beyond trustzone psaarmtechforum.com.cn/attached/article/b1_beyondtrustzone201712… · arm’s...
TRANSCRIPT
![Page 1: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/1.jpg)
© 2017 Arm Limited
Arm Tech Symposia 2017
Beyond TrustZonePSA
Erik Jacobson | Director Marketing
![Page 2: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/2.jpg)
© 2017 Arm Limited 2
Agenda
Platform Security Architecture
• Architecture overview
• Trusted Firmware-M
• IoT Threat models & security analyses
Summary
![Page 3: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/3.jpg)
© 2017 Arm Limited 3
Security cannot be optional
Arm is announcing:
The Platform Security Architecture (PSA)
• A framework for security for the smallest of connected devices
• Publically available holistic set of documents & specifications
• Trusted Firmware-M – Open source reference firmware
![Page 4: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/4.jpg)
© 2017 Arm Limited 4
Arm: The Industry’s Architecture of Choice Extraordinary growth – from sensors to server
22 years
4 years
4 years
20171991 2013 2021
50 billionchips shipped
50 billionchips shipped
100 billionchips expected to ship
2016
80% microcontrollers
![Page 5: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/5.jpg)
© 2017 Arm Limited 5
Arm’s growing investment in securityHelping protect billions of devices
Smart Cardfor payment
Apps processors gain TrustZone
Enablement of premium content
streaming & mobile payment
PolarSSL & Sansa join Arm
&TrustZone for
Armv8-M
2000+ 2005+ 2010+ Today2015+
Platform Security
Architecture
&
Security enclave
Mbed, CryptoCell, Cortex-M33
TEE for Cortex-A
TrustZone for Cortex-A
SecurCore
![Page 6: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/6.jpg)
© 2017 Arm Limited 6
Diversity is good… but better with common ground rules
A diverse collection of chips, device makers and services…
Needs a shared approach to security best practice
SILICON PARTNER
B
OEM 1 OEM 2 OEM 3
SILICON PARTNER
A
SILICON PARTNER
D
SILICON PARTNER
C
![Page 7: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/7.jpg)
© 2017 Arm Limited 7
A framework to secure 1 trillion devices…Announcing the Platform Security Architecture
Analyse• Threat
models and security analyses
Architect• Firmware
architecture & hardware specifications
Implement• Source code
& hardware IP
PSA documents
Enabling products & contributions
![Page 8: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/8.jpg)
© 2017 Arm Limited 8
Security is a shared responsibility
Device SiPs CloudSoftware Security Systems
![Page 9: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/9.jpg)
© 2017 Arm Limited 9
Security starts with analysisAnalysis leads to requirements
ExampleSystem description
Assets
Threats
Security Objectives
Security Requirements
Arm will deliver representative IoT device security analyses & requirements
Analyse
Asset: metering data to be protected in integrity & confidentiality
Threat: Remote SW attacks
Security Objective: Strong Crypto
Security Requirement: Hardware based key store
![Page 10: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/10.jpg)
© 2017 Arm Limited 10
Architecture incorporating common principlesA recipe for building a secure system
From analysis to architecture Identify key common principles
Device identity
Trusted boot sequence
Secure over-the-air software update
Certificate based authentication
…Common principles across multiple use cases
![Page 11: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/11.jpg)
© 2017 Arm Limited 11
PSA deliverables
IoT Security analyses
Firmware specifications
Hardware requirements
Wirelessmeter
Assettracker
Connectedcamera
Firmware framework
Secure update
Boot sequence
RNG Securestorage
Crypto
Security architecture derived from principles
![Page 12: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/12.jpg)
© 2017 Arm Limited 12
Open source code to accelerate adoptionFreely available reference implementation
Trusted Firmware-M
• Reference firmware for the architecture specification
• Initially targeting Armv8-M
• In development now – publically available first quarter 2018
Arm Mbed OS will provide an implementation of PSA
• Integrated with Mbed TLS and Mbed Cloud Client
• Targeting all Cortex-M processors
• Available in subsequent releases of Mbed OS
![Page 13: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/13.jpg)
© 2017 Arm Limited 13
Platform Security Architecture
Designed to secure low cost IoT devices where a full Trusted Execution Environment would not be appropriate.
PSA protects sensitive assets (keys, credentials and firmware) by separating these from the application firmware and hardware.
PSA defines a Secure Processing Environment (SPE) for this data, the code that manages it and its trusted hardware resources.
PSA is architecture neutral and can be implemented on Cortex-M, Cortex-R & Cortex-A.
The focus is Cortex-M based devices.
Application
RTOS
Trusted Functions
Secure partition manager
Secure boot
Root of Trust keys
Platform hardware
Non-secure processing environment
Secure processing environment
![Page 14: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/14.jpg)
© 2017 Arm Limited 14
PSA - Standardized Interfaces
PSA specifies interfaces to decouple components.
• Enables reuse of components in other device platforms
• Reduces integration effort
Partners can provide alternative implementations.
• Necessary to address different cost, footprint, regulatory or security needs
PSA provides an architectural specification.
• Hardware, firmware and process requirements and interfaces
Trusted Functions
Secure partition API
Secure partition manager
Secure hardware requirements
Boot firmware
Root of Trust keys
Platform hardware
Non-secure processing environment
Secure processing environment
Application
RTOS
Secu
re IP
C
![Page 15: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/15.jpg)
© 2017 Arm Limited 15
Example IoT Device Implementation
OEMs can choose their preferred implementations.
Trusted Firmware-M will be a new OSS project.
• To reduce rework across our partners
• To speed up device or component validation against standards such as Common Criteria EAL
Open to any RTOS and other partners.
Application
Arm mbed OS
Secu
re IP
C
Device Management
Secure partition API
Arm TrustedFirmware v8-m
TBSA-v8M
Boot firmware
Root of Trust keys
Armv8-m based SoC
Non-secure processing environment
Secure processing environment
![Page 16: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/16.jpg)
© 2017 Arm Limited 16
PSA Firmware Framework Concepts
Secure Partition Manager (SPM)
• Provides the boot, isolation and IPC services to the SPE
Partition
• The unit of execution
Secure function
• A set of related APIs invoked through secure IPC
Trusted function
• A Secure Function that provides a Root of Trust service
Non secure partition
Application firmware
OS libraries
OS kernel
Secure partition
Secure function
Secure function
Trusted partition
Trusted function
Trusted function
Secure Partition Manager
Secure IPC Secure isolation Secure debug
Isolation boundary
Secure processing environmentNon-secure
Processing environment
Secure partition
Secure function
Secure function
![Page 17: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/17.jpg)
© 2017 Arm Limited 17
PSA Firmware Isolation Levels
Level 2
Separate Root of Trust from Secure Partitions within SPE
Level 1
Lower cost hardware –only isolate the SPE
Level 3
More robustness –isolate all partitions from each other
![Page 18: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/18.jpg)
© 2017 Arm Limited 18
Scaling IoT security
From device to cloud
![Page 19: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/19.jpg)
© 2017 Arm Limited 19
Key take-aways…
PSA provides security foundations for low cost IoT devices.
PSA makes security easier, quicker & cheaper to implement by providing:
• IoT Threat models & security analyses
• Architecture documents
• Source code: Trusted Firmware-M
• System IP, dev boards and tools
Arm is helping our partners deliver security, deployable at scale.
Lead partner availability – Now (NDA).
General availability – Q1’18.
![Page 20: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/20.jpg)
© 2017 Arm Limited
Arm Tech Symposia 2017
Beyond TrustZoneSecurity Enclaves
Erik Jacobson | Director Marketing
![Page 21: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/21.jpg)
© 2017 Arm Limited 21
Agenda
New security technology for IoT
• Security Enclaves – CryptoIsland
• System IP for debug
• Dev boards & chips
GlobalPlatform TEE
• OTA and RoT topics
Summary
![Page 22: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/22.jpg)
© 2017 Arm Limited 22
In a connected everything World…
What level of security robustness do you need?
![Page 23: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/23.jpg)
© 2017 Arm Limited 23
Security is a balance…
SW & HW Attacks• Physical access to device
– JTAG, Bus, IO Pins,• Time, money & equipment
Software Attacks & lightweight hardware attacks• Buffer overflows• Interrupts• Malware
Communication Attacks• Man In The Middle• Weak RNG• Code vulnerabilities
Cost/effort to attack
Cost/effort to secure
TLS/SSL
Security enclaveor subystem
TrustZone based TEE/PSA
Secure Element
*Trusted Execution Environment/ Secure Partitioning Manager
![Page 24: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/24.jpg)
© 2017 Arm Limited 24
Beyond TrustZone - Security enclaves
A programmable security enclave to extend fixed function CryptoCell family.
TrustZone CryptoIslands - an additional family of security solutions by Arm.
Aimed at providing on-die security services, in a physically isolated manner (host CPU agnostic).
Axiom: less sharing of resources leads to smaller attack surface and fewer vulnerabilities.
Certification, at a reasonable cost (i.e. reuse).
SoC
Flash (internal / external)
Host CPU
APB bridge
APB peripherals
interconnect
Instruction cache
Always-on
domain
PowerControl
Debug
CoreSightSoC
System SRAM
TrustZonefilters
SRAM Cntl
TrustZone Filters
Flash Controller(s) CryptoIsland
Boot ROM
Cryptography
LCS Mgr
Secure RAM
Secure CPU
Isolating I/F Secure Always
On
Alarms
Debug control
Roots of Trust
![Page 25: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/25.jpg)
© 2017 Arm Limited 25
Example: PSA with CryptoIsland on Armv8-M
CryptoIsland is providing services to the Trusted Partitions and/or implements some of these trusted functions.
CryptoIsland security enclave
Arm v8-M: non-secure processing environment
Arm v8-M: secure processing environment
Non-secure processing Environment
Secure processing environment (SPE)
![Page 26: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/26.jpg)
© 2017 Arm Limited 26
Example: PSA with CryptoIsland on Armv7-M
The Secure Processing Environment (SPE) is in CryptoIsland.
CryptoIsland security enclave
Arm v7-M: non-secure processing environment
![Page 27: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/27.jpg)
© 2017 Arm Limited 27
CryptoIsland-300: the first family member
We are forming a 1st security enclave out of existing and mature HW components (CPU, CryptoCell, interconnect, filters, mailbox, power control…)
• The SW and tools is where a lot of the effort is going invested!
Key point is preserve an identical “touch and feel” from the SW perspective, so the isolation/robustness choice explained earlier won’t impact the higher layers.
• Allowing different implementations to be interchangeable
Example target applications: LPWAN, Storage, Automotive, General purpose MCUs…
![Page 28: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/28.jpg)
© 2017 Arm Limited 28
New solution for authenticated debug access – SDC-600
Hackers can abuse debug interfaces to gain access to the chip.
Arm addressing this misuse by enabling debug authentication on our partners’ silicon.
Alternative to blowing e-fuse on debug port.
SDC-600 (Secure Debug Channel) enables certificate based authentication handshake with external agent.
SoC
Host CPU
Debug Subsystem
CoreSight SoC
CryptoIsland
Boot ROM
Cryptography
LCS Mgr
Secure RAM
Secure CPU
Isolating I/F
Secure Always On
Alarms
Debug control
Roots of Trust
SDC-600SecureDebug
Channel
Socrates
Certificate
![Page 29: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/29.jpg)
© 2017 Arm Limited 29
The Secure Debug Manager knows how to do the crypto to generate an unlock certificate for CryptoCell – or other unlock technology the target
supports
Following certificate installation the APs are enabled, allowing
external debug access
![Page 30: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/30.jpg)
© 2017 Arm Limited 30
New dev board for PSA development - Musca-A1!
Ready for PSA development
• Cortex-M33 based dev board.
• Used for internal software development.
• Test chip built on PSA recommendations.
– PSA development platform
• Prototype your system
• Available now
Musca-A1 boards
Come to Arm booth
to see Musca-A1!
![Page 31: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/31.jpg)
© 2017 Arm Limited 31
Musca-A1 – PSA development platform
Musca-A1
CoreLinkSSE-200
subsystem
Cordio BLE / 802.15.4(digital part)
Code SRAM
Cortex-M33
SRAM Controller
SRAM Cntl
Multi-layer AHB5 interconnect
System SRAM
Instruction Cache
TrustZone Cryptocell
Cordio BLE / 802.15.4
(RF part)
IDA
U
Always-on domain
TrustZoneFilters
TrustZoneFilters
TrustZoneFilters
AHB5 code
interface
Cortex-M33
Instruction Cache
IDA
U Local SRAM
TrustZoneFilters Power
Control
TrustZoneFilters
Secure Debug
CoreSightSoC
QSP
ISP
I
GP
IO
PW
M
UA
RT
I2C
mas
ter
I2S
RTC
AHB5 interconnectAPB Bridge
APB Peripherals
AP
B B
rid
ge
PLL
32kHz oscillator
32
kHz
32MHz oscillator
32
MH
z
Arm CoreLink SDK-200 IP
Cadence IP
Other Arm IP
Other
![Page 32: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/32.jpg)
© 2017 Arm Limited 32
Agenda
New security technology for IoT
• Security Enclaves – CryptoIsland
• System IP for debug
• Dev boards & chips
GlobalPlatform TEE
• OTA and RoT topics
Summary
![Page 33: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/33.jpg)
© 2017 Arm Limited 33
Arm TrustZone based TEE architectureA reminder of the architecture
Trusted SW/HW
Key
GlobalPlatform
standardization
Initial ROT and
security subsystem
TrustZone-based
TEE
Common foundation
Hardware Interfaces
Normal world code Trusted software
ArmTrustedFirmware Trusted Boot
Payload DispatcherSMCCC PSCI
EL1
EL2
Secure device drivers
Hypervisor
Apps
Arm Cortex-ASoC
Subsystem
Graphics
Video
CryptoCell
Secure store
Physical IP
Trusted_Apps
Payment
DRM
Rich OS
Device drivers
Trusted OS
![Page 34: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/34.jpg)
© 2017 Arm Limited 34
GlobalPlatform & TEE
GlobalPlatform is a Standards Defining Organisation: it is the home of TEE.
• Defines APIs and Trusted services
• Compliance program
• TEE Protection Profile
• Security certification program
• Over the Air TEE management –Trusted Management Framework & Open Trust Protocol (PKI & JSON based)
OTA management of TEEis a market requirement
![Page 35: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/35.jpg)
© 2017 Arm Limited 35
A new capability – standards based OTA TEE management
OTrP* is being developed as an option in TMF & compatible with GlobalPlatformTEE System Architecture.
Main features:
• A specific PKI architecture and trust anchors
• A high level (JSON-based) message protocol
• A REE Agent for communication with TAM/TSMs
• A set of mandatory services from the Boot TEE and Bootstrap Domain
*Open Trust Protocol is being developed as an option for Trusted Management Framework
Secure Code
Image Dev
TAM
Image Delivery
ServerTEE Device
Certificate
Authority
TEE Device
![Page 36: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/36.jpg)
© 2017 Arm Limited 36
Root of Trust is the foundation for secure services
RoT = Trustworthy hardware &
security functions
A Root of Trust, is a hardware device and a runtime environment that provide a set of trusted functions from which an initial chain or trust can be derived. It is the trust anchor for the system
Mobile& IoT
PC
Cloud
TEE & / orSecurity subsystem / SETPM
HSM
![Page 37: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/37.jpg)
© 2017 Arm Limited 37
TrustZone based TEE + extended Root of Trust example
Normal WorldIoT developer writes Appson top of his/her chosen OS.
Secure World= Trusted code (Trusted OS/Libs)+ Trusted Apps/functions+ Trusted hardware
Security subsystemReduced attack surfaceProtection from physical & side channel attacks.Developed by security specialists.
![Page 38: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/38.jpg)
© 2017 Arm Limited 38
TrustZone based TEE + security subsystem optionAn additional security layer
Applications
Execution environment isolation
RNG
Cryptography
Persistent trusted storage
Data protection(off-line, runtime)
Rollback protection
SW updates
validation
Lifecycle management
Debug authentication
RoT mgmt
SW validation & decryption
TrustZone family of security IPs provides protection from physical & SW attacks
Security subsystem e.g. Arm CryptoCell for RoTservices
Arm TrustZone based TEE for trusted functions
Securemanufacturing
![Page 39: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/39.jpg)
© 2017 Arm Limited
Summary
![Page 40: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/40.jpg)
© 2017 Arm Limited 40
Key take-aways…
Arm has launched CryptoIsland - a new family of Security enclaves by Arm.
• Provides a robust Root of Trust with some programmability
• Creates another layer of hardware security beyond TrustZone
Arm has launched SDC-600 for certificate based control of debug.
The TrustZone based TEE for Cortex-A is gaining a simple OTA management protocol.
• OTrP provides a PKI based trust architecture and high level JSON protocol
Arm is making robust security easier, quicker and cheaper to implement!
![Page 41: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/41.jpg)
4141
Thank You!Danke!Merci!谢谢!ありがとう!Gracias!Kiitos!
© 2017 Arm Limited
![Page 42: Beyond TrustZone PSAarmtechforum.com.cn/attached/article/B1_BeyondTrustZone201712… · Arm’s growing investment in security Helping protect billions of devices Smart Card for payment](https://reader034.vdocuments.mx/reader034/viewer/2022050220/5f65daac9006cf5f29769530/html5/thumbnails/42.jpg)
4242 © 2017 Arm Limited
The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.
www.arm.com/company/policies/trademarks