Beyond TrustZone Part 1 - PSA

Similar documents
Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop

Beyond TrustZone PSA. Rob Coombs Security Director. Part1 - PSA Tech Seminars Arm Limited

Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development

A Developer's Guide to Security on Cortex-M based MCUs

New Approaches to Connected Device Security

Designing Security & Trust into Connected Devices

How to protect Automotive systems with ARM Security Architecture

Designing Security & Trust into Connected Devices

Trustzone Security IP for IoT

Designing Security & Trust into Connected Devices

A Secure and Connected Intelligent Future. Ian Smythe Senior Director Marketing, Client Business Arm Tech Symposia 2017

Implementing debug. and trace access. through functional I/O. Alvin Yang Staff FAE. Arm Tech Symposia Arm Limited

The Changing Face of Edge Compute

Connect Your IoT Device: Bluetooth 5, , NB-IoT

Accelerating intelligence at the edge for embedded and IoT applications

Connect your IoT device: Bluetooth 5, , NB-IoT

Compute solutions for mass deployment of autonomy

Trusted Execution Environments (TEE) and the Open Trust Protocol (OTrP) Hannes Tschofenig and Mingliang Pei 16 th July IETF 99 th, Prague

WAVE ONE MAINFRAME WAVE THREE INTERNET WAVE FOUR MOBILE & CLOUD WAVE TWO PERSONAL COMPUTING & SOFTWARE Arm Limited

2017 Arm Limited. How to design an IoT SoC and get Arm CPU IP for no upfront license fee

A New Security Platform for High Performance Client SoCs

Fundamentals of HW-based Security

The Next Steps in the Evolution of Embedded Processors

Mobile & IoT Market Trends and Memory Requirements

Mobile & IoT Market Trends and Memory Requirements

Mobile & IoT Market Trends and Memory Requirements

Designing, developing, debugging ARM Cortex-A and Cortex-M heterogeneous multi-processor systems

Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving

Resilient IoT Security: The end of flat security models

Securing IoT with the ARM mbed ecosystem

Cortex-A75 and Cortex-A55 DynamIQ processors Powering applications from mobile to autonomous driving

ARM instruction sets and CPUs for wide-ranging applications

Innovation is Thriving in Semiconductors

Provisioning secure Identity for Microcontroller based IoT Devices

Tailoring TrustZone as SMM Equivalent

Building firmware update: The devil is in the details

Azure Sphere Transformation. Patrick Ward, Principal Solutions Specialist

Diversity of. connectivity required for scalable IoT devices. Sam Grove Principal Software Engineer Arm. Arm TechCon 2017.

Securing the System with TrustZone Ready Program Securing your Digital World. Secure Services Division

ARM processors driving automotive innovation

Building mbed Together: An Overview of mbed OS and How To Get Involved

The Next Steps in the Evolution of ARM Cortex-M

EDGE COMPUTING & IOT MAKING IT SECURE AND MANAGEABLE FRANCK ROUX MARKETING MANAGER, NXP JUNE PUBLIC

ARM Trusted Firmware Evolution HKG15 February Andrew Thoelke Systems & Software, ARM

Accelerating IoT with ARM mbed

ARM TrustZone for ARMv8-M for software engineers

Advanced IP solutions enabling the autonomous driving revolution

ARM mbed Towards Secure, Scalable, Efficient IoT of Scale

ARM mbed Technical Overview

Arm Mbed Edge. Shiv Ramamurthi Arm. Arm Tech Symposia Arm Limited

Bringing Intelligence to Enterprise Storage Drives

Connecting Securely to the Cloud

Accelerating IoT with ARM mbed

What s In Your e-wallet? Using ARM IP to Enable Security in Mobile Phones. Richard Phelan Media Processing Division TrustZone Security Technology

Date: 13 June Location: Sophia Antipolis. Integrating the SIM. Dr. Adrian Escott. Qualcomm Technologies, Inc.

Arm TrustZone Armv8-M Primer

ARM Security Solutions and Numonyx Authenticated Flash

DynamIQ Processor Designs Using Cortex-A75 & Cortex- A55 for 5G Networks

GlobalPlatform Trusted Execution Environment (TEE) for Mobile

ARM mbed mbed OS mbed Cloud

Design Process. in an embedded system. Kasper Ornstein Mecklenburg SW/HW development engineer Arm Limited

Azure Sphere: Fitting Linux Security in 4 MiB of RAM. Ryan Fairfax Principal Software Engineering Lead Microsoft

Using Virtual Platforms To Improve Software Verification and Validation Efficiency

TZMP-1 Software Reference Implementation. Ken Liu 2018-Mar-12

Protecting your system from the scum of the universe

mbed OS Update Sam Grove Technical Lead, mbed OS June 2017 ARM 2017

Arm Mbed Edge. Nick Zhou Senior Technical Account Manager. Arm Tech Symposia Arm Limited

ARM mbed Technical Overview

Securing IoT devices with STM32 & STSAFE Products family. Fabrice Gendreau Secure MCUs Marketing & Application Managers EMEA Region

Bringing the benefits of Cortex-M processors to FPGA

DesignWare IP for IoT SoC Designs

DynamIQ Processor Designs Using Cortex-A75 & Cortex-A55 for 5G Networks

Accelerating IoT with ARM mbed

Unleash the DSP performance of Arm Cortex processors

Lecture 3 MOBILE PLATFORM SECURITY

TRESCCA Trustworthy Embedded Systems for Secure Cloud Computing

The Open Application Platform for Secure Elements.

OP-TEE Using TrustZone to Protect Our Own Secrets

Oberon M2M IoT Platform. JAN 2016

Security and Performance Benefits of Virtualization

Windows IoT Security. Jackie Chang Sr. Program Manager

HW isolation for automotive environment BoF

Cypress PSoC 6 Microcontrollers

Growth outside Cell Phone Applications

Managing & Accelerating Innovation with Open Source at the Edge

ServerReady and Open Standards Accelerating Delivery

Building secure devices on the intelligent edge with Azure Sphere. Paul Foster, Microsoft Dr Hassan Harb, E.On

SSG Platform Security Division & IOTG Jan Krueger Product Manager IoT Security Solutions

Modern security for microcontrollers

New STM32WB Series MCU with Built-in BLE 5 and IEEE

ARM Trusted Firmware From Embedded to Enterprise. Dan Handley

Protecting your system from the scum of the universe

Delivering High-mix, High-volume Secure Manufacturing in the Distribution Channel

Copyright 2016 Xilinx

CCIX: a new coherent multichip interconnect for accelerated use cases

Microsoft Azure Sphere Overview Martin Grossen, Line Manager Microsoft Embedded / IoT Europe 5. June 2018

So you think developing an SoC needs to be complex or expensive? Think again

智能互联推动嵌入式系统创新. March 2015

Renesas Synergy MCUs Build a Foundation for Groundbreaking Integrated Embedded Platform Development

SIERRAWARE SIERRATEE FOR MIPS OMNISHIELD

Transcription:

Beyond TrustZone Part 1 - PSA Rob Coombs Security Director, Arm Arm Tech Symposia 2017, Hsinchu

Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat models & security analyses Summary 2

Security cannot be optional Arm is announcing: The Platform Security Architecture (PSA) A framework for security for the smallest of connected devices Publically available holistic set of documents & specifications Trusted Firmware-M Open source reference firmware 3

Arm: The Industry s Architecture of Choice Extraordinary growth from sensors to server 50 billion chips shipped 50 billion chips shipped 2016 80% microcontrollers 100 billion chips expected to ship 4 years 22 years 4 years 1991 2013 2017 2021 4

Arm s growing investment in security Helping protect billions of devices 2000+ 2005+ 2010+ 2015+ Today Mbed, CryptoCell, Cortex-M33 TEE for Cortex-A TrustZone for Cortex-A SecurCore Smart Card for payment Apps processors gain TrustZone Enablement of premium content streaming & mobile payment PolarSSL & Sansa join Arm & TrustZone for Armv8-M Platform Security Architecture & Security enclave 5

Diversity is good but better with common ground rules A diverse collection of chips, device makers and services Needs a shared approach to security best practice OEM 1 OEM 2 OEM 3 6 SILICON PARTNER A SILICON PARTNER B SILICON PARTNER C SILICON PARTNER D

A framework to secure 1 trillion devices Announcing the Platform Security Architecture Analyse Threat models and security analyses PSA documents Architect Firmware architecture & hardware specifications Implement Source code & hardware IP Enabling products & contributions 7

Security is a shared responsibility Device SiPs Software Security Systems Cloud 8

Security starts with analysis Analysis leads to requirements System description Assets Threats Security Objectives Security Requirements Example Analyse Asset: metering data to be protected in integrity & confidentiality Threat: Remote SW attacks Security Objective: Strong Crypto Security Requirement: Hardware based key store Arm will deliver representative IoT device security analyses & requirements 9

Architecture incorporating common principles A recipe for building a secure system From analysis to architecture Identify key common principles 10 Common principles across multiple use cases Device identity Trusted boot sequence Secure over-the-air software update Certificate based authentication

PSA deliverables Security architecture derived from principles IoT Security analyses Wireless meter Asset tracker Connected camera Firmware specifications Firmware framework Secure update Boot sequence Hardware requirements 11 RNG Secure storage Crypto

Open source code to accelerate adoption Freely available reference implementation Trusted Firmware-M Reference firmware for the architecture specification Initially targeting Armv8-M In development now publically available first quarter 2018 Arm Mbed OS will provide an implementation of PSA Integrated with Mbed TLS and Mbed Cloud Client Targeting all Cortex-M processors Available in subsequent releases of Mbed OS 12

Platform Security Architecture Designed to secure low cost IoT devices where a full Trusted Execution Environment would not be appropriate. PSA protects sensitive assets (keys, credentials and firmware) by separating these from the application firmware and hardware. PSA defines a Secure Processing Environment (SPE) for this data, the code that manages it and its trusted hardware resources. PSA is architecture neutral and can be implemented on Cortex-M, Cortex-R & Cortex-A. The focus is Cortex-M based devices. Non-secure processing environment Application RTOS Platform hardware Secure processing environment Trusted Functions Secure partition manager Secure boot Root of Trust keys 13

Secure IPC PSA - Standardized Interfaces PSA specifies interfaces to decouple components. Enables reuse of components in other device platforms Reduces integration effort Partners can provide alternative implementations. Necessary to address different cost, footprint, regulatory or security needs PSA provides an architectural specification. Hardware, firmware and process requirements and interfaces Non-secure processing environment Application RTOS Platform hardware Secure processing environment Trusted Functions Secure partition API Secure partition manager Boot firmware Secure hardware requirements Root of Trust keys 14

Secure IPC Example IoT Device Implementation OEMs can choose their preferred implementations. Trusted Firmware-M will be a new OSS project. Non-secure processing environment Application Secure processing environment Device Management To reduce rework across our partners Secure partition API To speed up device or component validation against standards such as Common Criteria EAL Open to any RTOS and other partners. Arm mbed OS Arm Trusted Firmware v8-m TBSA-v8M Boot firmware Armv8-m based SoC Root of Trust keys 15

PSA Firmware Framework Concepts Secure Partition Manager (SPM) Non-secure Processing environment Secure processing environment Provides the boot, isolation and IPC services to the SPE Partition The unit of execution Secure function Non secure partition Application firmware Secure partition Secure function Secure function Secure partition Secure function Secure function Trusted partition Trusted function Trusted function A set of related APIs invoked through secure IPC Trusted function A Secure Function that provides a Root of Trust service OS libraries OS kernel Secure Partition Manager Secure IPC Secure isolation Secure debug Isolation boundary 16

PSA Firmware Isolation Levels Level 2 Separate Root of Trust from Secure Partitions within SPE Level 1 Lower cost hardware only isolate the SPE Level 3 More robustness isolate all partitions from each other 17

Scaling IoT security From device to cloud 18

Key take-aways PSA provides security foundations for low cost IoT devices. PSA makes security easier, quicker & cheaper to implement by providing: IoT Threat models & security analyses Architecture documents Source code: Trusted Firmware-M System IP, dev boards and tools Arm is helping our partners deliver security, deployable at scale. Lead partner availability Now (NDA). General availability Q1 18. 19

Thank You! Danke! Merci! 謝謝! ありがとう! Gracias! Kiitos! 감사합니다 धन यव द 20

The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. www.arm.com/company/policies/trademarks 21

Beyond TrustZone Part 2 - Security Enclaves Rob Coombs Security Director, Arm Arm Tech Symposia 2017, Hsinchu

Agenda New security technology for IoT Security Enclaves CryptoIsland System IP for debug Dev boards & chips GlobalPlatform TEE OTA and RoT topics Summary 23

In a connected everything World What level of security robustness do you need? 24

Security is a balance Cost/effort to attack TrustZone based TEE/PSA Security enclave or subystem Secure Element SW & HW Attacks Physical access to device JTAG, Bus, IO Pins, Time, money & equipment TLS/SSL Communication Attacks Man In The Middle Weak RNG Code vulnerabilities Software Attacks & lightweight hardware attacks Buffer overflows Interrupts Malware Cost/effort to secure *Trusted Execution Environment / Secure Partitioning Manager 25

Beyond TrustZone - Security enclaves A programmable security enclave to extend fixed function CryptoCell family. TrustZone CryptoIslands - an additional family of security solutions by Arm. Aimed at providing on-die security services, in a physically isolated manner (host CPU agnostic). Axiom: less sharing of resources leads to smaller attack surface and fewer vulnerabilities. Certification, at a reasonable cost (i.e. reuse). Debug CoreSight SoC TrustZone Filters Flash Controller(s) Flash (internal / external) Host CPU Instruction cache interconnect System SRAM SRAM Cntl TrustZone filters CryptoIsland Isolating I/F Secure CPU Boot ROM Secure RAM Cryptography LCS Mgr Secure Always On Alarms Roots of Trust Debug control SoC Alwayson domain APB bridge APB peripherals Power Control 26

Example: PSA with CryptoIsland on Armv8-M CryptoIsland is providing services to the Trusted Partitions and/or implements some of these trusted functions. Arm v8-m: non-secure processing environment Arm v8-m: secure processing environment Non-secure processing Environment Secure processing environment (SPE) CryptoIsland security enclave 27

Example: PSA with CryptoIsland on Armv7-M The Secure Processing Environment (SPE) is in CryptoIsland. Arm v7-m: non-secure processing environment CryptoIsland security enclave 28

CryptoIsland-300: the first family member We are forming a 1st security enclave out of existing and mature HW components (CPU, CryptoCell, interconnect, filters, mailbox, power control ) The SW and tools is where a lot of the effort is going invested! Key point is preserve an identical touch and feel from the SW perspective, so the isolation/robustness choice explained earlier won t impact the higher layers. Allowing different implementations to be interchangeable Example target applications: LPWAN, Storage, Automotive, General purpose MCUs 29

New solution for authenticated debug access SDC-600 Hackers can abuse debug interfaces to gain access to the chip. Arm addressing this misuse by enabling debug authentication on our partners silicon. Alternative to blowing e-fuse on debug port. Socrates D ebug Subsystem C oresight SoC SoC Host C PU SDC-600 (Secure Debug Channel) enables certificate based authentication handshake with external agent. SD C -600 Secure D ebug C hannel Isolating I/F Secure C PU CryptoIsland D ebug control Certificate Boot RO M Secure RAM C ryptography LC S Mgr Secure Always O n Alarms Roots of Trust 30

The Secure Debug Manager knows how to do the crypto to generate an unlock certificate for CryptoCell or other unlock technology the target supports 31 Following certificate installation the APs are enabled, allowing external debug access

New dev board for PSA development - Musca-A1! Ready for PSA development Musca-A1 boards Cortex-M33 based dev board. Used for internal software development. Test chip built on PSA recommendations. PSA development platform Prototype your system Available now Come to Arm booth to see Musca-A1! 32

RTC SPI I2S UART PWM I2C master APB Bridge QSPI GPIO IDAU IDAU Musca-A1 PSA development platform Other Arm IP Secure Debug CoreSight SoC Cortex-M33 Instruction Cache Cortex-M33 Instruction Cache TrustZone Filters Local SRAM Always-on domain Power Control Arm CoreLink SDK-200 IP Cadence IP Other Multi-layer AHB5 interconnect AHB5 code interface TrustZone Filters SRAM Controller Code SRAM TrustZone Filters SRAM Cntl System SRAM TrustZone Filters TrustZone Cryptocell TrustZone Filters Cordio BLE / 802.15.4 (digital part) APB Bridge APB Peripherals CoreLink SSE-200 subsystem AHB5 interconnect PLL 32kHz oscillator 32MHz oscillator 32 khz 32 MHz Cordio BLE / 802.15.4 (RF part) Musca-A1 33

Agenda New security technology for IoT Security Enclaves CryptoIsland System IP for debug Dev boards & chips GlobalPlatform TEE OTA and RoT topics Summary 34

Arm TrustZone based TEE architecture A reminder of the architecture Normal world code Trusted software Apps EL1 EL2 Device drivers Rich OS Hypervisor Payment DRM Trusted_Apps Secure device drivers Trusted OS GlobalPlatform standardization TrustZone-based TEE Arm Trusted Firmware SMCCC PSCI Trusted Boot Payload Dispatcher Common foundation Key Trusted SW/HW Arm Cortex-A Hardware Interfaces SoC Subsystem Physical IP Graphics Video CryptoCell Secure store Initial ROT and security subsystem 35

GlobalPlatform & TEE GlobalPlatform is a Standards Defining Organisation: it is the home of TEE. OTA management of TEE is a market requirement Defines APIs and Trusted services Compliance program TEE Protection Profile Security certification program Over the Air TEE management Trusted Management Framework & Open Trust Protocol (PKI & JSON based) 36

A new capability standards based OTA TEE management OTrP* is being developed as an option in TMF & compatible with GlobalPlatform TEE System Architecture. Secure Code Image Dev Image Delivery Server TEE Device Main features: A specific PKI architecture and trust anchors TAM A high level (JSON-based) message protocol A REE Agent for communication with TAM/TSMs A set of mandatory services from the Boot TEE and Bootstrap Domain TEE Device Certificate Authority *Open Trust Protocol is being developed as an option for Trusted Management Framework 37

Root of Trust is the foundation for secure services TPM PC RoT = Trustworthy hardware & security functions Mobile & IoT TEE & / or Security subsystem / SE Cloud HSM A Root of Trust, is a hardware device and a runtime environment that provide a set of trusted functions from which an initial chain or trust can be derived. It is the trust anchor for the system 38

TrustZone based TEE + extended Root of Trust example Normal World IoT developer writes Apps on top of his/her chosen OS. Secure World = Trusted code (Trusted OS/Libs) + Trusted Apps/functions + Trusted hardware 39 Security subsystem Reduced attack surface Protection from physical & side channel attacks. Developed by security specialists.

TrustZone based TEE + security subsystem option An additional security layer Applications Arm TrustZone based TEE for trusted functions RoT mgmt Rollback protection SW updates validation RNG Execution environment isolation Lifecycle management Data protection (off-line, runtime) SW validation & decryption Debug authentication Secure manufacturing Cryptography Persistent trusted storage Security subsystem e.g. Arm CryptoCell for RoT services TrustZone family of security IPs provides protection from physical & SW attacks 40

Summary

Key take-aways Arm has launched CryptoIsland - a new family of Security enclaves by Arm. Provides a robust Root of Trust with some programmability Creates another layer of hardware security beyond TrustZone Arm has launched SDC-600 for certificate based control of debug. The TrustZone based TEE for Cortex-A is gaining a simple OTA management protocol. OTrP provides a PKI based trust architecture and high level JSON protocol Arm is making robust security easier, quicker and cheaper to implement! 42

Thank You! Danke! Merci! 謝謝! ありがとう! Gracias! Kiitos! 감사합니다 धन यव द 43

The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. www.arm.com/company/policies/trademarks 44

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback