beyond trustzone psaarmtechforum.com.cn/attached/article/b1_beyondtrustzone201712… · arm’s...

© 2017 Arm Limited

Arm Tech Symposia 2017

Beyond TrustZonePSA

Erik Jacobson | Director Marketing

© 2017 Arm Limited 2

Agenda

Platform Security Architecture

• Architecture overview

• Trusted Firmware-M

• IoT Threat models & security analyses

Summary


Security cannot be optional

Arm is announcing:

The Platform Security Architecture (PSA)

• A framework for security for the smallest of connected devices

• Publically available holistic set of documents & specifications

• Trusted Firmware-M – Open source reference firmware


Arm: The Industry’s Architecture of Choice Extraordinary growth – from sensors to server

22 years

4 years

4 years

20171991 2013 2021

50 billionchips shipped

50 billionchips shipped

100 billionchips expected to ship

2016

80% microcontrollers


Arm’s growing investment in securityHelping protect billions of devices

Smart Cardfor payment

Apps processors gain TrustZone

Enablement of premium content

streaming & mobile payment

PolarSSL & Sansa join Arm

&TrustZone for

Armv8-M

2000+ 2005+ 2010+ Today2015+

Platform Security

Architecture

&

Security enclave

Mbed, CryptoCell, Cortex-M33

TEE for Cortex-A

TrustZone for Cortex-A

SecurCore


Diversity is good… but better with common ground rules

A diverse collection of chips, device makers and services…

Needs a shared approach to security best practice

SILICON PARTNER

B

OEM 1 OEM 2 OEM 3

SILICON PARTNER

A

SILICON PARTNER

D

SILICON PARTNER

C


A framework to secure 1 trillion devices…Announcing the Platform Security Architecture

Analyse• Threat

models and security analyses

Architect• Firmware

architecture & hardware specifications

Implement• Source code

& hardware IP

PSA documents

Enabling products & contributions


Security is a shared responsibility

Device SiPs CloudSoftware Security Systems


Security starts with analysisAnalysis leads to requirements

ExampleSystem description

Assets

Threats

Security Objectives

Security Requirements

Arm will deliver representative IoT device security analyses & requirements

Analyse

Asset: metering data to be protected in integrity & confidentiality

Threat: Remote SW attacks

Security Objective: Strong Crypto

Security Requirement: Hardware based key store


Architecture incorporating common principlesA recipe for building a secure system

From analysis to architecture Identify key common principles

Device identity

Trusted boot sequence

Secure over-the-air software update

Certificate based authentication

…Common principles across multiple use cases


PSA deliverables

IoT Security analyses

Firmware specifications

Hardware requirements

Wirelessmeter

Assettracker

Connectedcamera

Firmware framework

Secure update

Boot sequence

RNG Securestorage

Crypto

Security architecture derived from principles


Open source code to accelerate adoptionFreely available reference implementation

Trusted Firmware-M

• Reference firmware for the architecture specification

• Initially targeting Armv8-M

• In development now – publically available first quarter 2018

Arm Mbed OS will provide an implementation of PSA

• Integrated with Mbed TLS and Mbed Cloud Client

• Targeting all Cortex-M processors

• Available in subsequent releases of Mbed OS


Platform Security Architecture

Designed to secure low cost IoT devices where a full Trusted Execution Environment would not be appropriate.

PSA protects sensitive assets (keys, credentials and firmware) by separating these from the application firmware and hardware.

PSA defines a Secure Processing Environment (SPE) for this data, the code that manages it and its trusted hardware resources.

PSA is architecture neutral and can be implemented on Cortex-M, Cortex-R & Cortex-A.

The focus is Cortex-M based devices.

Application

RTOS

Trusted Functions

Secure partition manager

Secure boot

Root of Trust keys

Platform hardware

Non-secure processing environment

Secure processing environment


PSA - Standardized Interfaces

PSA specifies interfaces to decouple components.

• Enables reuse of components in other device platforms

• Reduces integration effort

Partners can provide alternative implementations.

• Necessary to address different cost, footprint, regulatory or security needs

PSA provides an architectural specification.

• Hardware, firmware and process requirements and interfaces

Trusted Functions

Secure partition API

Secure partition manager

Secure hardware requirements

Boot firmware

Root of Trust keys

Platform hardware



Application

RTOS

Secu

re IP

C


Example IoT Device Implementation

OEMs can choose their preferred implementations.

Trusted Firmware-M will be a new OSS project.

• To reduce rework across our partners

• To speed up device or component validation against standards such as Common Criteria EAL

Open to any RTOS and other partners.

Application

Arm mbed OS

Secu

re IP

C

Device Management

Secure partition API

Arm TrustedFirmware v8-m

TBSA-v8M

Boot firmware

Root of Trust keys

Armv8-m based SoC




PSA Firmware Framework Concepts

Secure Partition Manager (SPM)

• Provides the boot, isolation and IPC services to the SPE

Partition

• The unit of execution

Secure function

• A set of related APIs invoked through secure IPC

Trusted function

• A Secure Function that provides a Root of Trust service

Non secure partition

Application firmware

OS libraries

OS kernel

Secure partition

Secure function

Secure function

Trusted partition

Trusted function

Trusted function

Secure Partition Manager

Secure IPC Secure isolation Secure debug

Isolation boundary

Secure processing environmentNon-secure

Processing environment

Secure partition

Secure function

Secure function


PSA Firmware Isolation Levels

Level 2

Separate Root of Trust from Secure Partitions within SPE

Level 1

Lower cost hardware –only isolate the SPE

Level 3

More robustness –isolate all partitions from each other


Scaling IoT security

From device to cloud


Key take-aways…

PSA provides security foundations for low cost IoT devices.

PSA makes security easier, quicker & cheaper to implement by providing:

• IoT Threat models & security analyses

• Architecture documents

• Source code: Trusted Firmware-M

• System IP, dev boards and tools

Arm is helping our partners deliver security, deployable at scale.

Lead partner availability – Now (NDA).

General availability – Q1’18.

© 2017 Arm Limited

Arm Tech Symposia 2017

Beyond TrustZoneSecurity Enclaves

Erik Jacobson | Director Marketing


Agenda

New security technology for IoT

• Security Enclaves – CryptoIsland

• System IP for debug

• Dev boards & chips

GlobalPlatform TEE

• OTA and RoT topics

Summary


In a connected everything World…

What level of security robustness do you need?


Security is a balance…

SW & HW Attacks• Physical access to device

– JTAG, Bus, IO Pins,• Time, money & equipment

Software Attacks & lightweight hardware attacks• Buffer overflows• Interrupts• Malware

Communication Attacks• Man In The Middle• Weak RNG• Code vulnerabilities

Cost/effort to attack

Cost/effort to secure

TLS/SSL

Security enclaveor subystem

TrustZone based TEE/PSA

Secure Element

*Trusted Execution Environment/ Secure Partitioning Manager


Beyond TrustZone - Security enclaves

A programmable security enclave to extend fixed function CryptoCell family.

TrustZone CryptoIslands - an additional family of security solutions by Arm.

Aimed at providing on-die security services, in a physically isolated manner (host CPU agnostic).

Axiom: less sharing of resources leads to smaller attack surface and fewer vulnerabilities.

Certification, at a reasonable cost (i.e. reuse).

SoC

Flash (internal / external)

Host CPU

APB bridge

APB peripherals

interconnect

Instruction cache

Always-on

domain

PowerControl

Debug

CoreSightSoC

System SRAM

TrustZonefilters

SRAM Cntl

TrustZone Filters

Flash Controller(s) CryptoIsland

Boot ROM

Cryptography

LCS Mgr

Secure RAM

Secure CPU

Isolating I/F Secure Always

On

Alarms

Debug control

Roots of Trust


Example: PSA with CryptoIsland on Armv8-M

CryptoIsland is providing services to the Trusted Partitions and/or implements some of these trusted functions.

CryptoIsland security enclave

Arm v8-M: non-secure processing environment

Arm v8-M: secure processing environment

Non-secure processing Environment

Secure processing environment (SPE)


Example: PSA with CryptoIsland on Armv7-M

The Secure Processing Environment (SPE) is in CryptoIsland.

CryptoIsland security enclave

Arm v7-M: non-secure processing environment


CryptoIsland-300: the first family member

We are forming a 1st security enclave out of existing and mature HW components (CPU, CryptoCell, interconnect, filters, mailbox, power control…)

• The SW and tools is where a lot of the effort is going invested!

Key point is preserve an identical “touch and feel” from the SW perspective, so the isolation/robustness choice explained earlier won’t impact the higher layers.

• Allowing different implementations to be interchangeable

Example target applications: LPWAN, Storage, Automotive, General purpose MCUs…


New solution for authenticated debug access – SDC-600

Hackers can abuse debug interfaces to gain access to the chip.

Arm addressing this misuse by enabling debug authentication on our partners’ silicon.

Alternative to blowing e-fuse on debug port.

SDC-600 (Secure Debug Channel) enables certificate based authentication handshake with external agent.

SoC

Host CPU

Debug Subsystem

CoreSight SoC

CryptoIsland

Boot ROM

Cryptography

LCS Mgr

Secure RAM

Secure CPU

Isolating I/F

Secure Always On

Alarms

Debug control

Roots of Trust

SDC-600SecureDebug

Channel

Socrates

Certificate


The Secure Debug Manager knows how to do the crypto to generate an unlock certificate for CryptoCell – or other unlock technology the target

supports

Following certificate installation the APs are enabled, allowing

external debug access


New dev board for PSA development - Musca-A1!

Ready for PSA development

• Cortex-M33 based dev board.

• Used for internal software development.

• Test chip built on PSA recommendations.

– PSA development platform

• Prototype your system

• Available now

Musca-A1 boards

Come to Arm booth

to see Musca-A1!


Musca-A1 – PSA development platform

Musca-A1

CoreLinkSSE-200

subsystem

Cordio BLE / 802.15.4(digital part)

Code SRAM

Cortex-M33

SRAM Controller

SRAM Cntl

Multi-layer AHB5 interconnect

System SRAM

Instruction Cache

TrustZone Cryptocell

Cordio BLE / 802.15.4

(RF part)

IDA

U

Always-on domain

TrustZoneFilters

TrustZoneFilters

TrustZoneFilters

AHB5 code

interface

Cortex-M33

Instruction Cache

IDA

U Local SRAM

TrustZoneFilters Power

Control

TrustZoneFilters

Secure Debug

CoreSightSoC

QSP

ISP

I

GP

IO

PW

M

UA

RT

I2C

mas

ter

I2S

RTC

AHB5 interconnectAPB Bridge

APB Peripherals

AP

B B

rid

ge

PLL

32kHz oscillator

32

kHz

32MHz oscillator

32

MH

z

Arm CoreLink SDK-200 IP

Cadence IP

Other Arm IP

Other


Agenda

New security technology for IoT

• Security Enclaves – CryptoIsland

• System IP for debug

• Dev boards & chips

GlobalPlatform TEE

• OTA and RoT topics

Summary


Arm TrustZone based TEE architectureA reminder of the architecture

Trusted SW/HW

Key

GlobalPlatform

standardization

Initial ROT and

security subsystem

TrustZone-based

TEE

Common foundation

Hardware Interfaces

Normal world code Trusted software

ArmTrustedFirmware Trusted Boot

Payload DispatcherSMCCC PSCI

EL1

EL2

Secure device drivers

Hypervisor

Apps

Arm Cortex-ASoC

Subsystem

Graphics

Video

CryptoCell

Secure store

Physical IP

Trusted_Apps

Payment

DRM

Rich OS

Device drivers

Trusted OS


GlobalPlatform & TEE

GlobalPlatform is a Standards Defining Organisation: it is the home of TEE.

• Defines APIs and Trusted services

• Compliance program

• TEE Protection Profile

• Security certification program

• Over the Air TEE management –Trusted Management Framework & Open Trust Protocol (PKI & JSON based)

OTA management of TEEis a market requirement


A new capability – standards based OTA TEE management

OTrP* is being developed as an option in TMF & compatible with GlobalPlatformTEE System Architecture.

Main features:

• A specific PKI architecture and trust anchors

• A high level (JSON-based) message protocol

• A REE Agent for communication with TAM/TSMs

• A set of mandatory services from the Boot TEE and Bootstrap Domain

*Open Trust Protocol is being developed as an option for Trusted Management Framework

Secure Code

Image Dev

TAM

Image Delivery

ServerTEE Device

Certificate

Authority

TEE Device


Root of Trust is the foundation for secure services

RoT = Trustworthy hardware &

security functions

A Root of Trust, is a hardware device and a runtime environment that provide a set of trusted functions from which an initial chain or trust can be derived. It is the trust anchor for the system

Mobile& IoT

PC

Cloud

TEE & / orSecurity subsystem / SETPM

HSM


TrustZone based TEE + extended Root of Trust example

Normal WorldIoT developer writes Appson top of his/her chosen OS.

Secure World= Trusted code (Trusted OS/Libs)+ Trusted Apps/functions+ Trusted hardware

Security subsystemReduced attack surfaceProtection from physical & side channel attacks.Developed by security specialists.


TrustZone based TEE + security subsystem optionAn additional security layer

Applications

Execution environment isolation

RNG

Cryptography

Persistent trusted storage

Data protection(off-line, runtime)

Rollback protection

SW updates

validation

Lifecycle management

Debug authentication

RoT mgmt

SW validation & decryption

TrustZone family of security IPs provides protection from physical & SW attacks

Security subsystem e.g. Arm CryptoCell for RoTservices

Arm TrustZone based TEE for trusted functions

Securemanufacturing


Key take-aways…

Arm has launched CryptoIsland - a new family of Security enclaves by Arm.

• Provides a robust Root of Trust with some programmability

• Creates another layer of hardware security beyond TrustZone

Arm has launched SDC-600 for certificate based control of debug.

The TrustZone based TEE for Cortex-A is gaining a simple OTA management protocol.

• OTrP provides a PKI based trust architecture and high level JSON protocol

Arm is making robust security easier, quicker and cheaper to implement!

4242 © 2017 Arm Limited

The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners.

www.arm.com/company/policies/trademarks

beyond trustzone psaarmtechforum.com.cn/attached/article/b1_beyondtrustzone201712… · arm’s...

Documents