US20130031374A1 - Firmware-based trusted platform module for arm processor architectures and trustzone security extensions - Google Patents

Firmware-based trusted platform module for arm processor architectures and trustzone security extensions Download PDF

Info

Publication number
US20130031374A1
US20130031374A1 US13/193,945 US201113193945A US2013031374A1 US 20130031374 A1 US20130031374 A1 US 20130031374A1 US 201113193945 A US201113193945 A US 201113193945A US 2013031374 A1 US2013031374 A1 US 2013031374A1
Authority
US
United States
Prior art keywords
ftpm
monitor
module
computing device
tpm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US13/193,945
Other versions
US8375221B1 (en
Inventor
Stefan Thom
Jeremiah Cox
David Linsley
Magnus Nystrom
Himanshu Raj
David Robinson
Stefan Saroiu
Rob Spiger
Alastair Wolman
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Priority to US13/193,945 priority Critical patent/US8375221B1/en
Assigned to MICROSOFT CORPORATION reassignment MICROSOFT CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: RAJ, HIMANSHU, ROBINSON, DAVID, SAROIU, STEFAN, WOLMAN, ALASTAIR, COX, Jeremiah, LINSLEY, DAVID, NYSTROM, MAGNUS, SPIGER, Rob, THOM, STEFAN
Priority to KR1020147002458A priority patent/KR101974188B1/en
Priority to CN201280037929.0A priority patent/CN103748594B/en
Priority to EP12820818.8A priority patent/EP2737429A4/en
Priority to JP2014522856A priority patent/JP6053786B2/en
Priority to PCT/US2012/046243 priority patent/WO2013019369A1/en
Priority to KR1020197011906A priority patent/KR102102090B1/en
Publication of US20130031374A1 publication Critical patent/US20130031374A1/en
Priority to US13/764,570 priority patent/US9189653B2/en
Application granted granted Critical
Publication of US8375221B1 publication Critical patent/US8375221B1/en
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC reassignment MICROSOFT TECHNOLOGY LICENSING, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MICROSOFT CORPORATION
Priority to US14/927,988 priority patent/US9489512B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • G06F21/46Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/572Secure firmware programming, e.g. of basic input output system [BIOS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/575Secure boot
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/74Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/034Test or assess a computer or a system

Definitions

  • a “Firmware-Based TPM” or “fTPM” provides various techniques for using hardware such as the ARM® architecture's TrustZoneTM extensions and security primitives to provide secure execution isolation for a Trusted Platform Module (TPM) within a “firmware-based TPM” that can be implemented within devices using existing ARM®-based processor architectures or similar hardware.
  • TPM Trusted Platform Module
  • a conventional Trusted Platform Module is a hardware device or “chip” that provides a secure crypto-processor. More specifically, a typical TPM chip generally offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. It also includes capabilities such as “remote attestation” and sealed storage. Remote attestation is intended to create a practically unforgeable hash key summary of a particular hardware and software configuration. The extent of the summary is decided by the components involved in measuring the hardware and software configuration. This allows a third party to verify that the software and hardware configuration complies with some set policy.
  • TPM Trusted Platform Module
  • Binding encrypts data using a TPM endorsement key, a unique RSA key burned into the TPM chip during its production, or another trusted key descended from it.
  • “Sealing” encrypts data similar to binding, but in addition specifies the state in which the TPM chip must be in order for the data to be decrypted or “unsealed.”
  • TPM chips are also used to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication. For example, it can be used to verify that a system seeking access is an expected or authorized system. Clearly, pushing the security down to the hardware level of a system, by using discrete TPM chips in conjunction with corresponding security software, provides more protection than a software-only solution. However even when a TPM chip is used, keys are still vulnerable once exposed by the TPM chip to applications, as has been illustrated in the case of a conventional cold boot attack.
  • TPMs are generally considered to be optional system components
  • the additional monetary and power costs for including a discrete TPM in a system often leads to the exclusion of such devices during the manufacturing process.
  • TPMs are therefore not ubiquitous which makes it difficult for software or operating system developers to invest substantial resources in broad TPM usage scenarios.
  • Another issue affecting broad TPM usage scenarios is that many conventional discrete TPMs are not compatible with some form factors (e.g., phones, PDA's, tablets, etc.).
  • Trust is a reliance on the integrity of a person or thing. For device users, trust in a device is established by the guarantee that only code that conforms with a set policy can execute on the device. To deliver strong integrity protections and defend against malicious infection and modifications, a combination of hardware and software is used. Operating systems (OS) such as Microsoft® Windows® have previously used a Trusted Platform Module (TPM) as the hardware component for delivering this platform integrity to various systems. Unfortunately, the TPM's broad adoption has met resistance due to a number of reasons, including, for example, the additional Bill of Materials (BOM) cost of adding a discrete TPM component to the motherboard, the cost and time of redesigning a particular device to provide the appropriate interface for connecting or adding a TPM to such devices, etc.
  • BOM Bill of Materials
  • a “Firmware-Based TPM” or “fTPM,” as described herein, addresses the costs associated with including a TPM in hardware such as ARM® System On Chip (SoC) platforms, or similar platforms, to implement a virtually zero-cost “firmware TPM”, thereby reducing the BOM cost of the system, lowering the overall power consumption of the device, and enabling a wide variety of TPM usage scenarios across a wide range of ARM®-based devices.
  • the fTPM provides a software interface to the security extension functionality integral to processors such as ARM® processors without requiring a hardware TPM module to be used in the computing device in which a trusted computing environment is enabled by the fTPM.
  • the fTPM enables a trusted execution environment in computing devices comparable to that provided by a hardware TPM without using a hardware TPM.
  • the software embodying the fTPM can be uploaded, flashed, or otherwise stored or written to the firmware or protected non-volatile memory of many existing computing devices in order to “upgrade” those devices to enable the use of TPM functionality, again without requiring any hardware modifications to such devices.
  • any TPM implementation ensures that it preserves its code and data integrity and confidentiality from all other software running in the system to prevent a wide variety of potential security breaches. Isolation can be implemented with a dedicated security processor (at the cost of adding silicon) or using an elevated execution privilege level offered by the hardware architecture.
  • the Firmware-Based TPM described herein is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placing the fTPM into protected memory of the device along with a simple “Monitor.”
  • protected memory is specifically defined as storage that cannot be read or modified by untrusted components such as the Normal World. Normal operations can neither read nor write both the data and functionality contained within protected storage.
  • the OS operates in Normal World and cannot read or write the protected storage but the “Secure World” including fTPM can.
  • One way to set up this protected memory is for hardware (e.g., a memory or eMMC storage controller) to partition a region of storage (e.g., TrustZone protected memory or Replay Protected Memory Block) for use by the Secure World only.
  • the OS Since the OS is running in the “Normal World” and not in the “Secure World”, the OS cannot access any memory marked as secure unless it uses certain protected mechanisms (e.g., a Secure Monitor Call (SMC) instruction that is relayed to the fTPM as described in detail herein).
  • SMC Secure Monitor Call
  • the “Monitor” described herein is specifically defined as an interface which enables communications from the “Normal World” to be received by the fTPM operating in the “Secure World” while keeping the “Secure World” isolated from the “Normal” World.
  • “Secure World” and “Normal World” operating modes of architectures such as ARM®-based architectures and TrustZoneTM extensions are well known to those skilled in the art and will not be discussed in detail herein. TrustZoneTM extensions are useful in that they provide a common security infrastructure across multiple platforms.
  • the fTPM described herein is operable with any TPM-based security architectures. Examples of such alternative security architectures (i.e., alternative trust execution environments) include, but are not limited to TI OMAP-based architectures, M-Shield-based architectures, x86 system management mode (SMM), etc.
  • the Firmware-Based TPM uses existing ARM®-based architectures and TrustZoneTM extensions to enable execution isolation for ensuring code and data integrity and confidentiality and the isolation of cryptographic operations (and storage) from access by the “Normal World” via a firmware-based “virtual dedicated security processor”.
  • the fTPM described herein is read from system firmware (or other source) and placed into protected memory and uses the ARM® architecture's TrustZoneTM extensions and security primitives to provide secure execution isolation within a “firmware-based TPM” that can be implemented within existing ARM®-based architectures and thus the devices based on such architectures without requiring hardware modifications to existing devices.
  • the Firmware-Based TPM described herein provides various techniques for using hardware such as the ARM® architecture's TrustZone extensions and security primitives to provide secure execution isolation within a “firmware-based TPM” that can be implemented within existing ARM®-based architectures and thus the devices based on such architectures.
  • firmware-based TPM provides various techniques for using hardware such as the ARM® architecture's TrustZone extensions and security primitives to provide secure execution isolation within a “firmware-based TPM” that can be implemented within existing ARM®-based architectures and thus the devices based on such architectures.
  • FIG. 1 illustrates a general architectural and operational flow diagram for instantiating a “Firmware-Based TPM” into protected memory of a general computing device, as described herein.
  • FIG. 2 illustrates a general architectural and operational flow diagram for using a “Firmware-Based TPM” in a pre-OS boot environment, as described herein.
  • FIG. 3 illustrates a general architectural and operational flow diagram for using the “Firmware-Based TPM” in an OS environment following system boot, as described herein.
  • FIG. 4 provides a flow diagram that illustrates an example of typical synchronous operation of the “Firmware-Based TPM”, as described herein
  • FIG. 5 provides a flow diagram that illustrates an example of typical asynchronous operation of the “Firmware-Based TPM”, as described herein
  • FIG. 6 is a general system diagram depicting a simplified general-purpose computing device having simplified computing and I/O capabilities for use in implementing various embodiments of the Firmware-Based TPM, as described herein.
  • a “Firmware-Based TPM” or “fTPM,” as described herein, ensures that it preserve its code and data integrity and confidentiality from all other software running in the system to prevent a wide variety of potential security breaches as well as enabling a wide variety of security application (e.g., cryptographic applications, secure random number generation, disk/file encryption, password authentication, etc.). Isolation can be implemented with a dedicated security processor (at the cost of adding silicon) or using an elevated execution privilege level offered by the hardware architecture.
  • the Firmware-Based TPM described herein does not require the physical hardware of a conventional hardware TPM to enable the same secure code execution as a hardware TPM.
  • the fTPM provides a software-based interface to the security extension functionality integral to processors such as ARM® processors to enable a trusted execution environment (also referred to as a trusted computing environment) in computing devices that is comparable to that provided by a hardware TPM without using a hardware TPM.
  • a trusted execution environment also referred to as a trusted computing environment
  • the software embodying the fTPM can be uploaded, flashed, or otherwise stored or written to the firmware or protected non-volatile memory of many existing computing devices in order to “upgrade” those devices to enable the use of TPM functionality, again without requiring any hardware modifications to such devices.
  • protected memory is specifically defined as storage that cannot be read or modified by untrusted components such as the Normal World. Normal operations can neither read nor write both the data and functionality contained within protected storage.
  • the OS operates in Normal World and cannot read or write the protected storage but the “Secure World” including fTPM can.
  • One way to set up this protected memory is for hardware (e.g., a memory or eMMC storage controller) to partition a region of storage (e.g., TrustZone protected memory or Replay Protected Memory Block) for use by the Secure World only.
  • the OS Since the OS is running in the “Normal World” and not in the “Secure World”, the OS cannot access any memory marked as secure unless it uses certain protected mechanisms (e.g., a Secure Monitor Call (SMC) instruction that is relayed to the fTPM as described in detail herein).
  • SMC Secure Monitor Call
  • the software embodying the fTPM can simply be included in a typical BIOS or firmware update to immediately provide such devices with TPM capabilities upon reboot.
  • a typical BIOS or firmware update to immediately provide such devices with TPM capabilities upon reboot.
  • the various processes and techniques for updating system firmware and/or BIOS for computing devices are well-known to those skilled in the art, and will not be described in detail herein. Consequently, for purposes of explanation, the following discussion will assume that the software embodying the fTPM has already been provided to the firmware of the computing device upon which the fTPM is to be used for enabling TPM functionality.
  • the fTPM is first instantiated in a pre-operating system (OS) boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placing the fTPM into protected memory of the device.
  • OS operating system
  • the pre-OS boot environment or firmware automatically verifies the integrity of the fTPM code (e.g., by validating a “signature” of the fTPM code) prior to allowing that code to be placed into protected memory to ensure it has not been tampered with.
  • the fTPM can also be loaded or instantiated into protected memory following OS boot, it is easier to ensure overall system security by instantiating the fTPM in the pre-OS boot environment.
  • fTPM can be loaded or instantiated into non-protected memory, there will generally be no guarantee of security in such cases.
  • various processes for writing data e.g., the fTPM in the example described herein
  • protected memory prior to, during, or after system boot is well known to those skilled in the art and will not be described herein.
  • the Firmware-Based TPM uses existing hardware such as ARM®-based architectures and TrustZoneTM extensions (or similar technology) to enable execution isolation for ensuring security of code execution via a firmware-based “virtual dedicated security processor”.
  • the Firmware-Based TPM described herein is placed into protected memory that allows the ARM® architecture's TrustZoneTM extensions and security primitives (or similar technology) to provide secure execution isolation within a “firmware-based TPM” that can be implemented within existing ARM®-based architectures and thus the devices based on such architectures.
  • TrustZoneTM extensions are useful in that they provide a common security infrastructure across multiple platforms.
  • the fTPM will generally be described in the context of an implementation using the ARM® architecture's TrustZoneTM extensions and security primitives. However, it should be understood that the fTPM described herein is operable with a wide variety of TPM-based security architectures.
  • this secure execution isolation is provided by the fTPM without requiring hardware modifications to existing devices and without requiring a physical hardware TPM. Consequently, the fTPM is both easier and less expensive to implement within a wide variety of devices without actually requiring a TPM chip or other hardware.
  • the fTPM is fully compatible with all TPM standards. As such, the fTPM can be used in any implementation that would normally require a hardware TPM. Further, from the point of view of software or hardware making use of the fTPM, the fTPM is indistinguishable from a hardware-based TPM.
  • VM virtual machine
  • OS operating system
  • process virtual machine is designed to run a single program, which means that it supports a single process.
  • the “Firmware-Based TPM” or “fTPM” provides various techniques for using the ARM® architecture's TrustZoneTM extensions and security primitives to provide secure execution isolation within a firmware-based TPM that can be implemented within existing ARM®-based architectures (or similar technologies) and thus the devices based on such architectures without requiring hardware modifications to existing devices.
  • the term “device” in the following discussion will generally refer to a general computing device including, but not limited to, personal computers, server computers, hand-held computing devices, laptop or mobile computers, communications devices such as cell phones and PDA's, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, audio or video media players, etc., within which the fTPM is being instantiated to provide that device with TPM capabilities.
  • FIG. 1 illustrates the processes summarized above.
  • the system diagram of FIG. 1 illustrates the interrelationships between program modules for implementing various embodiments of the fTPM within a device, as described herein.
  • the system diagram of FIG. 1 illustrates a high-level view of various embodiments of the fTPM, this figure is not intended to provide an exhaustive or complete illustration of every possible embodiment of the fTPM as described throughout this document.
  • the processes enabled by the Firmware-Based TPM begin operation by using an fTPM instantiation module 100 to read fTPM data/code (i.e., the executable software embodiment of the fTPM) from system firmware 110 , or firmware accessible memory or storage, of the device on which the fTPM is to be enabled.
  • fTPM data/code i.e., the executable software embodiment of the fTPM
  • the fTPM instantiation module 100 then loads or places the fTPM into a protected memory location of system memory 140 to enable an instantiation of the fTPM within the device.
  • the fTPM instantiation module 100 also automatically verifies the integrity of the fTPM code (e.g., by validating a “signature” of the fTPM code) prior to allowing that code to be placed into protected memory to ensure it has not been tampered with.
  • the fTPM instantiation module 100 also instantiates a “Monitor” (i.e., “monitor module 130 ) into protected system memory 140 to allow communication with the fTPM.
  • the “Monitor” described herein is specifically defined as an interface which enables communications from the “Normal World” to be received by the fTPM operating in the “Secure World” while keeping the “Secure World” segregated from the “Normal World.”
  • the monitor module 130 processes commands and responses issued by a Caller (i.e., caller module 150 ) in the “Normal World”, and saves and restores the state of the “World” being switched to/from. More specifically, the Monitor (i.e., monitor module 130 ) intercepts commands or requests (i.e. a requested “operation”) from the caller module 150 . The monitor module 130 then passes those commands or requests to the fTPM module 120 , which in turn executes the operation in its Secure World environment. The fTPM module 120 then writes the response from the executed operation to shared memory and returns to the monitor module 130 which then restores the system back to Caller (i.e., caller module 150 ) in the Normal World environment. Finally, the caller module 150 (or other application) retrieves the fTPM response from shared memory.
  • the Monitor i.e., monitor module 130
  • intercepts commands or requests i.e. a requested “operation”
  • the monitor module 130 passes those commands or requests to the fTPM module 120 ,
  • the caller module 150 exists in the “Normal World” and communicates with fTPM module 120 via the monitor module 130 in the “Secure World” to perform TPM-based tasks or operations for the general computing device in response to tasks or operations requested via the caller module 150 by various applications running on OS (or pre-OS boot environment) of the computing device.
  • the Firmware-Based TPM provides various techniques for using hardware such as the ARM® architecture's TrustZoneTM extensions and security primitives to provide secure execution isolation within a “firmware-based TPM” that can be implemented within existing ARM®-based architectures and thus the devices based on such architectures without requiring hardware modifications to existing devices.
  • the following sections provide a detailed discussion of the operation of various embodiments of the Firmware-Based TPM, and of exemplary methods for implementing the program modules described in Section 1 with respect to FIG. 1 .
  • the following sections provide examples and operational details of various embodiments of the Firmware-Based TPM, including: an architectural overview of the fTPM; system initialization with the fTPM; “Caller” dependent on operating context; synchronous operation, asynchronous operation; and implementing an ARM® TrustZoneTM enabled fTPM within a general computing device.
  • the Firmware-Based TPM-based processes described herein provide various techniques for using hardware such as the ARM® architecture's TrustZoneTM extensions and security primitives to provide the execution isolation required by a TPM within a “firmware-based TPM,” also referred to herein as an “fTPM,” that can be implemented within existing ARM®-based architectures and thus the devices based on such architectures.
  • a “firmware-based TPM” also referred to herein as an “fTPM”
  • the fTPM provides a firmware TPM within existing hardware by leveraging the ARM® architecture TrustZoneTM extensions available on any ARM® based SoC platform.
  • TrustZoneTM provides a secure execution environment (termed “Secure World”) that is strongly isolated from the other components in the system, such as the Windows® operating system (OS) and a UEFI pre-boot environment, running in the normal execution environment (termed Normal World).
  • OS Windows® operating system
  • UEFI Unified Extensible Firmware Interface
  • UEFI Unified Extensible Firmware Interface
  • Each TrustZoneTM enabled fTPM instance includes a minimal Trusted Computing Base (TCB) that provides hardware isolation mechanisms and a secure boot loader which bootstraps the particular fTPM instance from the firmware to protected system memory (see discussion of FIG. 1 , above), thereby providing a protected environment comparable to a conventional hardware-based TPM but without the added cost or complexity of the additional hardware required by the conventional hardware-based TPM.
  • TB Trusted Computing Base
  • the platform's fTPM implementation is installed from system firmware (e.g., BIOS or other system firmware) into protected memory of the device along with a simple Monitor into the TrustZoneTM Secure World before the processor switches into Normal World operating mode.
  • system firmware e.g., BIOS or other system firmware
  • the simple Monitor i.e., monitor module 130
  • the Caller is either boot firmware or an operating system driver as discussed in further detail below.
  • the communication interface between the Caller running in the Normal World and the fTPM instance running in the Secure World is a synchronous or asynchronous shared memory based interface.
  • the Caller uses a Secure Monitor Call (SMC) instruction to enter the Monitor and both synchronous and asynchronous I/O are supported in various embodiments.
  • SMC instructions are a well-known instruction type associated with ARM® TrustZoneTM technologies, and as such, SMC instructions will not be described in detail herein.
  • the Firmware-Based TPM uses a different “Caller” depending on whether the current operating context is a pre-OS boot environment or an OS environment. Note that the following discussion assumes that the fTPM has already been loaded or instantiated into protected memory of the device, as discussed above.
  • the Caller 200 is a UEFI fTPM driver.
  • a UEFI fTPM driver is not a requirement of the fTPM, and that the use of a UEFI fTPM driver is simply one method for initiating pre-OS communications with the fTPM module 120 in the Secure World.
  • the UEFI fTPM driver of the Caller 200 exposes the Trusted Execution Environment (TrEE) UEFI protocol to pre-boot applications such as the Windows® boot manager and other Windows® OS loaders.
  • TrEE Trusted Execution Environment
  • TrEE UEFI protocols are well-known to those skilled in the art, and will not be described in detail herein.
  • the fTPM described herein is not limited to use with Windows® type operating systems, and that other operating systems (e.g., LINUX, UNIX, iOS, OS X, Chrome, Android, etc.) are also operable with the fTPM described herein.
  • a Caller module 200 (e.g., UEFI) is used to communicate with the fTPM module 120 loaded into protected system memory to provide various TPM-based capabilities to the device.
  • Communication between the Caller module 200 (existing in the unprotected environment of the “Normal World” and the fTPM module 120 (existing in the protected environment of the “Secure World”) is performed using a Secure Monitor Call (SMC) instruction 250 which uses monitor module 130 to intercept and pass communications between the fTPM module 120 and the Caller module 200 .
  • SMC Secure Monitor Call
  • monitor module 130 As noted above, during initialization of the fTPM module 120 and the monitor module 130 are installed into system protected memory from system firmware or other firmware accessible memory or storage.
  • the Caller module 200 when using a UEFI-based implementation, includes one or more pre-boot applications 210 and an interface module 220 in communications with an fTPM driver module 230 .
  • the interface module 220 is implemented using a conventional TrEE EFI interface for enabling communications between the pre-boot applications and the fTPM driver module 230 .
  • the fTPM driver module 230 is implemented using an EFI interface that further includes a TrustZoneTM communications module 240 that enables synchronous or asynchronous communications between the Caller module 200 and the Monitor module 130 via SMC instructions 250 , as discussed above.
  • an fTPM active in the pre-OS boot environment can transfer information to the OS environment by writing that information to shared memory that is then accessed in the OS environment following system boot.
  • the Caller module 300 includes a newly defined “Trusted Execution Environment” (TrEE) interface module 320 that, in various embodiments, is optionally implemented using an Advanced Configuration and Power Interface (ACPI).
  • TrEE interface module 320 provides access to the fTPM for all kernel services, including the well-known “TPM.sys” device driver 310 of the Windows® OS which is designed to allow applications to access the TPM functionality of hardware TPMs.
  • Communication between the Caller module 300 and the Monitor module 130 is enabled by a TrustZoneTM Communication module 330 via SMC instructions 250 .
  • the Firmware-Based TPM described herein enables a conventional ARM® SoC, or other security-enabled processor, to be configured with a fTPM such that after the OS is initialized, it has access to a fully functional TPM with virtually no additional BOM cost to the device.
  • This enables hardware such as ARM® SoC platforms to perform a variety of tasks, including, but not limited to:
  • FIG. 6 illustrates a simplified example of a general-purpose computer system on which various embodiments and elements of the fTPM, as described herein, may be implemented. It should be noted that any boxes that are represented by broken or dashed lines in FIG. 6 represent alternate embodiments of the simplified computing device, and that any or all of these alternate embodiments, as described below, may be used in combination with other alternate embodiments that are described throughout this document.
  • FIG. 6 shows a general system diagram showing a simplified computing device 600 .
  • Such computing devices can be typically be found in devices having at least some minimum computational capability, including, but not limited to, personal computers, server computers, hand-held computing devices, laptop or mobile computers, communications devices such as cell phones and PDA's, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, audio or video media players, etc.
  • the device should have a sufficient computational capability and system memory 620 to enable basic computational operations along with system firmware 625 (or other firmware accessible memory or storage from which the fTPM is instantiated into protected system memory 620 ).
  • system firmware 625 or other firmware accessible memory or storage from which the fTPM is instantiated into protected system memory 620 .
  • the computational capability is generally illustrated by one or more processing unit(s) 610 , and may also include one or more GPUs 615 , either or both in communication with system memory 620 .
  • processing unit(s) 610 of the general computing device 600 may be specialized microprocessors, such as a DSP, a VLIW, or other micro-controller, or can be conventional CPUs having one or more processing cores, including specialized GPU-based cores in a multi-core CPU.
  • the simplified computing device of FIG. 6 may also include other components, such as, for example, a communications interface 630 .
  • the simplified computing device of FIG. 6 may also include one or more conventional computer input devices 640 (e.g., pointing devices, keyboards, audio input devices, video input devices, haptic input devices, devices for receiving wired or wireless data transmissions, etc.).
  • the simplified computing device of FIG. 6 may also include other optional components, such as, for example, one or more conventional computer output devices 650 (e.g., display device(s) 655 , audio output devices, video output devices, devices for transmitting wired or wireless data transmissions, etc.).
  • typical communications interfaces 630 , input devices 640 , output devices 650 , and storage devices 660 for general-purpose computers are well known to those skilled in the art, and will not be described in detail herein.
  • the simplified computing device of FIG. 6 may also include a variety of computer readable media.
  • Computer readable media can be any available media that can be accessed by computing device 600 via storage devices 660 and includes both volatile and nonvolatile media that is either removable 670 and/or non-removable 680 , for storage of information such as computer-readable or computer-executable instructions, data structures, applications, program modules, or other data.
  • Computer readable media may comprise computer storage media and communication media.
  • Computer storage media includes, but is not limited to, computer or machine readable media or storage devices such as DVD's, CD's, floppy disks, tape drives, hard drives, optical drives, solid state memory devices, RAM, ROM, EEPROM, flash memory or other memory technology, magnetic cassettes, magnetic tapes, magnetic disk storage, or other magnetic storage devices, or any other device which can be used to store the desired information and which can be accessed by one or more computing devices.
  • computer or machine readable media or storage devices such as DVD's, CD's, floppy disks, tape drives, hard drives, optical drives, solid state memory devices, RAM, ROM, EEPROM, flash memory or other memory technology, magnetic cassettes, magnetic tapes, magnetic disk storage, or other magnetic storage devices, or any other device which can be used to store the desired information and which can be accessed by one or more computing devices.
  • modulated data signal or “carrier wave” generally refer a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
  • communication media includes wired media such as a wired network or direct-wired connection carrying one or more modulated data signals, and wireless media such as acoustic, RF, infrared, laser, and other wireless media for transmitting and/or receiving one or more modulated data signals or carrier waves. Combinations of the any of the above should also be included within the scope of communication media.
  • applications, software, programs, and/or computer program products embodying the some or all of the various embodiments of the fTPM described herein, or portions thereof, may be stored, received, transmitted, or read from any desired combination of computer or machine readable media or storage devices and communication media in the form of computer executable instructions or other data structures.
  • program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types.
  • the embodiments described herein may also be practiced in distributed computing environments where tasks are performed by one or more remote processing devices, or within a cloud of one or more devices, that are linked through one or more communications networks.
  • program modules may be located in both local and remote computer storage media including media storage devices.
  • the aforementioned instructions may be implemented, in part or in whole, as hardware logic circuits, which may or may not include a processor.

Abstract

A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture's TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.

Description

    BACKGROUND
  • 1. Technical Field
  • A “Firmware-Based TPM” or “fTPM” provides various techniques for using hardware such as the ARM® architecture's TrustZone™ extensions and security primitives to provide secure execution isolation for a Trusted Platform Module (TPM) within a “firmware-based TPM” that can be implemented within devices using existing ARM®-based processor architectures or similar hardware.
  • 2. Background Art
  • As is well known to those skilled in the art, a conventional Trusted Platform Module (TPM) is a hardware device or “chip” that provides a secure crypto-processor. More specifically, a typical TPM chip generally offers facilities for the secure generation of cryptographic keys, and limitation of their use, in addition to a hardware pseudo-random number generator. It also includes capabilities such as “remote attestation” and sealed storage. Remote attestation is intended to create a practically unforgeable hash key summary of a particular hardware and software configuration. The extent of the summary is decided by the components involved in measuring the hardware and software configuration. This allows a third party to verify that the software and hardware configuration complies with some set policy. “Binding” encrypts data using a TPM endorsement key, a unique RSA key burned into the TPM chip during its production, or another trusted key descended from it. “Sealing” encrypts data similar to binding, but in addition specifies the state in which the TPM chip must be in order for the data to be decrypted or “unsealed.”
  • TPM chips are also used to authenticate hardware devices. Since each TPM chip has a unique and secret RSA key burned in as it is produced, it is capable of performing platform authentication. For example, it can be used to verify that a system seeking access is an expected or authorized system. Clearly, pushing the security down to the hardware level of a system, by using discrete TPM chips in conjunction with corresponding security software, provides more protection than a software-only solution. However even when a TPM chip is used, keys are still vulnerable once exposed by the TPM chip to applications, as has been illustrated in the case of a conventional cold boot attack.
  • Many conventional solutions for implementing a TPM for a computing system involve integrating a discrete hardware TPM chip into the motherboard or system board of such computing systems. Unfortunately, such solutions face several challenges. For example, integrating TPM chips into a typical motherboard design results in an increased bill of materials (BOM) cost in the order of about $1 to $2 per system. However, even such relatively low per-device costs can add to a very large total considering the tremendous volume of computing devices being manufactured around the world. Another challenge often associated with conventional TPM chips is that discrete TPMs are generally not optimized for energy efficiency, and can impact the power budget for low-power systems (e.g., portable computing devices, PDA's, tablets, netbooks, mobile phones, etc.). Further, due to BOM constraints, discrete TPM chips are often implemented with relatively slow (and thus low cost) processors which negatively impacts or potentially prevents certain usage scenarios.
  • Consequently, because TPMs are generally considered to be optional system components, the additional monetary and power costs for including a discrete TPM in a system often leads to the exclusion of such devices during the manufacturing process. TPMs are therefore not ubiquitous which makes it difficult for software or operating system developers to invest substantial resources in broad TPM usage scenarios. Another issue affecting broad TPM usage scenarios is that many conventional discrete TPMs are not compatible with some form factors (e.g., phones, PDA's, tablets, etc.). In fact, many conventional devices such as mobile phones and tablet type computers don't generally use discrete TPMs, and in some cases may not have the appropriate interconnects (e.g., an LPC bus) to support the use of discrete TPMs with the system-on-a-chip (SoC) driving devices such as phones or tablets.
  • SUMMARY
  • This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter. Further, while certain disadvantages of prior technologies may be noted or discussed herein, the claimed subject matter is not intended to be limited to implementations that may solve or address any or all of the disadvantages of those prior technologies.
  • Trust is a reliance on the integrity of a person or thing. For device users, trust in a device is established by the guarantee that only code that conforms with a set policy can execute on the device. To deliver strong integrity protections and defend against malicious infection and modifications, a combination of hardware and software is used. Operating systems (OS) such as Microsoft® Windows® have previously used a Trusted Platform Module (TPM) as the hardware component for delivering this platform integrity to various systems. Unfortunately, the TPM's broad adoption has met resistance due to a number of reasons, including, for example, the additional Bill of Materials (BOM) cost of adding a discrete TPM component to the motherboard, the cost and time of redesigning a particular device to provide the appropriate interface for connecting or adding a TPM to such devices, etc.
  • In general, a “Firmware-Based TPM” or “fTPM,” as described herein, addresses the costs associated with including a TPM in hardware such as ARM® System On Chip (SoC) platforms, or similar platforms, to implement a virtually zero-cost “firmware TPM”, thereby reducing the BOM cost of the system, lowering the overall power consumption of the device, and enabling a wide variety of TPM usage scenarios across a wide range of ARM®-based devices. In contrast to conventional techniques, the fTPM provides a software interface to the security extension functionality integral to processors such as ARM® processors without requiring a hardware TPM module to be used in the computing device in which a trusted computing environment is enabled by the fTPM.
  • In other words, in contrast to conventional techniques, the fTPM enables a trusted execution environment in computing devices comparable to that provided by a hardware TPM without using a hardware TPM. Further, the software embodying the fTPM can be uploaded, flashed, or otherwise stored or written to the firmware or protected non-volatile memory of many existing computing devices in order to “upgrade” those devices to enable the use of TPM functionality, again without requiring any hardware modifications to such devices.
  • More specifically, any TPM implementation ensures that it preserves its code and data integrity and confidentiality from all other software running in the system to prevent a wide variety of potential security breaches. Isolation can be implemented with a dedicated security processor (at the cost of adding silicon) or using an elevated execution privilege level offered by the hardware architecture. The Firmware-Based TPM described herein is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placing the fTPM into protected memory of the device along with a simple “Monitor.”
  • Note that the terms “protected memory”, “protected storage”, and similar terms used herein are specifically defined as storage that cannot be read or modified by untrusted components such as the Normal World. Normal operations can neither read nor write both the data and functionality contained within protected storage. For example, the OS operates in Normal World and cannot read or write the protected storage but the “Secure World” including fTPM can. One way to set up this protected memory is for hardware (e.g., a memory or eMMC storage controller) to partition a region of storage (e.g., TrustZone protected memory or Replay Protected Memory Block) for use by the Secure World only. Since the OS is running in the “Normal World” and not in the “Secure World”, the OS cannot access any memory marked as secure unless it uses certain protected mechanisms (e.g., a Secure Monitor Call (SMC) instruction that is relayed to the fTPM as described in detail herein).
  • Note that the “Monitor” described herein is specifically defined as an interface which enables communications from the “Normal World” to be received by the fTPM operating in the “Secure World” while keeping the “Secure World” isolated from the “Normal” World. Note also that “Secure World” and “Normal World” operating modes of architectures such as ARM®-based architectures and TrustZone™ extensions are well known to those skilled in the art and will not be discussed in detail herein. TrustZone™ extensions are useful in that they provide a common security infrastructure across multiple platforms. However, it should be understood that the fTPM described herein is operable with any TPM-based security architectures. Examples of such alternative security architectures (i.e., alternative trust execution environments) include, but are not limited to TI OMAP-based architectures, M-Shield-based architectures, x86 system management mode (SMM), etc.
  • Once instantiated, the Firmware-Based TPM then uses existing ARM®-based architectures and TrustZone™ extensions to enable execution isolation for ensuring code and data integrity and confidentiality and the isolation of cryptographic operations (and storage) from access by the “Normal World” via a firmware-based “virtual dedicated security processor”. In other words, the fTPM described herein is read from system firmware (or other source) and placed into protected memory and uses the ARM® architecture's TrustZone™ extensions and security primitives to provide secure execution isolation within a “firmware-based TPM” that can be implemented within existing ARM®-based architectures and thus the devices based on such architectures without requiring hardware modifications to existing devices.
  • Consequently, one advantage of the Firmware-Based TPM is that it uses existing ARM® TrustZone™ extensions for implementing the execution isolation needed by the TPM without actually requiring a TPM chip or other hardware. In contrast, various conventional systems have either used a discrete TPM or added a dedicated security processor to the SoC. Unfortunately, both of these approaches incur additional cost to the system. TrustZone™, however, is a nearly ubiquitous feature across the broad set of high-end ARM® SoC roadmaps but remains largely unused. When it is leveraged, TrustZone™ has been mainly used in niche, vertical, solutions for secure payments, mobile banking, DRM, etc. Therefore, the use of TrustZone™ by the Firmware-Based TPM to implement a TPM in the firmware of existing devices adds significant value to existing devices without requiring hardware modifications to such devices. As such, TPM ubiquity across multiple SoC platforms is enabled by the Firmware-Based TPM described herein.
  • In view of the above summary, it is clear that the Firmware-Based TPM described herein provides various techniques for using hardware such as the ARM® architecture's TrustZone extensions and security primitives to provide secure execution isolation within a “firmware-based TPM” that can be implemented within existing ARM®-based architectures and thus the devices based on such architectures. In addition to the benefits described above, other advantages of the Firmware-Based TPM will become apparent from the detailed description that follows hereinafter when taken in conjunction with the accompanying drawing figures.
  • DESCRIPTION OF THE DRAWINGS
  • The specific features, aspects, and advantages of the claimed subject matter will become better understood with regard to the following description, appended claims, and accompanying drawings where:
  • FIG. 1 illustrates a general architectural and operational flow diagram for instantiating a “Firmware-Based TPM” into protected memory of a general computing device, as described herein.
  • FIG. 2 illustrates a general architectural and operational flow diagram for using a “Firmware-Based TPM” in a pre-OS boot environment, as described herein.
  • FIG. 3 illustrates a general architectural and operational flow diagram for using the “Firmware-Based TPM” in an OS environment following system boot, as described herein.
  • FIG. 4 provides a flow diagram that illustrates an example of typical synchronous operation of the “Firmware-Based TPM”, as described herein
  • FIG. 5 provides a flow diagram that illustrates an example of typical asynchronous operation of the “Firmware-Based TPM”, as described herein
  • FIG. 6 is a general system diagram depicting a simplified general-purpose computing device having simplified computing and I/O capabilities for use in implementing various embodiments of the Firmware-Based TPM, as described herein.
  • DETAILED DESCRIPTION OF THE EMBODIMENTS
  • In the following description of the embodiments of the claimed subject matter, reference is made to the accompanying drawings, which form a part hereof, and in which is shown by way of illustration specific embodiments in which the claimed subject matter may be practiced. It should be understood that other embodiments may be utilized and structural changes may be made without departing from the scope of the presently claimed subject matter.
  • 1.0 Introduction:
  • In general, as with a conventional hardware TPM, a “Firmware-Based TPM” or “fTPM,” as described herein, ensures that it preserve its code and data integrity and confidentiality from all other software running in the system to prevent a wide variety of potential security breaches as well as enabling a wide variety of security application (e.g., cryptographic applications, secure random number generation, disk/file encryption, password authentication, etc.). Isolation can be implemented with a dedicated security processor (at the cost of adding silicon) or using an elevated execution privilege level offered by the hardware architecture. Advantageously, the Firmware-Based TPM described herein does not require the physical hardware of a conventional hardware TPM to enable the same secure code execution as a hardware TPM.
  • In other words, in contrast to conventional techniques, the fTPM provides a software-based interface to the security extension functionality integral to processors such as ARM® processors to enable a trusted execution environment (also referred to as a trusted computing environment) in computing devices that is comparable to that provided by a hardware TPM without using a hardware TPM. Further, the software embodying the fTPM can be uploaded, flashed, or otherwise stored or written to the firmware or protected non-volatile memory of many existing computing devices in order to “upgrade” those devices to enable the use of TPM functionality, again without requiring any hardware modifications to such devices.
  • Note that the terms “protected memory”, “protected storage”, and similar terms used herein are specifically defined as storage that cannot be read or modified by untrusted components such as the Normal World. Normal operations can neither read nor write both the data and functionality contained within protected storage. For example, the OS operates in Normal World and cannot read or write the protected storage but the “Secure World” including fTPM can. One way to set up this protected memory is for hardware (e.g., a memory or eMMC storage controller) to partition a region of storage (e.g., TrustZone protected memory or Replay Protected Memory Block) for use by the Secure World only. Since the OS is running in the “Normal World” and not in the “Secure World”, the OS cannot access any memory marked as secure unless it uses certain protected mechanisms (e.g., a Secure Monitor Call (SMC) instruction that is relayed to the fTPM as described in detail herein).
  • For example, in various embodiments, the software embodying the fTPM can simply be included in a typical BIOS or firmware update to immediately provide such devices with TPM capabilities upon reboot. Note that the various processes and techniques for updating system firmware and/or BIOS for computing devices are well-known to those skilled in the art, and will not be described in detail herein. Consequently, for purposes of explanation, the following discussion will assume that the software embodying the fTPM has already been provided to the firmware of the computing device upon which the fTPM is to be used for enabling TPM functionality.
  • In particular, the fTPM is first instantiated in a pre-operating system (OS) boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placing the fTPM into protected memory of the device. Note that in various embodiments, the pre-OS boot environment (or firmware) automatically verifies the integrity of the fTPM code (e.g., by validating a “signature” of the fTPM code) prior to allowing that code to be placed into protected memory to ensure it has not been tampered with. Note also that while the fTPM can also be loaded or instantiated into protected memory following OS boot, it is easier to ensure overall system security by instantiating the fTPM in the pre-OS boot environment. Further, while the fTPM can be loaded or instantiated into non-protected memory, there will generally be no guarantee of security in such cases. Note that various processes for writing data (e.g., the fTPM in the example described herein) into protected memory prior to, during, or after system boot is well known to those skilled in the art and will not be described herein.
  • Once instantiated, the Firmware-Based TPM then uses existing hardware such as ARM®-based architectures and TrustZone™ extensions (or similar technology) to enable execution isolation for ensuring security of code execution via a firmware-based “virtual dedicated security processor”. In other words, the Firmware-Based TPM described herein is placed into protected memory that allows the ARM® architecture's TrustZone™ extensions and security primitives (or similar technology) to provide secure execution isolation within a “firmware-based TPM” that can be implemented within existing ARM®-based architectures and thus the devices based on such architectures. Note that TrustZone™ extensions are useful in that they provide a common security infrastructure across multiple platforms. It should also be noted that for purposes of explanation, the fTPM will generally be described in the context of an implementation using the ARM® architecture's TrustZone™ extensions and security primitives. However, it should be understood that the fTPM described herein is operable with a wide variety of TPM-based security architectures.
  • Advantageously, this secure execution isolation is provided by the fTPM without requiring hardware modifications to existing devices and without requiring a physical hardware TPM. Consequently, the fTPM is both easier and less expensive to implement within a wide variety of devices without actually requiring a TPM chip or other hardware. In addition, the fTPM is fully compatible with all TPM standards. As such, the fTPM can be used in any implementation that would normally require a hardware TPM. Further, from the point of view of software or hardware making use of the fTPM, the fTPM is indistinguishable from a hardware-based TPM.
  • Further, it is important to note that since the fTPM is simply written to protected memory during instantiation, multiple copies or versions of the fTPM can be written to separate regions of protected memory thereby enabling separate TPM capability for each separate processor, co-processors, CPUs in a multi-processor or multi-CPU system, and other separate heterogeneous or asymmetrical processor architectures. Note that SoC's and other new system architectures are adding additional cores with different capabilities than the traditional collection of identical cores and that the fTPM is operable with such devices and hardware. Similarly, in the case of virtual environments (e.g., virtual machines) running within a single system, this capability allows separate and isolated TPM capability to be provided to each virtual environment. Note that as is well understood by those skilled in the art, a virtual machine (VM) is a software implementation of a machine (i.e., a computer) that executes programs like a physical machine. Virtual machines are generally separated into two major categories, based on their use and degree of correspondence to any real machine. In particular, a system virtual machine provides a complete system platform which supports the execution of a complete operating system (OS), while a process virtual machine is designed to run a single program, which means that it supports a single process.
  • Note that for purposes of explanation, the following discussion will generally focus on a single instance of the fTPM within a single processor system. However, in view of the preceding discussion, it should be clear that multiple instances of the fTPM may be implemented within multi-processor or multi-core systems other heterogeneous or asymmetrical processor architectures, and within systems running one or more virtual environments such as a virtual machine (VM). Note also that the following discussion refers to the TrustZone™ “Secure World” and “Normal World” operating modes. These operating modes are well known to those skilled in the art and will not be discussed in detail herein.
  • 1.1 System Overview:
  • As noted above, the “Firmware-Based TPM” or “fTPM” provides various techniques for using the ARM® architecture's TrustZone™ extensions and security primitives to provide secure execution isolation within a firmware-based TPM that can be implemented within existing ARM®-based architectures (or similar technologies) and thus the devices based on such architectures without requiring hardware modifications to existing devices. Note that the term “device” in the following discussion will generally refer to a general computing device including, but not limited to, personal computers, server computers, hand-held computing devices, laptop or mobile computers, communications devices such as cell phones and PDA's, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, audio or video media players, etc., within which the fTPM is being instantiated to provide that device with TPM capabilities.
  • The processes summarized above are illustrated by the general system diagram of FIG. 1. In particular, the system diagram of FIG. 1 illustrates the interrelationships between program modules for implementing various embodiments of the fTPM within a device, as described herein. Furthermore, while the system diagram of FIG. 1 illustrates a high-level view of various embodiments of the fTPM, this figure is not intended to provide an exhaustive or complete illustration of every possible embodiment of the fTPM as described throughout this document.
  • In general, as illustrated by FIG. 1, the processes enabled by the Firmware-Based TPM begin operation by using an fTPM instantiation module 100 to read fTPM data/code (i.e., the executable software embodiment of the fTPM) from system firmware 110, or firmware accessible memory or storage, of the device on which the fTPM is to be enabled. The fTPM instantiation module 100 then loads or places the fTPM into a protected memory location of system memory 140 to enable an instantiation of the fTPM within the device. Note also that in various embodiments, the fTPM instantiation module 100 also automatically verifies the integrity of the fTPM code (e.g., by validating a “signature” of the fTPM code) prior to allowing that code to be placed into protected memory to ensure it has not been tampered with. The fTPM instantiation module 100 also instantiates a “Monitor” (i.e., “monitor module 130) into protected system memory 140 to allow communication with the fTPM. Note that the “Monitor” described herein is specifically defined as an interface which enables communications from the “Normal World” to be received by the fTPM operating in the “Secure World” while keeping the “Secure World” segregated from the “Normal World.”
  • In general, the monitor module 130 processes commands and responses issued by a Caller (i.e., caller module 150) in the “Normal World”, and saves and restores the state of the “World” being switched to/from. More specifically, the Monitor (i.e., monitor module 130) intercepts commands or requests (i.e. a requested “operation”) from the caller module 150. The monitor module 130 then passes those commands or requests to the fTPM module 120, which in turn executes the operation in its Secure World environment. The fTPM module 120 then writes the response from the executed operation to shared memory and returns to the monitor module 130 which then restores the system back to Caller (i.e., caller module 150) in the Normal World environment. Finally, the caller module 150 (or other application) retrieves the fTPM response from shared memory.
  • In other words, in general, the caller module 150 exists in the “Normal World” and communicates with fTPM module 120 via the monitor module 130 in the “Secure World” to perform TPM-based tasks or operations for the general computing device in response to tasks or operations requested via the caller module 150 by various applications running on OS (or pre-OS boot environment) of the computing device.
  • 2.0 Operational Details of the Firmware-Based TPM:
  • The above-described program modules are employed for implementing various embodiments of the Firmware-Based TPM. As summarized above, the Firmware-Based TPM provides various techniques for using hardware such as the ARM® architecture's TrustZone™ extensions and security primitives to provide secure execution isolation within a “firmware-based TPM” that can be implemented within existing ARM®-based architectures and thus the devices based on such architectures without requiring hardware modifications to existing devices.
  • The following sections provide a detailed discussion of the operation of various embodiments of the Firmware-Based TPM, and of exemplary methods for implementing the program modules described in Section 1 with respect to FIG. 1. In particular, the following sections provide examples and operational details of various embodiments of the Firmware-Based TPM, including: an architectural overview of the fTPM; system initialization with the fTPM; “Caller” dependent on operating context; synchronous operation, asynchronous operation; and implementing an ARM® TrustZone™ enabled fTPM within a general computing device.
  • 2.1 Architectural Overview of the fTPM:
  • As noted above, the Firmware-Based TPM-based processes described herein provide various techniques for using hardware such as the ARM® architecture's TrustZone™ extensions and security primitives to provide the execution isolation required by a TPM within a “firmware-based TPM,” also referred to herein as an “fTPM,” that can be implemented within existing ARM®-based architectures and thus the devices based on such architectures.
  • More specifically, the fTPM provides a firmware TPM within existing hardware by leveraging the ARM® architecture TrustZone™ extensions available on any ARM® based SoC platform. As is well known to those skilled in the art, TrustZone™ provides a secure execution environment (termed “Secure World”) that is strongly isolated from the other components in the system, such as the Windows® operating system (OS) and a UEFI pre-boot environment, running in the normal execution environment (termed Normal World). Note that the UEFI (Unified Extensible Firmware Interface) is a well-known specification that defines a software interface between an operating system and platform firmware. Each TrustZone™ enabled fTPM instance includes a minimal Trusted Computing Base (TCB) that provides hardware isolation mechanisms and a secure boot loader which bootstraps the particular fTPM instance from the firmware to protected system memory (see discussion of FIG. 1, above), thereby providing a protected environment comparable to a conventional hardware-based TPM but without the added cost or complexity of the additional hardware required by the conventional hardware-based TPM.
  • 2.2 System Initialization with the fTPM:
  • In general, as discussed above with respect to FIG. 1, during system initialization, the platform's fTPM implementation is installed from system firmware (e.g., BIOS or other system firmware) into protected memory of the device along with a simple Monitor into the TrustZone™ Secure World before the processor switches into Normal World operating mode. As discussed above with respect to FIG. 1, the simple Monitor (i.e., monitor module 130) performs two tasks:
      • 1) Processing commands/responses issued by the Caller in the Normal
  • World. Note that in most scenarios, the Caller is either boot firmware or an operating system driver as discussed in further detail below.
      • 2) Saving and restoring the state of the World being switched to/from.
  • In general, the communication interface between the Caller running in the Normal World and the fTPM instance running in the Secure World is a synchronous or asynchronous shared memory based interface. The Caller uses a Secure Monitor Call (SMC) instruction to enter the Monitor and both synchronous and asynchronous I/O are supported in various embodiments. Note that SMC instructions are a well-known instruction type associated with ARM® TrustZone™ technologies, and as such, SMC instructions will not be described in detail herein.
  • 2.3 “Caller” Dependent on Operating Context:
  • As shown in FIG. 2 and FIG. 3, the Firmware-Based TPM uses a different “Caller” depending on whether the current operating context is a pre-OS boot environment or an OS environment. Note that the following discussion assumes that the fTPM has already been loaded or instantiated into protected memory of the device, as discussed above.
  • For example, as illustrated by FIG. 2, in a tested embodiment, within a UEFI pre-OS boot environment, the Caller 200 is a UEFI fTPM driver. However, it must be understood that the use of a UEFI fTPM driver is not a requirement of the fTPM, and that the use of a UEFI fTPM driver is simply one method for initiating pre-OS communications with the fTPM module 120 in the Secure World. Thus, assuming the use of a UEFI fTPM driver, the UEFI fTPM driver of the Caller 200 exposes the Trusted Execution Environment (TrEE) UEFI protocol to pre-boot applications such as the Windows® boot manager and other Windows® OS loaders. Note that TrEE UEFI protocols are well-known to those skilled in the art, and will not be described in detail herein. Note also that the fTPM described herein is not limited to use with Windows® type operating systems, and that other operating systems (e.g., LINUX, UNIX, iOS, OS X, Chrome, Android, etc.) are also operable with the fTPM described herein.
  • In general, as illustrated by FIG. 2, in a pre-OS boot environment a Caller module 200 (e.g., UEFI) is used to communicate with the fTPM module 120 loaded into protected system memory to provide various TPM-based capabilities to the device. Communication between the Caller module 200 (existing in the unprotected environment of the “Normal World” and the fTPM module 120 (existing in the protected environment of the “Secure World”) is performed using a Secure Monitor Call (SMC) instruction 250 which uses monitor module 130 to intercept and pass communications between the fTPM module 120 and the Caller module 200. As noted above, during initialization of the fTPM module 120 and the monitor module 130 are installed into system protected memory from system firmware or other firmware accessible memory or storage.
  • More specifically, in various embodiments, in the pre-OS boot environment, when using a UEFI-based implementation, the Caller module 200 includes one or more pre-boot applications 210 and an interface module 220 in communications with an fTPM driver module 230. In the exemplary embodiment illustrated by FIG. 2, the interface module 220 is implemented using a conventional TrEE EFI interface for enabling communications between the pre-boot applications and the fTPM driver module 230. Further, in the exemplary embodiment illustrated by FIG. 2, the fTPM driver module 230 is implemented using an EFI interface that further includes a TrustZone™ communications module 240 that enables synchronous or asynchronous communications between the Caller module 200 and the Monitor module 130 via SMC instructions 250, as discussed above. In addition, it should be noted that an fTPM active in the pre-OS boot environment can transfer information to the OS environment by writing that information to shared memory that is then accessed in the OS environment following system boot.
  • In contrast, as illustrated by FIG. 3, within the OS environment, the Caller module 300 includes a newly defined “Trusted Execution Environment” (TrEE) interface module 320 that, in various embodiments, is optionally implemented using an Advanced Configuration and Power Interface (ACPI). Assuming a Windows®-based OS, the TrEE interface module 320 provides access to the fTPM for all kernel services, including the well-known “TPM.sys” device driver 310 of the Windows® OS which is designed to allow applications to access the TPM functionality of hardware TPMs. Communication between the Caller module 300 and the Monitor module 130 is enabled by a TrustZone™ Communication module 330 via SMC instructions 250.
  • 2.4 Synchronous Operation:
  • As illustrated by FIG. 4, in a typical synchronous operation scenario, the following steps are performed in the sequence shown:
      • 1) Caller writes a command to shared memory (400).
      • 2) Caller executes the SMC instruction to enter the Monitor (410).
      • 3) Monitor passes the command to the fTPM instance in Secure World (415).
      • 4) fTPM executes the operation in Secure World (420). Note that in the case of a processor having two or more cores or sub-processors, one or more of those cores sub-processors can be specifically dedicated to TPM operations while leaving the other cores free for other operations or tasks.
      • 5) fTPM writes the response to shared memory and returns to Monitor (425).
      • 6) Monitor restores system back to Caller in Normal World (430).
      • 7) Caller (or other application) retrieves fTPM response from shared memory (435).
  • 2.5 Asynchronous Operation:
  • As illustrated by FIG. 5, in a typical asynchronous operation scenario, the following steps are performed in the sequence shown:
      • 1) Caller writes a command to shared memory (500).
      • 2) Caller executes the SMC instruction to enter the Monitor (510).
      • 3) Monitor passes the command to the fTPM instance in Secure World (520).
      • 4) fTPM starts executing the operation in Secure World but returns back to the Monitor before it's completed and the Monitor returns back to the Caller. This is needed to avoid starving the Caller of CPU time in long-running cryptographic operations (530).
      • 5) Check to see if operation is complete (540), if not then Caller loops through steps 2-4 to provide the fTPM instance CPU cycles for executing within Secure World until the requested operation is complete. Note that in the case of a processor having two or more cores or sub-processors, one or more of those cores or sub-processors can be specifically dedicated to TPM operations while leaving the other cores free for other operations or tasks.
      • 6) fTPM writes the response to shared memory and returns to Monitor (550).
      • 7) Monitor restores system back to Caller in Normal World (560).
      • 8) Caller (or other application) retrieves fTPM response from shared memory (570).
  • 2.6 Implementing an ARM® TrustZone™ enabled fTPM:
  • Implementing an ARM® TrustZone™ enabled fTPM makes use of hardware primitives within the processor that include, but not limited to:
      • 1) Hardware acceleration for cryptographic algorithms (e.g. AES, RSA, SHA-x, etc.);
      • 2) Hardware based random number generation (RNG); and
      • 3) Accessing non-volatile storage, preferably isolated, for storing secrets.
  • Advantageously, many conventional ARM® SoCs and similar processors already have these features included as hardware primitives. Therefore, the Firmware-Based TPM described herein enables a conventional ARM® SoC, or other security-enabled processor, to be configured with a fTPM such that after the OS is initialized, it has access to a fully functional TPM with virtually no additional BOM cost to the device. This enables hardware such as ARM® SoC platforms to perform a variety of tasks, including, but not limited to:
      • 1) Natively supporting Windows® features such as Bitlocker®, virtual Smartcards, Measured Boot, etc.;
      • 2) Delivering better power efficiency vs. discrete TPM solutions in ARM®-based devices;
      • 3) Reducing overall system BOM cost and device design complexity since integration of a hardware TPM is no longer necessary; and
      • 4) Enabling a wide variety of new TPM usage scenarios in power-sensitive devices given the improved efficiency relative to devices using a conventional discrete TPM.
  • 3.0 Exemplary Operating Environments:
  • The fTPM described herein is operational within numerous types of general purpose or special purpose computing system environments or configurations. FIG. 6 illustrates a simplified example of a general-purpose computer system on which various embodiments and elements of the fTPM, as described herein, may be implemented. It should be noted that any boxes that are represented by broken or dashed lines in FIG. 6 represent alternate embodiments of the simplified computing device, and that any or all of these alternate embodiments, as described below, may be used in combination with other alternate embodiments that are described throughout this document.
  • For example, FIG. 6 shows a general system diagram showing a simplified computing device 600. Such computing devices can be typically be found in devices having at least some minimum computational capability, including, but not limited to, personal computers, server computers, hand-held computing devices, laptop or mobile computers, communications devices such as cell phones and PDA's, multiprocessor systems, microprocessor-based systems, set top boxes, programmable consumer electronics, network PCs, minicomputers, mainframe computers, audio or video media players, etc.
  • To allow a device to implement the fTPM, the device should have a sufficient computational capability and system memory 620 to enable basic computational operations along with system firmware 625 (or other firmware accessible memory or storage from which the fTPM is instantiated into protected system memory 620). In particular, as illustrated by FIG. 6, the computational capability is generally illustrated by one or more processing unit(s) 610, and may also include one or more GPUs 615, either or both in communication with system memory 620. Note that that the processing unit(s) 610 of the general computing device 600 may be specialized microprocessors, such as a DSP, a VLIW, or other micro-controller, or can be conventional CPUs having one or more processing cores, including specialized GPU-based cores in a multi-core CPU.
  • In addition, the simplified computing device of FIG. 6 may also include other components, such as, for example, a communications interface 630. The simplified computing device of FIG. 6 may also include one or more conventional computer input devices 640 (e.g., pointing devices, keyboards, audio input devices, video input devices, haptic input devices, devices for receiving wired or wireless data transmissions, etc.). The simplified computing device of FIG. 6 may also include other optional components, such as, for example, one or more conventional computer output devices 650 (e.g., display device(s) 655, audio output devices, video output devices, devices for transmitting wired or wireless data transmissions, etc.). Note that typical communications interfaces 630, input devices 640, output devices 650, and storage devices 660 for general-purpose computers are well known to those skilled in the art, and will not be described in detail herein.
  • The simplified computing device of FIG. 6 may also include a variety of computer readable media. Computer readable media can be any available media that can be accessed by computing device 600 via storage devices 660 and includes both volatile and nonvolatile media that is either removable 670 and/or non-removable 680, for storage of information such as computer-readable or computer-executable instructions, data structures, applications, program modules, or other data. By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer storage media includes, but is not limited to, computer or machine readable media or storage devices such as DVD's, CD's, floppy disks, tape drives, hard drives, optical drives, solid state memory devices, RAM, ROM, EEPROM, flash memory or other memory technology, magnetic cassettes, magnetic tapes, magnetic disk storage, or other magnetic storage devices, or any other device which can be used to store the desired information and which can be accessed by one or more computing devices.
  • Storage of information such as computer-readable or computer-executable instructions, data structures, applications, program modules, etc., can also be accomplished by using any of a variety of the aforementioned communication media to encode one or more modulated data signals or carrier waves, or other transport mechanisms or communications protocols, and includes any wired or wireless information delivery mechanism. Note that the terms “modulated data signal” or “carrier wave” generally refer a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. For example, communication media includes wired media such as a wired network or direct-wired connection carrying one or more modulated data signals, and wireless media such as acoustic, RF, infrared, laser, and other wireless media for transmitting and/or receiving one or more modulated data signals or carrier waves. Combinations of the any of the above should also be included within the scope of communication media.
  • Further, applications, software, programs, and/or computer program products embodying the some or all of the various embodiments of the fTPM described herein, or portions thereof, may be stored, received, transmitted, or read from any desired combination of computer or machine readable media or storage devices and communication media in the form of computer executable instructions or other data structures.
  • Finally, the fTPM described herein may be further described in the general context of computer-executable instructions, such as program modules, being executed by a computing device. Generally, program modules include routines, programs, objects, components, data structures, etc., that perform particular tasks or implement particular abstract data types. The embodiments described herein may also be practiced in distributed computing environments where tasks are performed by one or more remote processing devices, or within a cloud of one or more devices, that are linked through one or more communications networks. In a distributed computing environment, program modules may be located in both local and remote computer storage media including media storage devices. Still further, the aforementioned instructions may be implemented, in part or in whole, as hardware logic circuits, which may or may not include a processor.
  • The foregoing description of the Firmware-Based TPM has been presented for the purposes of illustration and description. It is not intended to be exhaustive or to limit the claimed subject matter to the precise form disclosed. Many modifications and variations are possible in light of the above teaching. Further, it should be noted that any or all of the aforementioned alternate embodiments may be used in any combination desired to form additional hybrid embodiments of the Firmware-Based TPM. It is intended that the scope of the invention be limited not by this detailed description, but rather by the claims appended hereto.

Claims (20)

1. A method for enabling a trusted execution environment (TrEE) in computing devices without a hardware trusted platform module (TPM) component, comprising steps for:
retrieving an “fTPM” module from a firmware component of a computing device, said fTPM providing a software-based interface to security extension functionality integral to one or more processors in the computing device;
retrieving a software-based “Monitor” module from the firmware component of the computing device;
instantiating the fTPM and the Monitor into a “Secure World” environment within protected memory of the computing device prior to booting an OS on the computing device; and
enabling a TrEE on the computing device by allowing a “Caller” in a “Normal World” environment to access the security functionality of the one or more processors via a “Secure Monitor Call” to the “Monitor”, said Monitor then passing instructions relating to the “Secure Monitor Call” to the fTPM in the “Secure World.”
2. The method of claim 1 wherein the fTPM is accessible by one or more virtual machines running on the computing device.
3. The method of claim 1 fTPM code integrity is validated prior to instantiating the fTPM into the “Secure World” environment within the protected memory of the computing device.
4. The method of claim 1 wherein one or more processors in the computing device are ARM® processors, and wherein the security extension functionality integral to the ARM® processors includes TrustZone™ extensions and security primitives.
5. The method of claim 1 wherein, prior to OS boot, the “Caller” module includes a pre-boot application module for exposing the TrEE to one or more pre-boot applications thereby allowing those applications to perform tasks using the TrEE.
6. The method of claim 1 wherein, subsequent to OS boot, the “Caller” module includes a TPM driver module for exposing the TrEE to one or more applications running on the OS thereby allowing those applications to perform tasks using the TrEE.
7. The method of claim 1 wherein the firmware component of the computing device receives the fTPM module by updating the firmware with software that includes the fTPM module.
8. The method of claim 1 wherein communications between the Caller and the Monitor are synchronous.
9. The method of claim 1 wherein communications between the Caller and the Monitor are asynchronous.
10. A system for implementing a trusted computing environment on a computing device without a hardware trusted platform module (TPM) component, comprising:
a non-volatile memory component of a computing device having an “fTPM” module stored therein, said fTPM module providing a software-based interface to security extension functionality integral to one or more processors in the computing device;
wherein the non-volatile memory component further includes a software-based “Monitor” module;
a device for reading the fTPM and the Monitor from the non-volatile memory component and instantiating the fTPM and the Monitor into a “Secure World” environment within protected memory of the computing device; and
enabling a trusted computing environment on the computing device by allowing a “Caller” in a “Normal World” environment to access the security functionality of the one or more processors via a “Secure Monitor Call” to the “Monitor”, said Monitor then passing instructions relating to the “Secure Monitor Call” to the fTPM in the “Secure World.”
11. The system of claim 10 wherein one or more processors in the computing device are ARM® processors, and wherein the security extension functionality integral to the ARM® processors includes TrustZone™ extensions and security primitives.
12. The system of claim 10 wherein, prior to OS boot, the “Caller” module includes a pre-boot application module for exposing the trusted computing environment to one or more pre-boot applications thereby allowing those applications to perform tasks using the trusted computing environment.
13. The system of claim 10 wherein, subsequent to OS boot, the “Caller” module includes a TPM driver module for exposing the trusted computing environment to one or more applications running on the OS thereby allowing those applications to perform tasks using the trusted computing environment.
14. The system of claim 10 further comprising a device for enabling both synchronous and asynchronous communications between the Caller and the Monitor.
15. A computer-readable medium having computer executable instructions stored therein for implementing a trusted computing environment with a computing device without a hardware trusted platform module (TPM) component, said instructions comprising:
an “fTPM” module for providing a software-based interface to security extension functionality integral to one or more processors in a computing device, and a software-based “Monitor” module;
loading the fTPM and the Monitor into a non-volatile memory component of the computing device;
retrieving the fTPM and the Monitor from the non-volatile memory;
instantiating the fTPM and the Monitor into a “Secure World” environment within protected memory of the computing device; and
enabling a trusted computing environment on the computing device by allowing a “Caller” in a “Normal World” environment to access the security functionality of the one or more processors via a “Secure Monitor Call” to the “Monitor”, said Monitor then passing instructions relating to the “Secure Monitor Call” to the fTPM in the “Secure World.”
16. The computer-readable medium of claim 15 wherein one or more processors in the computing device are ARM® processors, and wherein the security extension functionality integral to the ARM® processors includes TrustZone™ extensions and security primitives.
17. The computer-readable medium of claim 15 wherein, prior to OS boot, the “Caller” module includes a pre-boot application module for exposing the trusted computing environment to one or more pre-boot applications thereby allowing those applications to perform tasks using the trusted computing environment.
18. The computer-readable medium of claim 15 wherein, subsequent to OS boot, the “Caller” module includes a TPM driver module for exposing the trusted computing environment to one or more applications running on the OS thereby allowing those applications to perform tasks using the trusted computing environment.
19. The computer-readable medium of claim 15 wherein one or more of the processors contain two or more cores, and wherein a separate fTPM is instantiated within the protected memory of the computing device for each of two or more of those cores.
20. The computer-readable medium of claim 15 further comprising a device for enabling both synchronous and asynchronous communications between the Caller and the Monitor.
US13/193,945 2011-07-29 2011-07-29 Firmware-based trusted platform module for arm processor architectures and trustzone security extensions Active 2031-08-09 US8375221B1 (en)

Priority Applications (9)

Application Number Priority Date Filing Date Title
US13/193,945 US8375221B1 (en) 2011-07-29 2011-07-29 Firmware-based trusted platform module for arm processor architectures and trustzone security extensions
KR1020197011906A KR102102090B1 (en) 2011-07-29 2012-07-11 Firmware-based trusted platform module for arm® trustzone™ implementations
CN201280037929.0A CN103748594B (en) 2011-07-29 2012-07-11 For ARM*TRUSTZONETMThe credible platform module based on firmware realized
EP12820818.8A EP2737429A4 (en) 2011-07-29 2012-07-11 Firmware-based trusted platform module for arm® trustzone implementations
JP2014522856A JP6053786B2 (en) 2011-07-29 2012-07-11 Firmware-based Trusted Platform Module (TPM) for ARM® Trust Zone implementation
PCT/US2012/046243 WO2013019369A1 (en) 2011-07-29 2012-07-11 Firmware-based trusted platform module for arm® trustzone™ implementations
KR1020147002458A KR101974188B1 (en) 2011-07-29 2012-07-11 Firmware-based trusted platform module for arm® trustzone™ implementations
US13/764,570 US9189653B2 (en) 2011-07-29 2013-02-11 Software-based trusted platform module
US14/927,988 US9489512B2 (en) 2011-07-29 2015-10-30 Trustzone-based integrity measurements and verification using a software-based trusted platform module

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US13/193,945 US8375221B1 (en) 2011-07-29 2011-07-29 Firmware-based trusted platform module for arm processor architectures and trustzone security extensions

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US13/764,570 Continuation US9189653B2 (en) 2011-07-29 2013-02-11 Software-based trusted platform module

Publications (2)

Publication Number Publication Date
US20130031374A1 true US20130031374A1 (en) 2013-01-31
US8375221B1 US8375221B1 (en) 2013-02-12

Family

ID=47598262

Family Applications (3)

Application Number Title Priority Date Filing Date
US13/193,945 Active 2031-08-09 US8375221B1 (en) 2011-07-29 2011-07-29 Firmware-based trusted platform module for arm processor architectures and trustzone security extensions
US13/764,570 Active 2031-09-15 US9189653B2 (en) 2011-07-29 2013-02-11 Software-based trusted platform module
US14/927,988 Active US9489512B2 (en) 2011-07-29 2015-10-30 Trustzone-based integrity measurements and verification using a software-based trusted platform module

Family Applications After (2)

Application Number Title Priority Date Filing Date
US13/764,570 Active 2031-09-15 US9189653B2 (en) 2011-07-29 2013-02-11 Software-based trusted platform module
US14/927,988 Active US9489512B2 (en) 2011-07-29 2015-10-30 Trustzone-based integrity measurements and verification using a software-based trusted platform module

Country Status (6)

Country Link
US (3) US8375221B1 (en)
EP (1) EP2737429A4 (en)
JP (1) JP6053786B2 (en)
KR (2) KR102102090B1 (en)
CN (1) CN103748594B (en)
WO (1) WO2013019369A1 (en)

Cited By (108)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103714459A (en) * 2013-12-26 2014-04-09 电子科技大学 Secure payment system and method of intelligent terminal
US8756417B1 (en) * 2014-02-04 2014-06-17 Sypris Electronics, Llc Multi-level assurance trusted computing platform
US20140281456A1 (en) * 2013-03-15 2014-09-18 Ivan Herrera Mejia Method and apparatus for implementing a secure boot using multiple firmware sources
US20140281447A1 (en) * 2013-03-12 2014-09-18 Green Hills Software, Inc. Single-Chip Virtualizing and Obfuscating Communications System for Portable Computing Devices
WO2014139162A1 (en) * 2013-03-15 2014-09-18 Intel Corporation Security co-processor boot performance
CN104063788A (en) * 2014-07-16 2014-09-24 武汉大学 Mobile platform credibility payment system and method
US20140359302A1 (en) * 2013-05-30 2014-12-04 Dell Products L.P. System and Method for Intercept of UEFI Block I/O Protocol Services for BIOS Based Hard Drive Encryption Support
WO2014197153A1 (en) * 2013-06-07 2014-12-11 Qualcomm Incorporated Apparatus and method for provisioning an endorsement key certificate for a firmware trusted platform module
WO2014204363A1 (en) * 2013-06-19 2014-12-24 Telefonaktiebolaget L M Ericsson (Publ) Method and an integrated circuit for executing a trusted application within a trusted runtime environment
US20150081257A1 (en) * 2013-09-13 2015-03-19 Shanwei Cen Automatic pairing of io devices with hardware secure elements
EP2889800A1 (en) * 2013-12-24 2015-07-01 Intel Corporation Using authenticated manifests to enable external certification of multi-processor platforms
US9161227B1 (en) 2013-02-07 2015-10-13 Sprint Communications Company L.P. Trusted signaling in long term evolution (LTE) 4G wireless communication
CN104992122A (en) * 2015-07-20 2015-10-21 武汉大学 Cell phone private information safe box based on ARM Trust Zone
US9171243B1 (en) 2013-04-04 2015-10-27 Sprint Communications Company L.P. System for managing a digest of biographical information stored in a radio frequency identity chip coupled to a mobile communication device
US9185626B1 (en) 2013-10-29 2015-11-10 Sprint Communications Company L.P. Secure peer-to-peer call forking facilitated by trusted 3rd party voice server provisioning
US9183412B2 (en) 2012-08-10 2015-11-10 Sprint Communications Company L.P. Systems and methods for provisioning and using multiple trusted security zones on an electronic device
US9183606B1 (en) 2013-07-10 2015-11-10 Sprint Communications Company L.P. Trusted processing location within a graphics processing unit
US9191522B1 (en) 2013-11-08 2015-11-17 Sprint Communications Company L.P. Billing varied service based on tier
US9191388B1 (en) 2013-03-15 2015-11-17 Sprint Communications Company L.P. Trusted security zone communication addressing on an electronic device
US9210576B1 (en) 2012-07-02 2015-12-08 Sprint Communications Company L.P. Extended trusted security zone radio modem
US9208339B1 (en) 2013-08-12 2015-12-08 Sprint Communications Company L.P. Verifying Applications in Virtual Environments Using a Trusted Security Zone
CN105138930A (en) * 2015-08-12 2015-12-09 山东超越数控电子有限公司 Encryption system and encryption method based on TrustZone
US9215180B1 (en) 2012-08-25 2015-12-15 Sprint Communications Company L.P. File retrieval in real-time brokering of digital content
US9226145B1 (en) 2014-03-28 2015-12-29 Sprint Communications Company L.P. Verification of mobile device integrity during activation
US9230085B1 (en) 2014-07-29 2016-01-05 Sprint Communications Company L.P. Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services
US9268959B2 (en) 2012-07-24 2016-02-23 Sprint Communications Company L.P. Trusted security zone access to peripheral devices
US20160054926A1 (en) * 2013-03-29 2016-02-25 Dell Products, Lp System and Method for Pre-Operating System Memory Map Management to Minimize Operating System Failures
US9282898B2 (en) 2012-06-25 2016-03-15 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
WO2016040709A1 (en) * 2014-09-14 2016-03-17 Microsoft Technology Licensing, Llc Trusted execution environment extensible computing device interface
US9292686B2 (en) 2014-01-16 2016-03-22 Fireeye, Inc. Micro-virtualization architecture for threat-aware microvisor deployment in a node of a network environment
US9324016B1 (en) 2013-04-04 2016-04-26 Sprint Communications Company L.P. Digest of biographical information for an electronic device with static and dynamic portions
US9342688B2 (en) 2013-03-07 2016-05-17 Qualcomm Incorporated Apparatus and method for inheriting a non-secure thread context
US20160142205A1 (en) * 2014-11-19 2016-05-19 Honeywell International Inc. Symmetric secret key protection
US9374363B1 (en) 2013-03-15 2016-06-21 Sprint Communications Company L.P. Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device
US9384498B1 (en) 2012-08-25 2016-07-05 Sprint Communications Company L.P. Framework for real-time brokering of digital content delivery
US9443088B1 (en) 2013-04-15 2016-09-13 Sprint Communications Company L.P. Protection for multimedia files pre-downloaded to a mobile device
EP3070607A1 (en) 2015-03-20 2016-09-21 Virtual Open Systems Compute node supporting virtual machines and services
US20160275290A1 (en) * 2015-03-19 2016-09-22 Karunakara Kotary Dynamic Firmware Module Loader in a Trusted Execution Environment Container
US9454723B1 (en) 2013-04-04 2016-09-27 Sprint Communications Company L.P. Radio frequency identity (RFID) chip electrically and communicatively coupled to motherboard of mobile communication device
US9473945B1 (en) 2015-04-07 2016-10-18 Sprint Communications Company L.P. Infrastructure for secure short message transmission
WO2016171985A1 (en) * 2015-04-20 2016-10-27 Microsoft Technology Licensing, Llc Isolation of trusted input/output devices
US20160371493A1 (en) * 2012-06-29 2016-12-22 Intel Corporation Mobile platform software update with secure authentication
US9537833B2 (en) 2014-12-31 2017-01-03 Google Inc. Secure host communications
US9547773B2 (en) * 2014-12-31 2017-01-17 Google Inc. Secure event log management
US9560519B1 (en) 2013-06-06 2017-01-31 Sprint Communications Company L.P. Mobile communication device profound identity brokering framework
US9578664B1 (en) 2013-02-07 2017-02-21 Sprint Communications Company L.P. Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
US9613208B1 (en) * 2013-03-13 2017-04-04 Sprint Communications Company L.P. Trusted security zone enhanced with trusted hardware drivers
US9628279B2 (en) 2014-09-30 2017-04-18 Microsoft Technology Licensing, Llc Protecting application secrets from operating system attacks
CN106603487A (en) * 2016-11-04 2017-04-26 中软信息系统工程有限公司 Method for safe improvement of TLS protocol processing based on CPU space-time isolation mechanism
US9652272B2 (en) * 2012-01-26 2017-05-16 Empire Technology Development Llc Activating continuous world switch security for tasks to allow world switches between virtual machines executing the tasks
US20170200010A1 (en) * 2014-09-26 2017-07-13 Huawei Technologies Co., Ltd. Security control method and network device
US9742762B2 (en) 2014-12-01 2017-08-22 Microsoft Technology Licensing, Llc Utilizing a trusted platform module (TPM) of a host device
US9760727B2 (en) 2014-12-31 2017-09-12 Google Inc. Secure host interactions
US20170277898A1 (en) * 2016-03-25 2017-09-28 Advanced Micro Devices, Inc. Key management for secure memory address spaces
US9779232B1 (en) 2015-01-14 2017-10-03 Sprint Communications Company L.P. Trusted code generation and verification to prevent fraud from maleficent external devices that capture data
WO2017171634A1 (en) * 2016-03-29 2017-10-05 Huawei International Pte. Ltd. System and method for verifying integrity of an electronic device
US9819679B1 (en) 2015-09-14 2017-11-14 Sprint Communications Company L.P. Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers
US9817992B1 (en) 2015-11-20 2017-11-14 Sprint Communications Company Lp. System and method for secure USIM wireless network access
US9838868B1 (en) 2015-01-26 2017-12-05 Sprint Communications Company L.P. Mated universal serial bus (USB) wireless dongles configured with destination addresses
US9838869B1 (en) 2013-04-10 2017-12-05 Sprint Communications Company L.P. Delivering digital content to a mobile device via a digital rights clearing house
EP3255544A1 (en) 2016-06-08 2017-12-13 Virtual Open Systems Interrupt controller
EP3264711A1 (en) 2016-06-28 2018-01-03 Virtual Open Systems Virtual switch for multi-compartment mixed critical network communications
RU2641226C1 (en) * 2017-02-13 2018-01-16 Самсунг Электроникс Ко., Лтд. Method of secureos functioning on multiprocessor systems in mobile devices
US9904794B2 (en) 2014-09-25 2018-02-27 Samsung Electronics Co., Ltd. Processing secure data
US9906958B2 (en) 2012-05-11 2018-02-27 Sprint Communications Company L.P. Web server bypass of backend process on near field communications and secure element chips
WO2018039027A1 (en) * 2016-08-26 2018-03-01 Qualcomm Incorporated Trusted platform module support on reduced instruction set computing architectures
US9912681B1 (en) 2015-03-31 2018-03-06 Fireeye, Inc. Injection of content processing delay in an endpoint
US20180068134A1 (en) * 2015-02-11 2018-03-08 Siemens Aktiengesellschaft Method to isolate real-time or safety-critical software and operating system from non-critical software and operating system
US9934376B1 (en) 2014-12-29 2018-04-03 Fireeye, Inc. Malware detection appliance architecture
US10025674B2 (en) 2013-06-07 2018-07-17 Microsoft Technology Licensing, Llc Framework for running untrusted code
US10108446B1 (en) 2015-12-11 2018-10-23 Fireeye, Inc. Late load technique for deploying a virtualization layer underneath a running operating system
CN108959916A (en) * 2017-05-22 2018-12-07 华为技术有限公司 Methods, devices and systems for the access safety world
US10152602B2 (en) 2014-02-28 2018-12-11 Advanced Micro Devices, Inc. Protecting state information for virtual machines
US10191861B1 (en) 2016-09-06 2019-01-29 Fireeye, Inc. Technique for implementing memory views using a layered virtualization architecture
US10193700B2 (en) 2015-02-27 2019-01-29 Samsung Electronics Co., Ltd. Trust-zone-based end-to-end security
US10282719B1 (en) 2015-11-12 2019-05-07 Sprint Communications Company L.P. Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit
US10402273B2 (en) 2016-12-14 2019-09-03 Microsoft Technology Licensing, Llc IoT device update failure recovery
US10416991B2 (en) 2016-12-14 2019-09-17 Microsoft Technology Licensing, Llc Secure IoT device update
US10419216B2 (en) 2013-09-13 2019-09-17 Microsoft Technology Licensing, Llc Keying infrastructure
US10447728B1 (en) 2015-12-10 2019-10-15 Fireeye, Inc. Technique for protecting guest processes using a layered virtualization architecture
US10454950B1 (en) 2015-06-30 2019-10-22 Fireeye, Inc. Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks
US10474813B1 (en) 2015-03-31 2019-11-12 Fireeye, Inc. Code injection technique for remediation at an endpoint of a network
US10499249B1 (en) 2017-07-11 2019-12-03 Sprint Communications Company L.P. Data link layer trust signaling in communication network
WO2020005857A1 (en) * 2018-06-24 2020-01-02 Hex Five Security, Inc. Configuring, enforcing, and monitoring separation of trusted execution environments
US20200089888A1 (en) * 2018-09-19 2020-03-19 Dell Products L.P. Secure boot orchestration device in a virtual desktop infrastructure
US10642983B2 (en) 2015-03-18 2020-05-05 Samsung Electronics Co., Ltd. Method and apparatus for protecting application
US10673878B2 (en) 2016-05-19 2020-06-02 International Business Machines Corporation Computer security apparatus
US10699274B2 (en) 2015-08-24 2020-06-30 Samsung Electronics Co., Ltd. Apparatus and method for secure electronic payment
US10715526B2 (en) 2016-12-14 2020-07-14 Microsoft Technology Licensing, Llc Multiple cores with hierarchy of trust
US10740496B2 (en) 2017-02-13 2020-08-11 Samsung Electronics Co., Ltd. Method and apparatus for operating multi-processor system in electronic device
US20200296090A1 (en) * 2017-09-25 2020-09-17 Telefonaktiebolaget Lm Ericsson (Publ) Provisioning of vendor credentials
US10846696B2 (en) * 2015-08-24 2020-11-24 Samsung Electronics Co., Ltd. Apparatus and method for trusted execution environment based secure payment transactions
US10846117B1 (en) 2015-12-10 2020-11-24 Fireeye, Inc. Technique for establishing secure communication between host and guest processes of a virtualization architecture
WO2021001790A1 (en) * 2019-07-03 2021-01-07 Beyond Semiconductor, d.o.o. Systems and methods for data-driven secure and safe computing
WO2021030903A1 (en) * 2019-08-16 2021-02-25 Zao John Kar Kin System and method for performing trusted computing with remote attestation and information isolation on heterogeneous processors over open interconnect
US20210141658A1 (en) * 2020-11-11 2021-05-13 Ravi Sahita Method and apparatus for trusted devices using trust domain extensions
CN113343234A (en) * 2021-06-10 2021-09-03 支付宝(杭州)信息技术有限公司 Method and device for carrying out credible check on code security
CN113468535A (en) * 2020-03-31 2021-10-01 华为技术有限公司 Credibility measuring method and related device
CN113553231A (en) * 2021-07-01 2021-10-26 江苏电力信息技术有限公司 Embedded operating system operating environment monitoring method based on security chip
EP3488375B1 (en) * 2016-07-22 2021-11-10 Giesecke+Devrient Mobile Security GmbH Chipset with protected firmware
CN113703924A (en) * 2021-09-22 2021-11-26 上海交通大学 Safe virtual machine system design method and system based on trusted execution environment
US11269992B2 (en) * 2018-03-22 2022-03-08 Trulyprotect Oy Systems and methods for hypervisor-based protection of code
US11366940B2 (en) 2018-06-28 2022-06-21 Nordic Semiconductor Asa Secure-aware bus system
US11537762B2 (en) 2018-06-28 2022-12-27 Nordic Semiconductor Asa Secure peripheral interconnect
WO2022268150A1 (en) * 2021-06-23 2022-12-29 华为技术有限公司 Method for communication between virtual machine and secure partition, and related device
US11611549B2 (en) * 2019-10-03 2023-03-21 Fset Inc System and method of securing access to a secure remote server and database on a mobile device
US11675526B2 (en) 2018-04-20 2023-06-13 Nordic Semiconductor Asa Memory-access control
US11698995B2 (en) 2018-06-28 2023-07-11 Nordic Semiconductor Asa Peripheral access on a secure-aware bus system

Families Citing this family (77)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100324983A1 (en) * 2009-06-22 2010-12-23 Etchegoyen Craig S System and Method for Media Distribution
US8817984B2 (en) * 2011-02-03 2014-08-26 mSignia, Inc. Cryptographic security functions based on anticipated changes in dynamic minutiae
US11063920B2 (en) 2011-02-03 2021-07-13 mSignia, Inc. Cryptographic security functions based on anticipated changes in dynamic minutiae
AU2012100460B4 (en) 2012-01-04 2012-11-08 Uniloc Usa, Inc. Method and system implementing zone-restricted behavior of a computing device
AU2012100462B4 (en) 2012-02-06 2012-11-08 Uniloc Usa, Inc. Near field authentication through communication of enclosed content sound waves
KR101897605B1 (en) * 2012-02-24 2018-09-12 삼성전자 주식회사 Method and apparatus for securing integrity of mobile termninal
US8954965B2 (en) * 2012-08-03 2015-02-10 Microsoft Corporation Trusted execution environment virtual machine cloning
AU2013100355B4 (en) 2013-02-28 2013-10-31 Netauthority, Inc Device-specific content delivery
US9167002B2 (en) 2013-08-15 2015-10-20 Microsoft Technology Licensing, Llc Global platform health management
US9852299B2 (en) 2013-09-27 2017-12-26 Intel Corporation Protection scheme for remotely-stored data
CN103530578B (en) * 2013-10-18 2016-01-27 武汉大学 The construction method of a kind of soft structure credible platform module STPM of Android system
US9536063B2 (en) * 2013-10-24 2017-01-03 Intel Corporation Methods and apparatus for protecting software from unauthorized copying
US9405912B2 (en) 2013-11-14 2016-08-02 Microsoft Technology Licensing, Llc Hardware rooted attestation
EP3075099B1 (en) * 2013-11-25 2019-05-01 McAfee, LLC Secure proxy to protect private data
FR3015663B1 (en) * 2013-12-20 2020-01-24 Ixblue NAVIGATION AID SYSTEM AND METHOD USED IN SUCH A SYSTEM
US10389709B2 (en) 2014-02-24 2019-08-20 Amazon Technologies, Inc. Securing client-specified credentials at cryptographically attested resources
US9686077B2 (en) 2014-03-06 2017-06-20 Microsoft Technology Licensing, Llc Secure hardware for cross-device trusted applications
CN103955263B (en) * 2014-05-16 2017-07-28 华为技术有限公司 ARM method for managing power supply and processor
WO2016024967A1 (en) * 2014-08-13 2016-02-18 Hewlett Packard Enterprise Development Lp Secure non-volatile random access memory
FR3024915B1 (en) * 2014-08-18 2016-09-09 Proton World Int Nv DEVICE AND METHOD FOR PROVIDING SECURE PLATFORM MODULE SERVICES
US9584317B2 (en) 2014-10-13 2017-02-28 Microsoft Technology Licensing, Llc Identifying security boundaries on computing devices
US10229272B2 (en) 2014-10-13 2019-03-12 Microsoft Technology Licensing, Llc Identifying security boundaries on computing devices
CN104408371B (en) * 2014-10-14 2017-12-19 中国科学院信息工程研究所 A kind of implementation method based on credible performing environment high safety application system
US10303879B1 (en) 2014-11-06 2019-05-28 Amazon Technologies, Inc. Multi-tenant trusted platform modules
CN104378381A (en) * 2014-11-27 2015-02-25 上海斐讯数据通信技术有限公司 Intelligent terminal enterprise Email security office method and system
US9525672B2 (en) 2014-12-19 2016-12-20 Amazon Technologies, Inc. Multi-faceted compute instance identity
US9537883B2 (en) * 2014-12-22 2017-01-03 International Business Machines Corporation Process security validation
US10068092B2 (en) * 2015-01-21 2018-09-04 Microsoft Technology Licensing, Llc Upgrading a secure boot policy on a virtual machine
US10496974B2 (en) * 2015-03-25 2019-12-03 Intel Corporation Secure transactions with connected peripherals
US10019576B1 (en) 2015-04-06 2018-07-10 Intelligent Automation, Inc. Security control system for protection of multi-core processors
US10657274B2 (en) 2015-06-29 2020-05-19 Samsng Electronics Co., Ltd. Semiconductor device including memory protector
US10057260B2 (en) 2015-08-27 2018-08-21 International Business Machines Corporation Electronic device identification
CN107925880B (en) 2015-09-03 2022-02-01 索里安科技集团有限责任公司 System for operating, controlling and communicating with unmanned aerial vehicles and remotely piloted vehicles using a cellular telephone network
US10320786B2 (en) 2015-09-14 2019-06-11 Samsung Electronics Co., Ltd. Electronic apparatus and method for controlling the same
CN105205401B (en) * 2015-09-30 2017-10-24 中国人民解放军信息工程大学 Trusted computer system and its trusted bootstrap method based on security password chip
CN105447406B (en) * 2015-11-10 2018-10-19 华为技术有限公司 A kind of method and apparatus for accessing memory space
WO2017161569A1 (en) * 2016-03-25 2017-09-28 深圳前海达闼云端智能科技有限公司 Access control method, apparatus and system
CN109416537B (en) 2016-04-18 2023-02-28 荣布斯系统集团公司 System for communicating with an unmanned aerial vehicle using two frequency bands
CN107346395B (en) * 2016-05-05 2020-04-28 华为技术有限公司 Trusted platform module TPM (trusted platform Module) deployment method, device and system
US10541816B2 (en) 2016-06-01 2020-01-21 International Business Machines Corporation Controlling execution of software by combining secure boot and trusted boot features
CN106127054B (en) * 2016-08-22 2019-01-29 中国科学院信息工程研究所 A kind of system-level safety protecting method towards smart machine control instruction
CN106445702A (en) * 2016-09-21 2017-02-22 乐视控股(北京)有限公司 Multi-system communication method and terminal
CN106506166B (en) * 2016-10-26 2020-02-11 泰山医学院 Terminal trusted platform system under cloud computing environment
CN106452753B (en) * 2016-10-26 2020-02-11 泰山医学院 Method for constructing terminal trusted platform in cloud computing environment
US10628611B2 (en) 2016-11-04 2020-04-21 Qualcomm Incorporated Exclusive execution environment within a system-on-a-chip computing system
US10482034B2 (en) * 2016-11-29 2019-11-19 Microsoft Technology Licensing, Llc Remote attestation model for secure memory applications
KR20180069467A (en) 2016-12-15 2018-06-25 삼성전자주식회사 Electronic apparatus and operating method for the same
EP3340147A1 (en) 2016-12-22 2018-06-27 Mastercard International Incorporated Method for providing key identifier in transaction data
CN106815494B (en) * 2016-12-28 2020-02-07 中软信息系统工程有限公司 Method for realizing application program safety certification based on CPU time-space isolation mechanism
CN108287999A (en) * 2017-01-10 2018-07-17 厦门雅迅网络股份有限公司 A kind of startup method that system based on TrustZone is credible
US10108800B1 (en) 2017-01-10 2018-10-23 Gbs Laboratories, Llc ARM processor-based hardware enforcement of providing separate operating system environments for mobile devices with capability to employ different switching methods
JP7116449B2 (en) 2017-04-24 2022-08-10 テイア グループ,インコーポレイテッド Systems for recording and real-time transmission of aircraft cockpits to in-flight ground services
CN106973067A (en) * 2017-05-10 2017-07-21 成都麟成科技有限公司 A kind of platform environment integrality detection method and device
CN107169375B (en) * 2017-05-16 2020-07-28 北京梦天门科技股份有限公司 System data security enhancement method
CN107168747B (en) * 2017-05-27 2020-12-29 努比亚技术有限公司 Method and device for distinguishing mobile terminal configuration and computer readable storage medium
CN111052170A (en) * 2017-08-30 2020-04-21 华为技术有限公司 Electronic device and method for conducting electronic transactions
CN107679393B (en) * 2017-09-12 2020-12-04 中国科学院软件研究所 Android integrity verification method and device based on trusted execution environment
CN109714185B (en) 2017-10-26 2022-03-04 阿里巴巴集团控股有限公司 Strategy deployment method, device and system of trusted server and computing system
CN107844362B (en) * 2017-11-14 2021-10-15 浪潮(北京)电子信息产业有限公司 System, method, virtual machine and readable storage medium for virtualizing TPM (trusted platform Module) equipment
CN107861795B (en) * 2017-11-20 2022-04-26 浪潮(北京)电子信息产业有限公司 Method, system and device for simulating physical TCM chip and readable storage medium
KR102434444B1 (en) 2017-11-29 2022-08-19 한국전자통신연구원 Method and Apparatus for Device Security Verification Utilizing a Virtual Trusted Computing Base
CN109684126B (en) * 2018-12-25 2022-05-03 贵州华芯通半导体技术有限公司 Memory verification method for ARM equipment and ARM equipment for executing memory verification
US11232209B2 (en) * 2019-01-18 2022-01-25 International Business Machines Corporation Trojan detection in cryptographic hardware adapters
CN111814205B (en) * 2019-04-12 2023-11-14 阿里巴巴集团控股有限公司 Computing processing method, computing processing system, computing processing device, computing processing memory, computing processing device and computer device
CN110414235B (en) * 2019-07-08 2021-05-14 北京可信华泰信息技术有限公司 Active immune double-system based on ARM TrustZone
CN110677388B (en) * 2019-09-03 2023-04-18 东南大学 TrustZone-based method for measuring integrity of terminal process of Internet of things
CN110730159B (en) * 2019-09-03 2022-01-25 东南大学 TrustZone-based secure and trusted hybrid system starting method
CN110737902B (en) * 2019-10-10 2022-02-11 北京智芯微电子科技有限公司 Embedded terminal and firmware design method of trusted security module thereof
CN111338997B (en) * 2020-03-05 2021-07-20 苏州浪潮智能科技有限公司 Method, device, equipment and medium for ARM server BIOS supporting TCM communication
CN111898115A (en) * 2020-07-16 2020-11-06 四川爱联科技股份有限公司 Method and device for preventing parameters of module firmware from being tampered
US11853793B2 (en) 2020-10-09 2023-12-26 Samsung Electronics Co., Ltd. Methods and system for on-device AI model parameter run-time protection
KR20220052007A (en) 2020-10-20 2022-04-27 삼성전자주식회사 Electronic apparatus and method for controlling thereof
CN112988508B (en) * 2021-03-04 2022-03-18 浙江中控研究院有限公司 Credible PLC embedded system based on memory isolation
US11615190B2 (en) * 2021-07-20 2023-03-28 Dell Products L.P. Secure boot policy for platform security using neutral processors in an information handling system
CN114491565B (en) * 2022-03-31 2022-07-05 飞腾信息技术有限公司 Firmware secure boot method, device, computing equipment and readable storage medium
CN114625484A (en) * 2022-03-31 2022-06-14 苏州浪潮智能科技有限公司 Virtualization implementation method, device, electronic equipment, medium and ARM platform
CN116702129A (en) * 2023-06-08 2023-09-05 合芯科技有限公司 Safe calling method and device for power architecture running service code

Family Cites Families (54)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2378013A (en) * 2001-07-27 2003-01-29 Hewlett Packard Co Trusted computer platform audit system
US7974416B2 (en) * 2002-11-27 2011-07-05 Intel Corporation Providing a secure execution mode in a pre-boot environment
US7380136B2 (en) * 2003-06-25 2008-05-27 Intel Corp. Methods and apparatus for secure collection and display of user interface information in a pre-boot environment
US7222062B2 (en) * 2003-12-23 2007-05-22 Intel Corporation Method and system to support a trusted set of operational environments using emulated trusted hardware
US7318150B2 (en) * 2004-02-25 2008-01-08 Intel Corporation System and method to support platform firmware as a trusted process
US7552419B2 (en) * 2004-03-18 2009-06-23 Intel Corporation Sharing trusted hardware across multiple operational environments
US7653727B2 (en) * 2004-03-24 2010-01-26 Intel Corporation Cooperative embedded agents
US7490070B2 (en) * 2004-06-10 2009-02-10 Intel Corporation Apparatus and method for proving the denial of a direct proof signature
US7590867B2 (en) * 2004-06-24 2009-09-15 Intel Corporation Method and apparatus for providing secure virtualization of a trusted platform module
US20060010326A1 (en) * 2004-07-08 2006-01-12 International Business Machines Corporation Method for extending the CRTM in a trusted platform
US7360253B2 (en) 2004-12-23 2008-04-15 Microsoft Corporation System and method to lock TPM always ‘on’ using a monitor
US7565553B2 (en) 2005-01-14 2009-07-21 Microsoft Corporation Systems and methods for controlling access to data on a computer with a secure boot process
US8028172B2 (en) 2005-01-14 2011-09-27 Microsoft Corporation Systems and methods for updating a secure boot process on a computer with a hardware security module
US7506380B2 (en) 2005-01-14 2009-03-17 Microsoft Corporation Systems and methods for boot recovery in a secure boot process on a computer with a hardware security module
US7836299B2 (en) 2005-03-15 2010-11-16 Microsoft Corporation Virtualization of software configuration registers of the TPM cryptographic processor
US8619971B2 (en) 2005-04-01 2013-12-31 Microsoft Corporation Local secure service partitions for operating system security
US7908483B2 (en) 2005-06-30 2011-03-15 Intel Corporation Method and apparatus for binding TPM keys to execution entities
US7603707B2 (en) * 2005-06-30 2009-10-13 Intel Corporation Tamper-aware virtual TPM
US7900059B2 (en) * 2005-12-13 2011-03-01 International Business Machines Corporation Sealing of data for applications
US20100063996A1 (en) * 2006-07-03 2010-03-11 Kouichi Kanemura Information processing device, information recording device, information processing system, program update method, program, and integrated circuit
US8200952B2 (en) 2006-10-25 2012-06-12 Microsoft Corporation Platform authentication via a transparent second factor
US8082551B2 (en) * 2006-10-30 2011-12-20 Hewlett-Packard Development Company, L.P. System and method for sharing a trusted platform module
US8620818B2 (en) 2007-06-25 2013-12-31 Microsoft Corporation Activation system architecture
US7836309B2 (en) 2007-07-20 2010-11-16 Microsoft Corporation Generic extensible pre-operating system cryptographic infrastructure
US7934096B2 (en) 2007-07-27 2011-04-26 Microsoft Corporation Integrity protected smart card transaction
US8032741B2 (en) 2007-08-22 2011-10-04 Intel Corporation Method and apparatus for virtualization of a multi-context hardware trusted platform module (TPM)
US8249257B2 (en) * 2007-09-28 2012-08-21 Intel Corporation Virtual TPM keys rooted in a hardware TPM
US8156298B1 (en) * 2007-10-24 2012-04-10 Adam Stubblefield Virtualization-based security apparatuses, methods, and systems
US7921286B2 (en) 2007-11-14 2011-04-05 Microsoft Corporation Computer initialization for secure kernel
US20090172639A1 (en) * 2007-12-27 2009-07-02 Mahesh Natu Firmware integrity verification
CN101271498A (en) * 2008-03-25 2008-09-24 浙江大学 Method for implementing reliable computation through threatened linked list and safety linked list in Linux operating system
US8321931B2 (en) * 2008-03-31 2012-11-27 Intel Corporation Method and apparatus for sequential hypervisor invocation
US20090327741A1 (en) * 2008-06-30 2009-12-31 Zimmer Vincent J System and method to secure boot uefi firmware and uefi-aware operating systems on a mobile internet device (mid)
US8572692B2 (en) * 2008-06-30 2013-10-29 Intel Corporation Method and system for a platform-based trust verifying service for multi-party verification
US8122514B2 (en) 2008-07-30 2012-02-21 Microsoft Corporation Software enhanced trusted platform module
US8161285B2 (en) 2008-09-26 2012-04-17 Microsoft Corporation Protocol-Independent remote attestation and sealing
US8127146B2 (en) 2008-09-30 2012-02-28 Microsoft Corporation Transparent trust validation of an unknown platform
US8341430B2 (en) 2008-10-03 2012-12-25 Microsoft Corporation External encryption and recovery management with hardware encrypted storage devices
US8411863B2 (en) 2008-10-03 2013-04-02 Microsoft Corporation Full volume encryption in a clustered environment
US9230109B2 (en) 2008-10-07 2016-01-05 Microsoft Technology Licensing, Llc Trusted platform module security
CN101576944B (en) * 2008-11-20 2011-09-07 武汉大学 Computer secure startup system based on trusted platform module and method thereof
US8250379B2 (en) 2009-10-13 2012-08-21 Microsoft Corporation Secure storage of temporary secrets
US8296841B2 (en) 2009-10-27 2012-10-23 Microsoft Corporation Trusted platform module supported one time passwords
US8700893B2 (en) 2009-10-28 2014-04-15 Microsoft Corporation Key certification in one round trip
US8418259B2 (en) 2010-01-05 2013-04-09 Microsoft Corporation TPM-based license activation and validation
US8375437B2 (en) 2010-03-30 2013-02-12 Microsoft Corporation Hardware supported virtualized cryptographic service
US8938774B2 (en) * 2010-05-28 2015-01-20 Dell Products, Lp System and method for I/O port assignment and security policy application in a client hosted virtualization system
US8639923B2 (en) * 2010-05-28 2014-01-28 Dell Products, Lp System and method for component authentication of a secure client hosted virtualization in an information handling system
CN101901318B (en) * 2010-07-23 2011-11-30 北京工业大学 Trusted hardware equipment and using method thereof
US8819437B2 (en) 2010-09-30 2014-08-26 Microsoft Corporation Cryptographic device that binds an additional authentication factor to multiple identities
US8627464B2 (en) 2010-11-02 2014-01-07 Microsoft Corporation Globally valid measured operating system launch with hibernation support
US8683579B2 (en) 2010-12-14 2014-03-25 Microsoft Corporation Software activation using digital licenses
US8972746B2 (en) * 2010-12-17 2015-03-03 Intel Corporation Technique for supporting multiple secure enclaves
US10496824B2 (en) * 2011-06-24 2019-12-03 Microsoft Licensing Technology, LLC Trusted language runtime on a mobile platform

Cited By (161)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9652272B2 (en) * 2012-01-26 2017-05-16 Empire Technology Development Llc Activating continuous world switch security for tasks to allow world switches between virtual machines executing the tasks
US9906958B2 (en) 2012-05-11 2018-02-27 Sprint Communications Company L.P. Web server bypass of backend process on near field communications and secure element chips
US10154019B2 (en) 2012-06-25 2018-12-11 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
US9282898B2 (en) 2012-06-25 2016-03-15 Sprint Communications Company L.P. End-to-end trusted communications infrastructure
US20160371493A1 (en) * 2012-06-29 2016-12-22 Intel Corporation Mobile platform software update with secure authentication
US9953165B2 (en) * 2012-06-29 2018-04-24 Intel Corporation Mobile platform software update with secure authentication
US9210576B1 (en) 2012-07-02 2015-12-08 Sprint Communications Company L.P. Extended trusted security zone radio modem
US9268959B2 (en) 2012-07-24 2016-02-23 Sprint Communications Company L.P. Trusted security zone access to peripheral devices
US9811672B2 (en) 2012-08-10 2017-11-07 Sprint Communications Company L.P. Systems and methods for provisioning and using multiple trusted security zones on an electronic device
US9183412B2 (en) 2012-08-10 2015-11-10 Sprint Communications Company L.P. Systems and methods for provisioning and using multiple trusted security zones on an electronic device
US9215180B1 (en) 2012-08-25 2015-12-15 Sprint Communications Company L.P. File retrieval in real-time brokering of digital content
US9384498B1 (en) 2012-08-25 2016-07-05 Sprint Communications Company L.P. Framework for real-time brokering of digital content delivery
US9578664B1 (en) 2013-02-07 2017-02-21 Sprint Communications Company L.P. Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
US9769854B1 (en) 2013-02-07 2017-09-19 Sprint Communications Company L.P. Trusted signaling in 3GPP interfaces in a network function virtualization wireless communication system
US9161227B1 (en) 2013-02-07 2015-10-13 Sprint Communications Company L.P. Trusted signaling in long term evolution (LTE) 4G wireless communication
US9342688B2 (en) 2013-03-07 2016-05-17 Qualcomm Incorporated Apparatus and method for inheriting a non-secure thread context
WO2014164937A1 (en) * 2013-03-12 2014-10-09 Green Hills Software, Inc. Single-chip virtualizing and obfuscating communications system
US20140281447A1 (en) * 2013-03-12 2014-09-18 Green Hills Software, Inc. Single-Chip Virtualizing and Obfuscating Communications System for Portable Computing Devices
US9613208B1 (en) * 2013-03-13 2017-04-04 Sprint Communications Company L.P. Trusted security zone enhanced with trusted hardware drivers
US9563775B2 (en) * 2013-03-15 2017-02-07 Intel Corporation Security co-processor boot performance
US20140281456A1 (en) * 2013-03-15 2014-09-18 Ivan Herrera Mejia Method and apparatus for implementing a secure boot using multiple firmware sources
US9191388B1 (en) 2013-03-15 2015-11-17 Sprint Communications Company L.P. Trusted security zone communication addressing on an electronic device
WO2014139162A1 (en) * 2013-03-15 2014-09-18 Intel Corporation Security co-processor boot performance
CN104981814A (en) * 2013-03-15 2015-10-14 英特尔公司 Security co-processor boot performance
US20150220738A1 (en) * 2013-03-15 2015-08-06 Guo Dong Security co-processor boot performance
US9384351B2 (en) * 2013-03-15 2016-07-05 Intel Corporation Method and apparatus for implementing a secure boot using multiple firmware sources
US9223983B2 (en) * 2013-03-15 2015-12-29 Intel Corporation Security co-processor boot performance
US20160188881A1 (en) * 2013-03-15 2016-06-30 Intel Corporation Security co-processor boot performance
US9374363B1 (en) 2013-03-15 2016-06-21 Sprint Communications Company L.P. Restricting access of a portable communication device to confidential data or applications via a remote network based on event triggers generated by the portable communication device
US9830078B2 (en) * 2013-03-29 2017-11-28 Dell Products, Lp System and method for pre-operating system memory map management to minimize operating system failures
US20160054926A1 (en) * 2013-03-29 2016-02-25 Dell Products, Lp System and Method for Pre-Operating System Memory Map Management to Minimize Operating System Failures
US9454723B1 (en) 2013-04-04 2016-09-27 Sprint Communications Company L.P. Radio frequency identity (RFID) chip electrically and communicatively coupled to motherboard of mobile communication device
US9712999B1 (en) 2013-04-04 2017-07-18 Sprint Communications Company L.P. Digest of biographical information for an electronic device with static and dynamic portions
US9171243B1 (en) 2013-04-04 2015-10-27 Sprint Communications Company L.P. System for managing a digest of biographical information stored in a radio frequency identity chip coupled to a mobile communication device
US9324016B1 (en) 2013-04-04 2016-04-26 Sprint Communications Company L.P. Digest of biographical information for an electronic device with static and dynamic portions
US9838869B1 (en) 2013-04-10 2017-12-05 Sprint Communications Company L.P. Delivering digital content to a mobile device via a digital rights clearing house
US9443088B1 (en) 2013-04-15 2016-09-13 Sprint Communications Company L.P. Protection for multimedia files pre-downloaded to a mobile device
US9208105B2 (en) * 2013-05-30 2015-12-08 Dell Products, Lp System and method for intercept of UEFI block I/O protocol services for BIOS based hard drive encryption support
US20140359302A1 (en) * 2013-05-30 2014-12-04 Dell Products L.P. System and Method for Intercept of UEFI Block I/O Protocol Services for BIOS Based Hard Drive Encryption Support
US9949304B1 (en) 2013-06-06 2018-04-17 Sprint Communications Company L.P. Mobile communication device profound identity brokering framework
US9560519B1 (en) 2013-06-06 2017-01-31 Sprint Communications Company L.P. Mobile communication device profound identity brokering framework
WO2014197153A1 (en) * 2013-06-07 2014-12-11 Qualcomm Incorporated Apparatus and method for provisioning an endorsement key certificate for a firmware trusted platform module
US10025674B2 (en) 2013-06-07 2018-07-17 Microsoft Technology Licensing, Llc Framework for running untrusted code
WO2014204363A1 (en) * 2013-06-19 2014-12-24 Telefonaktiebolaget L M Ericsson (Publ) Method and an integrated circuit for executing a trusted application within a trusted runtime environment
US9927995B2 (en) * 2013-06-19 2018-03-27 Telefonaktiebolaget Lm Ericsson (Publ) Method and an integrated circuit for executing a trusted application within a trusted runtime environment
US20160139846A1 (en) * 2013-06-19 2016-05-19 Telefonaktiebolaget L M Ericsson (Publ) Method and an integrated circuit for executing a trusted application within a trusted runtime environment
US9183606B1 (en) 2013-07-10 2015-11-10 Sprint Communications Company L.P. Trusted processing location within a graphics processing unit
US9208339B1 (en) 2013-08-12 2015-12-08 Sprint Communications Company L.P. Verifying Applications in Virtual Environments Using a Trusted Security Zone
US10419216B2 (en) 2013-09-13 2019-09-17 Microsoft Technology Licensing, Llc Keying infrastructure
US10192054B2 (en) * 2013-09-13 2019-01-29 Intel Corporation Automatic pairing of IO devices with hardware secure elements
US20150081257A1 (en) * 2013-09-13 2015-03-19 Shanwei Cen Automatic pairing of io devices with hardware secure elements
US9185626B1 (en) 2013-10-29 2015-11-10 Sprint Communications Company L.P. Secure peer-to-peer call forking facilitated by trusted 3rd party voice server provisioning
US9191522B1 (en) 2013-11-08 2015-11-17 Sprint Communications Company L.P. Billing varied service based on tier
RU2599340C2 (en) * 2013-12-24 2016-10-10 Интел Корпорейшн Use of authenticated manifests to ensure external certification of multiprocessor platforms
EP2889800A1 (en) * 2013-12-24 2015-07-01 Intel Corporation Using authenticated manifests to enable external certification of multi-processor platforms
CN104850777A (en) * 2013-12-24 2015-08-19 英特尔公司 Using authenticated manifests to enable external certification of multi-processor platforms
US9448950B2 (en) 2013-12-24 2016-09-20 Intel Corporation Using authenticated manifests to enable external certification of multi-processor platforms
CN104850777B (en) * 2013-12-24 2019-01-08 英特尔公司 The external confirmation to multi processor platform is realized using the inventory of certification
CN103714459A (en) * 2013-12-26 2014-04-09 电子科技大学 Secure payment system and method of intelligent terminal
US9946568B1 (en) 2014-01-16 2018-04-17 Fireeye, Inc. Micro-virtualization architecture for threat-aware module deployment in a node of a network environment
US9507935B2 (en) 2014-01-16 2016-11-29 Fireeye, Inc. Exploit detection system with threat-aware microvisor
US10740456B1 (en) 2014-01-16 2020-08-11 Fireeye, Inc. Threat-aware architecture
US9740857B2 (en) 2014-01-16 2017-08-22 Fireeye, Inc. Threat-aware microvisor
US9292686B2 (en) 2014-01-16 2016-03-22 Fireeye, Inc. Micro-virtualization architecture for threat-aware microvisor deployment in a node of a network environment
US8756417B1 (en) * 2014-02-04 2014-06-17 Sypris Electronics, Llc Multi-level assurance trusted computing platform
US10152602B2 (en) 2014-02-28 2018-12-11 Advanced Micro Devices, Inc. Protecting state information for virtual machines
US9226145B1 (en) 2014-03-28 2015-12-29 Sprint Communications Company L.P. Verification of mobile device integrity during activation
CN104063788A (en) * 2014-07-16 2014-09-24 武汉大学 Mobile platform credibility payment system and method
US9230085B1 (en) 2014-07-29 2016-01-05 Sprint Communications Company L.P. Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services
WO2016040709A1 (en) * 2014-09-14 2016-03-17 Microsoft Technology Licensing, Llc Trusted execution environment extensible computing device interface
CN106687975A (en) * 2014-09-14 2017-05-17 微软技术许可有限责任公司 Trusted execution environment extensible computing device interface
US10097513B2 (en) 2014-09-14 2018-10-09 Microsoft Technology Licensing, Llc Trusted execution environment extensible computing device interface
US9904794B2 (en) 2014-09-25 2018-02-27 Samsung Electronics Co., Ltd. Processing secure data
EP3188067A4 (en) * 2014-09-26 2017-08-30 Huawei Technologies Co., Ltd. Security control method and network device
US20170200010A1 (en) * 2014-09-26 2017-07-13 Huawei Technologies Co., Ltd. Security control method and network device
US9628279B2 (en) 2014-09-30 2017-04-18 Microsoft Technology Licensing, Llc Protecting application secrets from operating system attacks
US9762388B2 (en) * 2014-11-19 2017-09-12 Honeywell International Inc. Symmetric secret key protection
US20160142205A1 (en) * 2014-11-19 2016-05-19 Honeywell International Inc. Symmetric secret key protection
US9742762B2 (en) 2014-12-01 2017-08-22 Microsoft Technology Licensing, Llc Utilizing a trusted platform module (TPM) of a host device
US10212156B2 (en) 2014-12-01 2019-02-19 Microsoft Technology Licensing, Llc Utilizing a trusted platform module (TPM) of a host device
US9934376B1 (en) 2014-12-29 2018-04-03 Fireeye, Inc. Malware detection appliance architecture
US10528726B1 (en) 2014-12-29 2020-01-07 Fireeye, Inc. Microvisor-based malware detection appliance architecture
US9547773B2 (en) * 2014-12-31 2017-01-17 Google Inc. Secure event log management
US9760727B2 (en) 2014-12-31 2017-09-12 Google Inc. Secure host interactions
US9537833B2 (en) 2014-12-31 2017-01-03 Google Inc. Secure host communications
US9948668B2 (en) 2014-12-31 2018-04-17 Google Llc Secure host communications
US9779232B1 (en) 2015-01-14 2017-10-03 Sprint Communications Company L.P. Trusted code generation and verification to prevent fraud from maleficent external devices that capture data
US9838868B1 (en) 2015-01-26 2017-12-05 Sprint Communications Company L.P. Mated universal serial bus (USB) wireless dongles configured with destination addresses
US10754991B2 (en) * 2015-02-11 2020-08-25 Siemens Aktiengesellschaft Method to isolate real-time or safety-critical software and operating system from non-critical software and operating system
US20180068134A1 (en) * 2015-02-11 2018-03-08 Siemens Aktiengesellschaft Method to isolate real-time or safety-critical software and operating system from non-critical software and operating system
US10193700B2 (en) 2015-02-27 2019-01-29 Samsung Electronics Co., Ltd. Trust-zone-based end-to-end security
US10642983B2 (en) 2015-03-18 2020-05-05 Samsung Electronics Co., Ltd. Method and apparatus for protecting application
US10430589B2 (en) * 2015-03-19 2019-10-01 Intel Corporation Dynamic firmware module loader in a trusted execution environment container
US20160275290A1 (en) * 2015-03-19 2016-09-22 Karunakara Kotary Dynamic Firmware Module Loader in a Trusted Execution Environment Container
US9898327B2 (en) 2015-03-20 2018-02-20 Virtual Open Systems Compute node supporting virtual machines and services
EP3070607A1 (en) 2015-03-20 2016-09-21 Virtual Open Systems Compute node supporting virtual machines and services
WO2016150847A1 (en) * 2015-03-20 2016-09-29 Virtual Open Systems Compute node supporting virtual machines and services
US9912681B1 (en) 2015-03-31 2018-03-06 Fireeye, Inc. Injection of content processing delay in an endpoint
US10474813B1 (en) 2015-03-31 2019-11-12 Fireeye, Inc. Code injection technique for remediation at an endpoint of a network
US9473945B1 (en) 2015-04-07 2016-10-18 Sprint Communications Company L.P. Infrastructure for secure short message transmission
CN107567630A (en) * 2015-04-20 2018-01-09 微软技术许可有限责任公司 The isolation of trusted input-output apparatus
US10063375B2 (en) 2015-04-20 2018-08-28 Microsoft Technology Licensing, Llc Isolation of trusted input/output devices
WO2016171985A1 (en) * 2015-04-20 2016-10-27 Microsoft Technology Licensing, Llc Isolation of trusted input/output devices
US10454950B1 (en) 2015-06-30 2019-10-22 Fireeye, Inc. Centralized aggregation technique for detecting lateral movement of stealthy cyber-attacks
CN104992122A (en) * 2015-07-20 2015-10-21 武汉大学 Cell phone private information safe box based on ARM Trust Zone
CN105138930A (en) * 2015-08-12 2015-12-09 山东超越数控电子有限公司 Encryption system and encryption method based on TrustZone
US10846696B2 (en) * 2015-08-24 2020-11-24 Samsung Electronics Co., Ltd. Apparatus and method for trusted execution environment based secure payment transactions
US10699274B2 (en) 2015-08-24 2020-06-30 Samsung Electronics Co., Ltd. Apparatus and method for secure electronic payment
US9819679B1 (en) 2015-09-14 2017-11-14 Sprint Communications Company L.P. Hardware assisted provenance proof of named data networking associated to device data, addresses, services, and servers
US10282719B1 (en) 2015-11-12 2019-05-07 Sprint Communications Company L.P. Secure and trusted device-based billing and charging process using privilege for network proxy authentication and audit
US9817992B1 (en) 2015-11-20 2017-11-14 Sprint Communications Company Lp. System and method for secure USIM wireless network access
US10311246B1 (en) 2015-11-20 2019-06-04 Sprint Communications Company L.P. System and method for secure USIM wireless network access
US10846117B1 (en) 2015-12-10 2020-11-24 Fireeye, Inc. Technique for establishing secure communication between host and guest processes of a virtualization architecture
US10447728B1 (en) 2015-12-10 2019-10-15 Fireeye, Inc. Technique for protecting guest processes using a layered virtualization architecture
US10108446B1 (en) 2015-12-11 2018-10-23 Fireeye, Inc. Late load technique for deploying a virtualization layer underneath a running operating system
US11200080B1 (en) 2015-12-11 2021-12-14 Fireeye Security Holdings Us Llc Late load technique for deploying a virtualization layer underneath a running operating system
US20170277898A1 (en) * 2016-03-25 2017-09-28 Advanced Micro Devices, Inc. Key management for secure memory address spaces
US20180019880A1 (en) * 2016-03-29 2018-01-18 Huawei International Pte. Ltd. System and method for verifying integrity of an electronic device
EP3262560B1 (en) * 2016-03-29 2020-04-22 Huawei International Pte. Ltd. System and method for verifying integrity of an electronic device
WO2017171634A1 (en) * 2016-03-29 2017-10-05 Huawei International Pte. Ltd. System and method for verifying integrity of an electronic device
KR102157560B1 (en) * 2016-03-29 2020-09-18 후아웨이 인터내셔널 피티이. 엘티디. System and method for verifying the integrity of electronic devices
KR20180013854A (en) * 2016-03-29 2018-02-07 후아웨이 인터내셔널 피티이. 엘티디. System and method for verifying the integrity of electronic devices
US10659237B2 (en) * 2016-03-29 2020-05-19 Huawei International Pte. Ltd. System and method for verifying integrity of an electronic device
US10673878B2 (en) 2016-05-19 2020-06-02 International Business Machines Corporation Computer security apparatus
EP3255544A1 (en) 2016-06-08 2017-12-13 Virtual Open Systems Interrupt controller
EP3264711A1 (en) 2016-06-28 2018-01-03 Virtual Open Systems Virtual switch for multi-compartment mixed critical network communications
EP3488375B1 (en) * 2016-07-22 2021-11-10 Giesecke+Devrient Mobile Security GmbH Chipset with protected firmware
WO2018039027A1 (en) * 2016-08-26 2018-03-01 Qualcomm Incorporated Trusted platform module support on reduced instruction set computing architectures
US20180060077A1 (en) * 2016-08-26 2018-03-01 Qualcomm Incorporated Trusted platform module support on reduced instruction set computing architectures
US10191861B1 (en) 2016-09-06 2019-01-29 Fireeye, Inc. Technique for implementing memory views using a layered virtualization architecture
CN106603487A (en) * 2016-11-04 2017-04-26 中软信息系统工程有限公司 Method for safe improvement of TLS protocol processing based on CPU space-time isolation mechanism
US10402273B2 (en) 2016-12-14 2019-09-03 Microsoft Technology Licensing, Llc IoT device update failure recovery
US20200012492A1 (en) * 2016-12-14 2020-01-09 Microsoft Technology Licensing, Llc Secure iot device update
US10715526B2 (en) 2016-12-14 2020-07-14 Microsoft Technology Licensing, Llc Multiple cores with hierarchy of trust
US10936303B2 (en) * 2016-12-14 2021-03-02 Microsoft Technology Licensing, Llc Secure IoT device update
US10416991B2 (en) 2016-12-14 2019-09-17 Microsoft Technology Licensing, Llc Secure IoT device update
US10740496B2 (en) 2017-02-13 2020-08-11 Samsung Electronics Co., Ltd. Method and apparatus for operating multi-processor system in electronic device
RU2641226C1 (en) * 2017-02-13 2018-01-16 Самсунг Электроникс Ко., Лтд. Method of secureos functioning on multiprocessor systems in mobile devices
CN108959916A (en) * 2017-05-22 2018-12-07 华为技术有限公司 Methods, devices and systems for the access safety world
US10499249B1 (en) 2017-07-11 2019-12-03 Sprint Communications Company L.P. Data link layer trust signaling in communication network
US20200296090A1 (en) * 2017-09-25 2020-09-17 Telefonaktiebolaget Lm Ericsson (Publ) Provisioning of vendor credentials
US11770373B2 (en) * 2017-09-25 2023-09-26 Telefonaktiebolaget Lm Ericsson (Publ) Provisioning of vendor credentials
US11269992B2 (en) * 2018-03-22 2022-03-08 Trulyprotect Oy Systems and methods for hypervisor-based protection of code
US11675526B2 (en) 2018-04-20 2023-06-13 Nordic Semiconductor Asa Memory-access control
WO2020005857A1 (en) * 2018-06-24 2020-01-02 Hex Five Security, Inc. Configuring, enforcing, and monitoring separation of trusted execution environments
US11151262B2 (en) 2018-06-24 2021-10-19 Hex Five Security, Inc. Configuring, enforcing, and monitoring separation of trusted execution environments
US11698995B2 (en) 2018-06-28 2023-07-11 Nordic Semiconductor Asa Peripheral access on a secure-aware bus system
US11537762B2 (en) 2018-06-28 2022-12-27 Nordic Semiconductor Asa Secure peripheral interconnect
US11366940B2 (en) 2018-06-28 2022-06-21 Nordic Semiconductor Asa Secure-aware bus system
US10853498B2 (en) * 2018-09-19 2020-12-01 Dell Products L.P. Secure boot orchestration device in a virtual desktop infrastructure
US20200089888A1 (en) * 2018-09-19 2020-03-19 Dell Products L.P. Secure boot orchestration device in a virtual desktop infrastructure
WO2021001790A1 (en) * 2019-07-03 2021-01-07 Beyond Semiconductor, d.o.o. Systems and methods for data-driven secure and safe computing
US11645425B2 (en) 2019-07-03 2023-05-09 Beyond Semiconductor, d.o.o. Systems and methods for data-driven secure and safe computing
WO2021030903A1 (en) * 2019-08-16 2021-02-25 Zao John Kar Kin System and method for performing trusted computing with remote attestation and information isolation on heterogeneous processors over open interconnect
US11611549B2 (en) * 2019-10-03 2023-03-21 Fset Inc System and method of securing access to a secure remote server and database on a mobile device
CN113468535A (en) * 2020-03-31 2021-10-01 华为技术有限公司 Credibility measuring method and related device
US20210141658A1 (en) * 2020-11-11 2021-05-13 Ravi Sahita Method and apparatus for trusted devices using trust domain extensions
CN113343234A (en) * 2021-06-10 2021-09-03 支付宝(杭州)信息技术有限公司 Method and device for carrying out credible check on code security
WO2022268150A1 (en) * 2021-06-23 2022-12-29 华为技术有限公司 Method for communication between virtual machine and secure partition, and related device
CN113553231A (en) * 2021-07-01 2021-10-26 江苏电力信息技术有限公司 Embedded operating system operating environment monitoring method based on security chip
CN113703924A (en) * 2021-09-22 2021-11-26 上海交通大学 Safe virtual machine system design method and system based on trusted execution environment

Also Published As

Publication number Publication date
KR102102090B1 (en) 2020-04-20
WO2013019369A1 (en) 2013-02-07
JP6053786B2 (en) 2016-12-27
EP2737429A1 (en) 2014-06-04
KR101974188B1 (en) 2019-04-30
KR20140054003A (en) 2014-05-08
US20130159729A1 (en) 2013-06-20
US8375221B1 (en) 2013-02-12
CN103748594B (en) 2016-06-22
JP2014525105A (en) 2014-09-25
US9189653B2 (en) 2015-11-17
EP2737429A4 (en) 2014-11-05
US20160048678A1 (en) 2016-02-18
KR20190047115A (en) 2019-05-07
CN103748594A (en) 2014-04-23
US9489512B2 (en) 2016-11-08

Similar Documents

Publication Publication Date Title
US9489512B2 (en) Trustzone-based integrity measurements and verification using a software-based trusted platform module
CN109918919B (en) Management of authentication variables
US10275598B2 (en) Providing a secure execution mode in a pre-boot environment
US8776245B2 (en) Executing trusted applications with reduced trusted computing base
US8060934B2 (en) Dynamic trust management
EP2973179B1 (en) Dynamically loaded measured environment for secure code launch
US20130326216A1 (en) Methods and arrangements to launch trusted, coexisting environments
US20090132816A1 (en) PC on USB drive or cell phone
WO2017112248A1 (en) Trusted launch of secure enclaves in virtualized environments
Zhao et al. Sok: Hardware security support for trustworthy execution
Cetola A Method for Comparative Analysis of Trusted Execution Environments
US10769269B2 (en) Method and apparatus to gather platform configuration profile in a trustworthy manner
Vasudevan Practical Security Properties on Commodity Computing Platforms: The Uber EXtensible Micro-Hypervisor Framework
Shepherd Techniques for Establishing Trust in Modern Constrained Sensing Platforms with Trusted Execution Environments
Stajnrod Attacking ARM TrustZone using Hardware vulnerability
Wan Hardware-Assisted Security Mechanisms on Arm-Based Multi-Core Processors
Parno et al. How Do We Make Sense of Platform State?
Ruan et al. Intel’s Embedded Solutions: from Management to Security
Baek et al. Recent trends in research and technology of Secure Execution Environment
Informationssäkerhet et al. New Security Challenges

Legal Events

Date Code Title Description
AS Assignment

Owner name: MICROSOFT CORPORATION, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:THOM, STEFAN;COX, JEREMIAH;LINSLEY, DAVID;AND OTHERS;SIGNING DATES FROM 20110727 TO 20110728;REEL/FRAME:026691/0104

STCF Information on status: patent grant

Free format text: PATENTED CASE

AS Assignment

Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034544/0001

Effective date: 20141014

FPAY Fee payment

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8