Cryptology ePrint Archive: Report 2014/464

Providing Root of Trust for ARM TrustZone using On-Chip SRAM

Shijun Zhao and Qianying Zhang and Guangyao Hu and Yu Qin and Dengguo Feng

Abstract: We present the design, implementation and evaluation of the root of trust for the Trusted Execution Environment (TEE) provided by ARM TrustZone based on SRAM Physical Unclonable Functions (PUFs). We first implement a building block which provides the foundations for the root of trust: secure key storage and truly random source. The building block doesn't require on or off-chip secure non-volatile memory to store secrets, but provides a high-level security: resistance to physical attackers capable of controlling all external interfaces of the system on chip (SoC). Based on the building block, we build the root of trust consisting of seal/unseal primitives for secure services running in the TEE, and a software-only TPM service running in the TEE which provides rich TPM functionalities for the rich OS running in the normal world of TrustZone. The root of trust resists software attackers capable of compromising the entire rich OS. Besides, both the building block and the root of trust run on the powerful ARM processor. In one word, we leverage the SRAM PUF, commonly available on mobile devices, to achieve a low-cost, secure, and efficient design of the root of trust.

Category / Keywords: implementation / TrustZone, Trusted Execution Environment, TPM Service, Root of Trust, SRAM PUFs

Original Publication (with minor differences): TrustED'14
DOI: 10.1145/2666141.2666145

Date: received 15 Jun 2014, last revised 3 Nov 2014

Contact author: zqyzsj at gmail com

Available format(s): PDF | BibTeX Citation

Version: 20141104:051144 (All versions of this report)

Short URL: ia.cr/2014/464

Discussion forum: Show discussion | Start new discussion