In recent years many widely deployed computing systems and, in particular, computing systems that are linked via data networks such as the Internet, have been subjected to security exploits that enable the execution of malicious software programs, exfiltration of private data from users, and corruption of user data. One challenge confronting the secure operation of computing devices is that the trusted computing base (TCB) for the execution of software programs tends to be quite large. The TCB refers to all of the software and hardware components that a user must rely upon or “trust” to ensure secure operation of a computing device. In a traditional computing device, the TCB includes all of the hardware and software that is present in a PC, mobile electronic device, or other computing system owned by a user. Furthermore, in networked computing applications the TCB often extends to computing systems that are beyond the control of the user.
Some existing security solutions seek to reduce the size of the TCB using complex processing devices that implement executable code signing and verification and optionally implement encryption for secure data storage. For example, the Trusted Platform Module (TPM) standard describes a class of secure co-processor devices that are incorporated in some existing computing systems. A TPM is typically incorporated as a separate microprocessor that performs a limited set of security operations to provide some assurance that the computing system is executing approved software applications that have not been subjected to tampering by verifying message authentication codes (MACs) and digital signatures for the MACs using one or more predetermined digital certificates that are issued by trusted digital certificate authorities.
While TPM modules and other similar security hardware solutions can improve the security of computing platforms under some operating conditions, the existing solutions also suffer from drawbacks in operational complexity, reliability, and security. First, TPM chips are expressly designed to be physically separate from the main processor such as a central processing unit (CPU) or other processor, such as a System on a Chip (SoC). The TPM module is separated from the main processor to protect secret data from software that is executed on the main processor, but means that the TPM must be manufactured and installed separately from the main processor. Second, TPM chips typically have a non-volatile memory that stores secret keys for the computing device in a more secure manner than using traditional data storage devices such as hard drives or other storage media. The non-volatile memory is typically formed from NAND or NOR flash technology or other electronically erasable programmable read-only memory (EEPROM) modules. As is known in the art, these non-volatile memory devices often have a rather limited number of write cycles before the memory devices begin to fail. Thus, many TPMs cannot effectively store dynamic data that changes often during operation of the computing device. Finally, the non-volatile memory in the TPMs makes the TPMs susceptible to offline attacks since non-volatile memory retains data when the TPMs are deactivated and even when the TPMs are removed from the computing device and disassembled. Long-term storage of secret data also increases the difficulty in transferring a computing device between owners since the first owner often does not want the second owner to have any access to secret data stored in the TPM. Given these limitations, improvements to computing systems that reduce the TCB without requiring long-term storage of secret data in non-volatile memory would be beneficial.