Beyond TrustZone Security Enclaves Reed Hinkel Senior Manager Embedded Security Market Develop Part2 Security Enclaves Tech Seminars 2017
Agenda New security technology for IoT Security Enclaves CryptoIsland System IP for debug Dev boards & chips GlobalPlatform TEE OTA and RoT topics Summary 2
In a connected everything World What level of security robustness do you need? 3
Security is a balance Cost/effort to attack TrustZone based TEE/PSA Security enclave or subystem Secure Element SW & HW Attacks Physical access to device JTAG, Bus, IO Pins, Time, money & equipment TLS/SSL Communication Attacks Man In The Middle Weak RNG Code vulnerabilities Software Attacks & lightweight hardware attacks Buffer overflows Interrupts Malware Cost/effort to secure *Trusted Execution Environment / Secure Partitioning Manager 4
Beyond TrustZone - Security enclaves A programmable security enclave to extend fixed function CryptoCell family. TrustZone CryptoIslands - an additional family of security solutions by Arm. Aimed at providing on-die security services, in a physically isolated manner (host CPU agnostic). Axiom: less sharing of resources leads to smaller attack surface and fewer vulnerabilities. Certification, at a reasonable cost (i.e. reuse). Debug CoreSight SoC TrustZone Filters Flash Controller(s) Flash (internal / external) Host CPU Instruction cache interconnect System SRAM SRAM Cntl TrustZone filters CryptoIsland Isolating I/F Secure CPU Boot ROM Secure RAM Cryptography LCS Mgr Secure Always On Alarms Roots of Trust Debug control SoC Alwayson domain APB bridge APB peripherals Power Control 5
Example: PSA with CryptoIsland on Armv8-M CryptoIsland is providing services to the Trusted Partitions and/or implements some of these trusted functions. Arm v8-m: non-secure processing environment Arm v8-m: secure processing environment Non-secure processing Environment Secure processing environment (SPE) CryptoIsland security enclave 6
Example: PSA with CryptoIsland on Armv7-M The Secure Processing Environment (SPE) is in CryptoIsland. Arm v7-m: non-secure processing environment CryptoIsland security enclave 7
CryptoIsland-300: the first family member We are forming a 1st security enclave out of existing and mature HW components (CPU, CryptoCell, interconnect, filters, mailbox, power control ) The SW and tools is where a lot of the effort is going invested! Key point is preserve an identical touch and feel from the SW perspective, so the isolation/robustness choice explained earlier won t impact the higher layers. Allowing different implementations to be interchangeable Example target applications: LPWAN, Storage, Automotive, General purpose MCUs 8
New solution for authenticated debug access SDC-600 Hackers can abuse debug interfaces to gain access to the chip. Arm addressing this misuse by enabling debug authentication on our partners silicon. Alternative to blowing e-fuse on debug port. Socrates Debug Subsystem CoreSight SoC SoC Host CPU SDC-600 (Secure Debug Channel) enables certificate based authentication handshake with external agent. SDC-600 Secure Debug Channel Isolating I/F Secure CPU CryptoIsland Debug control Certificate Boot ROM Secure RAM Cryptography LCS Mgr Secure Always On Alarms Roots of Trust 9
The Secure Debug Manager knows how to do the crypto to generate an unlock certificate for CryptoCell or other unlock technology the target supports 10 Following certificate installation the APs are enabled, allowing external debug access
New dev board for PSA development - Musca-A1! Ready for PSA development Musca-A1 boards Cortex-M33 based dev board. Used for internal software development. Test chip built on PSA recommendations. Come to Arm booth to see Musca-A1! PSA development platform Prototype your system Available now 11
RTC SPI I2S UART PWM I2C master APB Bridge QSPI GPIO IDAU IDAU Musca-A1 PSA development platform Other Arm IP Secure Debug CoreSight SoC Cortex-M33 Instruction Cache Cortex-M33 Instruction Cache TrustZone Filters Local SRAM Always-on domain Power Control Arm CoreLink SDK-200 IP Cadence IP Other Multi-layer AHB5 interconnect AHB5 code interface TrustZone Filters SRAM Controller Code SRAM TrustZone Filters SRAM Cntl System SRAM TrustZone Filters TrustZone Cryptocell TrustZone Filters Cordio BLE / 802.15.4 (digital part) APB Bridge APB Peripherals CoreLink SSE-200 subsystem AHB5 interconnect PLL 32kHz oscillator 32MHz oscillator 32 khz 32 MHz Cordio BLE / 802.15.4 (RF part) Musca-A1 12
Agenda New security technology for IoT Security Enclaves CryptoIsland System IP for debug Dev boards & chips GlobalPlatform TEE OTA and RoT topics Summary 13
Arm TrustZone based TEE architecture A reminder of the architecture Normal world code Trusted software Apps EL1 EL2 Device drivers Rich OS Hypervisor Payment DRM Trusted_Apps Secure device drivers Trusted OS GlobalPlatform standardization TrustZone-based TEE Arm Trusted Firmware SMCCC PSCI Trusted Boot Payload Dispatcher Common foundation Key Trusted SW/HW Arm Cortex-A Hardware Interfaces SoC Subsystem Physical IP Graphics Video CryptoCell Secure store Initial ROT and security subsystem 14
GlobalPlatform & TEE GlobalPlatform is a Standards Defining Organisation: it is the home of TEE. OTA management of TEE is a market requirement Defines APIs and Trusted services Compliance program TEE Protection Profile Security certification program Over the Air TEE management Trusted Management Framework & Open Trust Protocol (PKI & JSON based) 15
A new capability standards based OTA TEE management OTrP* is being developed as an option in TMF & compatible with GlobalPlatform TEE System Architecture. Secure Code Image Dev Image Delivery Server TEE Device Main features: A specific PKI architecture and trust anchors TAM A high level (JSON-based) message protocol A REE Agent for communication with TAM/TSMs A set of mandatory services from the Boot TEE and Bootstrap Domain TEE Device Certificate Authority *Open Trust Protocol is being developed as an option for Trusted Management Framework 16
Root of Trust is the foundation for secure services TPM PC RoT = Trustworthy hardware & security functions Mobile & IoT TEE & / or Security subsystem / SE Cloud HSM A Root of Trust, is a hardware device and a runtime environment that provide a set of trusted functions from which an initial chain or trust can be derived. It is the trust anchor for the system 17
TrustZone based TEE + extended Root of Trust example Normal World IoT developer writes Apps on top of his/her chosen OS Secure World = Trusted code (Trusted OS/Libs) + Trusted Apps/functions + Trusted hardware 18 Security subsystem Reduced attack surface Protection from physical & side channel attacks Developed by security specialists
TrustZone based TEE + security subsystem option An additional security layer Applications Arm TrustZone based TEE for trusted functions RoT mgmt Rollback protection SW updates validation RNG Execution environment isolation Lifecycle management Data protection (off-line, runtime) SW validation & decryption Debug authentication Secure manufacturing Cryptography Persistent trusted storage Security subsystem e.g. Arm CryptoCell for RoT services TrustZone family of security IPs provides protection from physical & SW attacks 19
Summary
Key take-aways Arm has launched CryptoIsland - a new family of Security enclaves by Arm Provides a robust Root of Trust with some programmability Creates another layer of hardware security beyond TrustZone Arm has launched SDC-600 for certificate based control of debug The TrustZone based TEE for Cortex-A is gaining a simple OTA management protocol OTrP provides a PKI based trust architecture and high level JSON protocol Arm is making robust security easier, quicker and cheaper to implement! 21
Thank You! Danke! Merci! 谢谢! ありがとう! Gracias! Kiitos! 22
The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. www.arm.com/company/policies/trademarks 23