Root of Trust

The first layer of hardware security is the establishment of a Root of Trust. The Root of Trust (RoT) is a hardware-validated boot process that ensures the first executable opcode starts from an immutable source. This is the anchor of the boot process that subsequently plays a role in bootstrapping the rest of the system from BIOS to the operating system to the application. A RoT is a baseline defense against a rootkit. 

Each phase validates the next phase in the boot process and builds a Chain of Trust. An RoT can have different starting methods such as:

  • Boot from ROM or a non-writable memory to store the image and root key
  • One-time programmable memory using fuse bits for root key storage
  • Boot from a protected memory region that loads code into a protected memory store

An RoT also needs to validate each new phase of boot. Each phase of boot maintains a set of cryptographically signed keys that are used to verify the next phase of boot:

Establishing a Root of Trust. Here is a five-phase boot building up a Chain of Trust and starting with a Boot Loader in immutable read-only memory. Each phase maintains a public key that is used to verify the authenticity of the next component loaded.

Processors that support an RoT are architecturally unique. Intel and ARM support the following:

  • ARM TrustZone: ARM sells a security silicon IP block for SOC manufacturers that provides a hardware Root of Trust as well as other security services. TrustZone divides hardware into secure and non-secure "worlds". TrustZone is a separated microprocessor from the non-secure core. IT runs a Trusted OS specially designed for security that has a well-defined interface to the non-secure world. Protected assets and functions reside in the trusted core and should be lightweight by design. The switching between worlds is done through hardware context switching, eliminating the need for secure monitor software. Other uses for TrustZone are to manage system keys, credit card transactions, and Digital Rights Management. TrustZone is available for A "application" and M "microcontroller" CPUs. This form of secure CPU, Trusted OS, and RoT is called a Trusted Execution Environment (TEE). 
  • Intel Boot Guard: This is a hardware-based mechanism that provides a verified boot which cryptographically verifies the initial boot block or uses a measuring process for validation. Boot Guard requires a manufacture to generate a 2048-bit key for verifying the initial block. The key is split into a private and public portion. The public key is imprinted by programmatically "blowing" fuse-bits during manufacturing. These are one-time fuses and immutable. The private portion generates the signature of the subsequently verified portion of the boot phase.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.143.228.40