that stores the CRTM must be protected against all writes at all times from all sources, and is only writeable while the CRTM code is being executed. This means that flash tools can't update the CRTM because the flash sectors are locked.