Beyond TrustZone PSA Reed Hinkel Senior Manager Embedded Security Market Development Part1 - PSA Tech Seminars 2017
Agenda Platform Security Architecture Architecture overview Trusted Firmware-M IoT Threat models & security analyses Summary 2
Security cannot be optional Arm is announcing: The Platform Security Architecture (PSA) A framework for security for the smallest of connected devices Publically available holistic set of documents & specifications Trusted Firmware-M Open source reference firmware 3
Arm: The Industry s Architecture of Choice Extraordinary growth from sensors to server 50 billion chips shipped 50 billion chips shipped 2016 80% microcontrollers 100 billion chips expected to ship 4 years 22 years 4 years 1991 2013 2017 2021 4
Arm s growing investment in security Helping protect billions of devices 2000+ 2005+ 2010+ 2015+ Today Mbed, CryptoCell, Cortex-M33 TEE for Cortex-A TrustZone for Cortex-A SecurCore Smart Card for payment Apps processors gain TrustZone Enablement of premium content streaming & mobile payment PolarSSL & Sansa join Arm & TrustZone for Armv8-M Platform Security Architecture & Security enclave 5
Diversity is good but better with common ground rules A diverse collection of chips, device makers and services Needs a shared approach to security best practice OEM 1 OEM 2 OEM 3 6 SILICON PARTNER A SILICON PARTNER B SILICON PARTNER C SILICON PARTNER D
A framework to secure 1 trillion devices Announcing the Platform Security Architecture Analyse Threat models and security analyses PSA documents Architect Firmware architecture & hardware specifications Implement Source code & hardware IP Enabling products & contributions 7
Security is a shared responsibility Device SiPs Software Security Systems Cloud 8
Security starts with analysis Analysis leads to requirements System description Assets Threats Security Objectives Security Requirements Example Analyse Asset: metering data to be protected in integrity & confidentiality Threat: Remote SW attacks Security Objective: Strong Crypto Security Requirement: Hardware based key store Arm will deliver representative IoT device security analyses & requirements 9
Architecture incorporating common principles A recipe for building a secure system From analysis to architecture Identify key common principles 10 Common principles across multiple use cases Device identity Trusted boot sequence Secure over-the-air software update Certificate based authentication
PSA deliverables Security architecture derived from principles IoT Security analyses Wireless meter Asset tracker Connected camera Firmware specifications Firmware framework Secure update Boot sequence Hardware requirements 11 RNG Secure storage Crypto
Open source code to accelerate adoption Freely available reference implementation Trusted Firmware-M Reference firmware for the architecture specification Initially targeting Armv8-M In development now publically available first quarter 2018 Arm Mbed OS will provide an implementation of PSA Integrated with Mbed TLS and Mbed Cloud Client Targeting all Cortex-M processors Available in subsequent releases of Mbed OS 12
Platform Security Architecture Designed to secure low cost IoT devices where a full Trusted Execution Environment would not be appropriate. PSA protects sensitive assets (keys, credentials and firmware) by separating these from the application firmware and hardware. PSA defines a Secure Processing Environment (SPE) for this data, the code that manages it and its trusted hardware resources. PSA is architecture neutral and can be implemented on Cortex-M, Cortex-R & Cortex-A. The focus is Cortex-M based devices. Non-secure processing environment Application RTOS Platform hardware Secure processing environment Trusted Functions Secure partition manager Secure boot Root of Trust keys 13
Secure IPC PSA - Standardized Interfaces PSA specifies interfaces to decouple components. Enables reuse of components in other device platforms Reduces integration effort Partners can provide alternative implementations. Necessary to address different cost, footprint, regulatory or security needs PSA provides an architectural specification. Hardware, firmware and process requirements and interfaces Non-secure processing environment Application RTOS Platform hardware Secure processing environment Trusted Functions Secure partition API Secure partition manager Boot firmware Secure hardware requirements Root of Trust keys 14
Secure IPC Example IoT Device Implementation OEMs can choose their preferred implementations. Trusted Firmware-M will be a new OSS project. Non-secure processing environment Application Secure processing environment Device Management To reduce rework across our partners Secure partition API To speed up device or component validation against standards such as Common Criteria EAL Open to any RTOS and other partners. Arm mbed OS Arm Trusted Firmware v8-m TBSA-v8M Boot firmware Armv8-m based SoC Root of Trust keys 15
PSA Firmware Framework Concepts Secure Partition Manager (SPM) provides the boot, isolation and IPC services to the SPE Partition the unit of execution Secure function a set of related APIs invoked through secure IPC Trusted function a Secure Function that provides a Root of Trust service Non-secure Processing environment Non secure partition Application firmware OS libraries OS kernel Secure partition Secure function Secure function Secure Partition Manager Secure processing environment Secure partition Secure function Secure function Trusted partition Trusted function Trusted function Secure IPC Secure isolation Secure debug Isolation boundary 16
PSA Firmware Isolation Levels Level 2 Separate Root of Trust from Secure Partitions within SPE Level 1 Lower cost hardware only isolate the SPE Level 3 More robustness isolate all partitions from each other 17
Scaling IoT security From device to cloud 18
Key take-aways PSA provides security foundations for low cost IoT devices PSA makes security easier, quicker & cheaper to implement by providing: IoT Threat models & security analyses Architecture documents Source code: Trusted Firmware-M System IP, dev boards and tools Arm is helping our partners deliver security, deployable at scale Lead partner availability Now (NDA) General availability Q1 18 19
Thank You! Danke! Merci! 谢谢! ありがとう! Gracias! Kiitos! 20
The Arm trademarks featured in this presentation are registered trademarks or trademarks of Arm Limited (or its subsidiaries) in the US and/or elsewhere. All rights reserved. All other marks featured may be trademarks of their respective owners. www.arm.com/company/policies/trademarks 21