Trusted Platform Module
The Trusted Platform module is a hardware component specified by the Trusted Computing Group to facilitate several important cryptographic functions and act as a root of trust for storage and reporting. A TPM provides four basic classes of functions:
1) Securely storing and reporting platform configurations
2) Storage of protected keys and data
3) Cryptographic functionality
4) Initialization and management functionality
Given the capabilities of a TPM, it can serve as an important part of a trusted computing system. The following figure summarizes the architecture and functionality of a typical TPM.
1) Securely storing and reporting platform configurations
2) Storage of protected keys and data
3) Cryptographic functionality
4) Initialization and management functionality
Given the capabilities of a TPM, it can serve as an important part of a trusted computing system. The following figure summarizes the architecture and functionality of a typical TPM.
ARM TrustZone
The ARM TrustZone is a secure execution environment. TrustZone provides two virtual processors on a single processor core backed by hardware access control. This facilitates the creation of two separate parallel execution worlds: a non-secure “normal” execution environment and a trusted secure world. Hardware logic present in the TrustZone-enabled AMBA3 AXI bus fabric ensures that no secure world resources can be accessed by the normal world components.
A simple overview of how TrustZone operates is demonstrated below. A secure monitor is in charge of the switching between worlds and is in place to not allow programs that are in the normal world access the secure world. The functionality of the secure monitors is similar to a traditional operating system context switch thereby ensuring that the state of the world that the processor is leaving is safely saved and the state of the world that the processor is switching to is correctly restored. The SMC instruction in the ARMinstruction set provides the main route change worlds.
A simple overview of how TrustZone operates is demonstrated below. A secure monitor is in charge of the switching between worlds and is in place to not allow programs that are in the normal world access the secure world. The functionality of the secure monitors is similar to a traditional operating system context switch thereby ensuring that the state of the world that the processor is leaving is safely saved and the state of the world that the processor is switching to is correctly restored. The SMC instruction in the ARMinstruction set provides the main route change worlds.