This invention is related in general to digital processing systems and more specifically to enforcing security restrictions in a processing platform by using kernel authorization data to protect a root key in a key tree hierarchy.
In many of today's computing or processing applications it is desirable for a manufacturer, distributor or owner of content or information to be able to protect the content from misuse. For example, a Digital Versatile Disk (DVD) player is used by consumers to show movies and video that is typically proprietary. The owner of the movie content wishes to prevent a user from unauthorized copying, distribution or other handling of the content. Similarly, a compact disc (CD) player can have the same concerns with respect to music or other audio information. Other processing systems may have proprietary content in the form of software application programs, games, etc. In each of these cases protecting the content can be difficult since the processing platform (e.g., DVD player, CD player, game console, etc.) is under the control of the end user who typically operates the processing platform in their home.
One approach to ensuring protection of content is to create a “trusted platform” in a consumer playback device so that a consumer is restricted from misuse of the content. Such a trusted platform only allows known, or trusted, processes to execute so that undesirable functionality, such as undesirable copying of the content, is inhibited. A prior art approach to achieving a trusted platform includes standards promulgated by Trusted Computing Group (TCG, formerly Trusted Computing Platform Alliance (TCPA)) such as TCG Trusted Platform Module (TPM) v1.2 Specification Revision 62, Oct. 2, 2003. This specification design includes a hardware chip TPM and related functions that provide mechanisms to establish certain levels of trusts to local and remote platforms.
A TPM is integrated into a platform and protects a set of Platform Configuration Registers (PCRs) for storing runtime configurations of the platform. Platform configurations are measured (e.g., hashed) and extended (or accumulated) into PCRs. TCG specifies some protected functions for applications to query platform configurations. Using these functions, an application is able to acquire configurations for local or remote platforms.
A trusted chain is established by measuring platform configurations and extending the values to PCRs during a boot sequence. At platform power-on or reset, a root process of the trust module measures system hardware and firmware configurations including the Initial Program Loader (IPL or operating system (OS) loader). The measurements are extended to PCRs before passing over the platform control to the OS loader. The OS loader, in turn, measures the kernel image and related configurations before handling over the system control to the kernel image.
One of the tasks of a TPM is to manage and control the use of cryptographic keys. In a trusted platform, the security of the system depends on the level of protection of its keys. The keys are managed in the form of a tree. The root key is the master and all keys below exist on the respective branches and leaves. An example of this is shown in FIG. 1. Based on the key hierarchy, use of a leaf key requires having proper authorization for all keys above (i.e., up to and including) the leaf key. The better that the system can protect the authorization data for the keys, the stronger the key security will be for the trusted platform. The Storage Root Key (SRK) is the authorization point for the other keys and requires knowledge of SRK authorization data in order to use the SRK.
Consumer electronic devices used by end-users present difficult problems in maintaining security. Usually such devices (e.g., DVD players, CD players, personal computers, cell phones, etc.) are under the complete control of an end user. Often it is desirable to protect content (e.g., movies, audio, etc.) that is accessed by, or played back on, these devices. In these end-user cases where the trusted platform is easily manipulated, protection of keys is very important yet difficult to achieve. In the end-user applications it is usually the platform (i.e., device) owner or user who has the knowledge of the authorization data. However, the content owner usually desires protection against the platform owner or user.