The Trusted Platform Module: A Foundation for a Root of Trust
Most contemporary Intel processor designs include a Trusted Platform Module (TPM), a security chip that uses cryptographic methods to ensure platform integrity throughout the entire boot process until applications are running. A hardware vendor’s approach to using the TPM device is particularly important for system integrators’ timelines and budgets.
The TPM is often used as the basis for a hardware Root of Trust, which is in turn the foundation for many of the security capabilities on a computing system. The Root of Trust may be based on a unique element in the hardware that cannot be replicated or duplicated by anyone who is trying to make a copy of the board. On a board, the Root of Trust might be a serial number that cannot be tampered with or cloned. Or, it might be a private cryptographic key or Physically Unclonable Function (PUF) that is unique to just that one instance of a board. In every case, it is a unique mechanism that provides a secure foundation from which to build a trusted system.
Because the mechanism that enables a hardware Root of Trust is something that cannot be easily broken, it provides a level of trust that is guaranteed to be genuine. The board boots in an authentic and secure way no matter what application is running on it.
The TPM provides no security capabilities until it is instrumented (configured) and enabled. It must then be locked to ensure that provisioned indices and access policies cannot be altered, ensuring the original security profiles remain unchanged.
Figure 1: Secure Boot is a key component of protection against physical and remote attacks, and hardware and software failures
While hardware vendors may include a TPM device in their hardware, they rarely put the time and effort into implementing a complete end-to-end secure boot mechanism. Instead, they expect system integrators to understand and complete all of these complex tasks. When evaluating trusted computing boards, system integrators should ensure a complete boot security framework has been implemented, as completing these tasks themselves can significantly increase program time, effort, and budget requirements.
Boot security implementation is a key point of differentiation among hardware vendors. Vendors that go the extra step and put the time, effort, and money into implementing a hardware root-of-trust and instrumented TPM as part of a layered Trusted and Secure Computing Platform can offer system integrators boards with a huge security advantage with very little additional effort at the integrator’s expense.
Senior Product Manager
Aaron Frank joined Curtiss-Wright in January 2010. As a Senior Product Manager within the C5ISR group, he is responsible for a wide range of COTS products utilizing advanced processing, video graphics/GPU and network switching technologies in many industry-standard module formats (VME, VPX, etc.). His focus includes product development and marketing strategies, technology roadmaps, and being a subject matter expert to the sales team and with customers. Aaron has a Bachelor of Science in Electrical Engineering degree from the University of Waterloo.