Blog

The Trusted Platform Module: A Foundation for a Root of Trust

July 03, 2018 | BY: Aaron Frank

Download PDF

Most contemporary Intel processor designs include a Trusted Platform Module (TPM), a security chip that uses cryptographic methods to ensure platform integrity throughout the entire boot process until applications are running. A hardware vendor’s approach to using the TPM device is particularly important for system integrators’ timelines and budgets.

The TPM is often used as the basis for a hardware Root of Trust, which is in turn the foundation for many of the security capabilities on a computing system. The Root of Trust may be based on a unique element in the hardware that cannot be replicated or duplicated by anyone who is trying to make a copy of the board. On a board, the Root of Trust might be a serial number that cannot be tampered with or cloned. Or, it might be a private cryptographic key or Physically Unclonable Function (PUF) that is unique to just that one instance of a board. In every case, it is a unique mechanism that provides a secure foundation from which to build a trusted system.

Because the mechanism that enables a hardware Root of Trust is something that cannot be easily broken, it provides a level of trust that is guaranteed to be genuine. The board boots in an authentic and secure way no matter what application is running on it.

The TPM provides no security capabilities until it is instrumented (configured) and enabled. It must then be locked to ensure that provisioned indices and access policies cannot be altered, ensuring the original security profiles remain unchanged.

Trusted Boot, Anti-tamper

Figure 1: Secure Boot is a key component of protection against physical and remote attacks, and hardware and software failures

While hardware vendors may include a TPM device in their hardware, they rarely put the time and effort into implementing a complete end-to-end secure boot mechanism. Instead, they expect system integrators to understand and complete all of these complex tasks. When evaluating trusted computing boards, system integrators should ensure a complete boot security framework has been implemented, as completing these tasks themselves can significantly increase program time, effort, and budget requirements.

Boot security implementation is a key point of differentiation among hardware vendors. Vendors that go the extra step and put the time, effort, and money into implementing a hardware root-of-trust and instrumented TPM as part of a layered Trusted and Secure Computing Platform can offer system integrators boards with a huge security advantage with very little additional effort at the integrator’s expense.

For more information, download “Getting Secure, Intel-Based Solutions to Market Faster: Why the Hardware Vendor’s Boot Security Implementation Is So Important” White Paper.

Author’s Biography

Aaron Frank

Senior Product Manager, Intel SBC & Graphics

Aaron Frank joined Curtiss-Wright in January 2010. As the Senior Product Manager for our Intel Single Board Computer and Graphics product lines, he is responsible for a wide range of COTS products utilizing Intel processing and video graphics/GPU technologies in many industry standard module formats (VME, VPX, etc). His focus includes product development and marketing strategies, technology roadmaps, and serving as a subject matter expert within the sales team. Previous to this role, Aaron held the product Manager role for Networking products. Aaron has a Bachelors of Science in Electrical Engineering degree from the University of Waterloo.

Share This Article

  • Share on Linkedin
  • Share on Twitter
  • Share on Facebook
  • Share on Google+
Want to add a comment? Please login
Loading...
Connect With Curtiss-Wright Connect With Curtiss-Wright Connect With Curtiss-Wright
Sales

CONTACT SALES

Contact our sales team today to learn more about our products and services.

YOUR LOCATION

PRODUCT INFORMATION

Support

GET SUPPORT

Our support team can help answer your questions - contact us today.

REQUEST TYPE

SELECT BY

SELECT Topic