FIRMWARE-BASED TRUSTED PLATFORM MODULE FOR ARM PROCESSOR ARCHITECTURES AND TRUSTZONE SECURITY EXTENSIONS

US 20130031374A1
Filed: 07/29/2011
Published: 01/31/2013
Est. Priority Date: 07/29/2011
Status: Active Grant

First Claim

Patent Images

1. A method for enabling a trusted execution environment (TrEE) in computing devices without a hardware trusted platform module (TPM) component, comprising steps for:

retrieving an “

fTPM”

module from a firmware component of a computing device, said fTPM providing a software-based interface to security extension functionality integral to one or more processors in the computing device;

retrieving a software-based “

Monitor”

module from the firmware component of the computing device;

instantiating the fTPM and the Monitor into a “

Secure World”

environment within protected memory of the computing device prior to booting an OS on the computing device; and

enabling a TrEE on the computing device by allowing a “

Caller”

in a “

Normal World”

environment to access the security functionality of the one or more processors via a “

Secure Monitor Call”

to the “

Monitor”

, said Monitor then passing instructions relating to the “

Secure Monitor Call”

to the fTPM in the “

Secure World.”

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A “Firmware-Based TPM” or “fTPM” ensures that secure code execution is isolated to prevent a wide variety of potential security breaches. Unlike a conventional hardware based Trusted Platform Module (TPM), isolation is achieved without the use of dedicated security processor hardware or silicon. In general, the fTPM is first instantiated in a pre-OS boot environment by reading the fTPM from system firmware or firmware accessible memory or storage and placed into read-only protected memory of the device. Once instantiated, the fTPM enables execution isolation for ensuring secure code execution. More specifically, the fTPM is placed into protected read-only memory to enable the device to use hardware such as the ARM® architecture'"'"'s TrustZone™ extensions and security primitives (or similar processor architectures), and thus the devices based on such architectures, to provide secure execution isolation within a “firmware-based TPM” without requiring hardware modifications to existing devices.

Citations

20 Claims

1. A method for enabling a trusted execution environment (TrEE) in computing devices without a hardware trusted platform module (TPM) component, comprising steps for:
- retrieving an “
  
  fTPM”
  
  module from a firmware component of a computing device, said fTPM providing a software-based interface to security extension functionality integral to one or more processors in the computing device;
  
  retrieving a software-based “
  
  Monitor”
  
  module from the firmware component of the computing device;
  
  instantiating the fTPM and the Monitor into a “
  
  Secure World”
  
  environment within protected memory of the computing device prior to booting an OS on the computing device; and
  
  enabling a TrEE on the computing device by allowing a “
  
  Caller”
  
  in a “
  
  Normal World”
  
  environment to access the security functionality of the one or more processors via a “
  
  Secure Monitor Call”
  
  to the “
  
  Monitor”
  
  , said Monitor then passing instructions relating to the “
  
  Secure Monitor Call”
  
  to the fTPM in the “
  
  Secure World.”
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 wherein the fTPM is accessible by one or more virtual machines running on the computing device.
  - 3. The method of claim 1 fTPM code integrity is validated prior to instantiating the fTPM into the “
    - Secure World”
      
      environment within the protected memory of the computing device.
  - 4. The method of claim 1 wherein one or more processors in the computing device are ARM®
    - processors, and wherein the security extension functionality integral to the ARM®
      
      processors includes TrustZone™
      
      extensions and security primitives.
  - 5. The method of claim 1 wherein, prior to OS boot, the “
    - Caller”
      
      module includes a pre-boot application module for exposing the TrEE to one or more pre-boot applications thereby allowing those applications to perform tasks using the TrEE.
  - 6. The method of claim 1 wherein, subsequent to OS boot, the “
    - Caller”
      
      module includes a TPM driver module for exposing the TrEE to one or more applications running on the OS thereby allowing those applications to perform tasks using the TrEE.
  - 7. The method of claim 1 wherein the firmware component of the computing device receives the fTPM module by updating the firmware with software that includes the fTPM module.
  - 8. The method of claim 1 wherein communications between the Caller and the Monitor are synchronous.
  - 9. The method of claim 1 wherein communications between the Caller and the Monitor are asynchronous.

10. A system for implementing a trusted computing environment on a computing device without a hardware trusted platform module (TPM) component, comprising:
- a non-volatile memory component of a computing device having an “
  
  fTPM”
  
  module stored therein, said fTPM module providing a software-based interface to security extension functionality integral to one or more processors in the computing device;
  
  wherein the non-volatile memory component further includes a software-based “
  
  Monitor”
  
  module;
  
  a device for reading the fTPM and the Monitor from the non-volatile memory component and instantiating the fTPM and the Monitor into a “
  
  Secure World”
  
  environment within protected memory of the computing device; and
  
  enabling a trusted computing environment on the computing device by allowing a “
  
  Caller”
  
  in a “
  
  Normal World”
  
  environment to access the security functionality of the one or more processors via a “
  
  Secure Monitor Call”
  
  to the “
  
  Monitor”
  
  , said Monitor then passing instructions relating to the “
  
  Secure Monitor Call”
  
  to the fTPM in the “
  
  Secure World.”
- View Dependent Claims (11, 12, 13, 14)
- - 11. The system of claim 10 wherein one or more processors in the computing device are ARM®
    - processors, and wherein the security extension functionality integral to the ARM®
      
      processors includes TrustZone™
      
      extensions and security primitives.
  - 12. The system of claim 10 wherein, prior to OS boot, the “
    - Caller”
      
      module includes a pre-boot application module for exposing the trusted computing environment to one or more pre-boot applications thereby allowing those applications to perform tasks using the trusted computing environment.
  - 13. The system of claim 10 wherein, subsequent to OS boot, the “
    - Caller”
      
      module includes a TPM driver module for exposing the trusted computing environment to one or more applications running on the OS thereby allowing those applications to perform tasks using the trusted computing environment.
  - 14. The system of claim 10 further comprising a device for enabling both synchronous and asynchronous communications between the Caller and the Monitor.

15. A computer-readable medium having computer executable instructions stored therein for implementing a trusted computing environment with a computing device without a hardware trusted platform module (TPM) component, said instructions comprising:
- an “
  
  fTPM”
  
  module for providing a software-based interface to security extension functionality integral to one or more processors in a computing device, and a software-based “
  
  Monitor”
  
  module;
  
  loading the fTPM and the Monitor into a non-volatile memory component of the computing device;
  
  retrieving the fTPM and the Monitor from the non-volatile memory;
  
  instantiating the fTPM and the Monitor into a “
  
  Secure World”
  
  environment within protected memory of the computing device; and
  
  enabling a trusted computing environment on the computing device by allowing a “
  
  Caller”
  
  in a “
  
  Normal World”
  
  environment to access the security functionality of the one or more processors via a “
  
  Secure Monitor Call”
  
  to the “
  
  Monitor”
  
  , said Monitor then passing instructions relating to the “
  
  Secure Monitor Call”
  
  to the fTPM in the “
  
  Secure World.”
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The computer-readable medium of claim 15 wherein one or more processors in the computing device are ARM®
    - processors, and wherein the security extension functionality integral to the ARM®
      
      processors includes TrustZone™
      
      extensions and security primitives.
  - 17. The computer-readable medium of claim 15 wherein, prior to OS boot, the “
    - Caller”
      
      module includes a pre-boot application module for exposing the trusted computing environment to one or more pre-boot applications thereby allowing those applications to perform tasks using the trusted computing environment.
  - 18. The computer-readable medium of claim 15 wherein, subsequent to OS boot, the “
    - Caller”
      
      module includes a TPM driver module for exposing the trusted computing environment to one or more applications running on the OS thereby allowing those applications to perform tasks using the trusted computing environment.
  - 19. The computer-readable medium of claim 15 wherein one or more of the processors contain two or more cores, and wherein a separate fTPM is instantiated within the protected memory of the computing device for each of two or more of those cores.
  - 20. The computer-readable medium of claim 15 further comprising a device for enabling both synchronous and asynchronous communications between the Caller and the Monitor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Thom, Stefan, Linsley, David, Raj, Himanshu, Robinson, David, Saroiu, Stefan, Wolman, Alastair, Cox, Jeremiah, Nystrom, Magnus, Spiger, Rob

Granted Patent

US 8,375,221 B1
Time in Patent Office

Days
Field of Search
US Class Current

713/189
CPC Class Codes

G06F 21/46   by designing passwords or c...

G06F 21/552   involving long-term monitor...

G06F 21/57   Certifying or maintaining t...

G06F 21/572   Secure firmware programming...

G06F 21/575   Secure boot

G06F 21/71   to assure secure computing ...

G06F 21/74   operating in dual or compar...

G06F 2221/034   Test or assess a computer o...

FIRMWARE-BASED TRUSTED PLATFORM MODULE FOR ARM PROCESSOR ARCHITECTURES AND TRUSTZONE SECURITY EXTENSIONS

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

FIRMWARE-BASED TRUSTED PLATFORM MODULE FOR ARM PROCESSOR ARCHITECTURES AND TRUSTZONE SECURITY EXTENSIONS

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links